RReddit MCP BuddyBrowse Reddit directly in Claude Desktop without API keys. Search posts, view subreddits, analyze users, and explore comments seamlessly. Features smart caching, rate limiting, and works instantly with zero configuration.

mcp-so:reddit-mcp-buddy_karanb192

View source

100/100

First Seen

Feb 19, 2026

Last Scanned

Feb 20, 2026

Findings

Score

100/100

LOW 2

Findings (2)

LOW

Global package installation EXTDL_004

external-download L34

Detects global installation of packages which affects the host system

npm install -g r

FIX

Replace npm install -g with a local install (npm install --save-dev) or use npx with a pinned version. Global installs modify the system and risk supply chain attacks.

FP?

Likely FP if the global install is for a well-known CLI tool (e.g., typescript, eslint) in setup documentation, though the supply chain risk remains real.

LOW

npx MCP server without version pin MCPCFG_001

mcp-config L58

Detects MCP server configs using npx to run packages without version pinning

"command": "npx"

FIX

Pin the npx package in the MCP config to an exact version (e.g., @scope/server@1.2.3). Unpinned npx commands can silently fetch a compromised package version.

FP?

Likely FP if the MCP config is a local development setup example, though unpinned npx in production configs is a real supply chain risk.