TTiger Data MCP ServerThe Tiger MCP server provides mcp tools for managing and querying Postgres database services on tiger cloud. Tiger cloud is the best PostgreSQL cloud provider for Developers, Devices, and Agents. It provides TimescaleDB, which optimizes Postgres for insert-heavy workloads like time-series, events, transactions, and append-mostly datasets.

mcp-so:tiger_Tiger Data

View source

0/100

First Seen

Feb 19, 2026

Last Scanned

Feb 20, 2026

Findings

Score

0/100

CRITICAL 4

LOW 2

Findings (6)

CRITICAL

Curl or wget piped to shell EXTDL_013

external-download L33

Detects downloading scripts piped directly to a shell interpreter

curl -fsSL https://cli.tigerdata.com | sh

FIX

Download the script first, inspect it, verify its checksum, then run it. Do not pipe curl/wget output directly to sh/bash. Prefer package manager installs.

FP?

Likely FP if the download is from a well-known installer domain (e.g., brew.sh, rustup.rs), though this pattern is inherently risky even with trusted sources.

CRITICAL

Download-and-execute SUPPLY_003

external-download L33

Detects patterns of downloading and piping to shell execution

curl -fsSL https://cli.tigerdata.com | sh

FIX

Download the file first, verify its integrity (checksum, signature), inspect it, then run it. Prefer package managers over raw downloads. Never fetch-and-run in one step.

FP?

Likely FP if the target is a well-known installer (e.g., rustup, Homebrew) from its canonical HTTPS domain, though the pattern is inherently risky.

CRITICAL

Curl or wget piped to shell EXTDL_013

external-download L52

Detects downloading scripts piped directly to a shell interpreter

curl -fsSL https://cli.tigerdata.com | sh

FIX

Download the script first, inspect it, verify its checksum, then run it. Do not pipe curl/wget output directly to sh/bash. Prefer package manager installs.

FP?

Likely FP if the download is from a well-known installer domain (e.g., brew.sh, rustup.rs), though this pattern is inherently risky even with trusted sources.

CRITICAL

Download-and-execute SUPPLY_003

external-download L52

Detects patterns of downloading and piping to shell execution

curl -fsSL https://cli.tigerdata.com | sh

FIX

Download the file first, verify its integrity (checksum, signature), inspect it, then run it. Prefer package managers over raw downloads. Never fetch-and-run in one step.

FP?

Likely FP if the target is a well-known installer (e.g., rustup, Homebrew) from its canonical HTTPS domain, though the pattern is inherently risky.

LOW

Chained shell command execution CMDEXEC_012

command-execution L33

Detects chained commands using shell operators with dangerous operations

curl -fsSL https://cli.tigerdata.com | sh

FIX

Break chained commands into discrete, individually validated steps. Avoid piping untrusted output directly into a shell interpreter.

FP?

Likely FP if the matched text is a documentation example showing a common installer one-liner for a well-known tool with a canonical URL.

LOW

Chained shell command execution CMDEXEC_012

command-execution L52

Detects chained commands using shell operators with dangerous operations

curl -fsSL https://cli.tigerdata.com | sh

FIX

Break chained commands into discrete, individually validated steps. Avoid piping untrusted output directly into a shell interpreter.

FP?

Likely FP if the matched text is a documentation example showing a common installer one-liner for a well-known tool with a canonical URL.