gitnexus

Independent MCP server safety profile · methodology

Avoid · safety score 71/100 · runs install script
61,108npm downloads/wk
4dsince last publish
v1.6.9latest version
provenance

Safety signals

Install script (code on npm i)YES — runs arbitrary code
Repository (source to review)https://github.com/abhigyanpatwari/GitNexus
LicensePolyForm-Noncommercial-1.0.0
Direct dependencies37
Last audited2026-07-09

Flags

highПакет запускает install/postinstall-скрипт — произвольный код при `npm i`. Частый вектор атаки. Проверь исходник.
Verify gitnexus live right now — free: GET /mcp/verify?package=gitnexus. See the whole ecosystem in the State of MCP Security report, or browse all audited servers.

НЕ ставить без ревью исходника: опасные признаки. Data from PulseFeed's independent MCP audit (last crawl 2026-07-09). An install script is not automatically malicious — native builds use them — but each is an unreviewed code-execution vector worth checking. All audited MCP servers →