Is mamertofabian/mcp-everything-search safe?

https://github.com/mamertofabian/mcp-everything-search

90
SAFE

This is a well-implemented, legitimate MCP server providing cross-platform file search capabilities using native system tools. The code quality is high with proper error handling and platform abstraction, though it carries inherent privacy considerations due to its file search functionality.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 80/100 · 25%
Code Execution 90/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 85/100 · 5%

Findings (3)

MEDIUM File search functionality could access sensitive files -20

The MCP server provides cross-platform file search capabilities that could potentially be used to locate sensitive files like .env, SSH keys, or credentials. While this is the intended functionality of a search tool, it poses inherent privacy risks if misused.

LOW External DLL dependency for Windows functionality -10

Windows functionality requires the Everything SDK DLL (Everything64.dll) which must be obtained separately. While not inherently dangerous, external dependencies can introduce additional attack vectors.

LOW Inherent risks of search tool functionality -15

As a file search tool, this skill has inherent capability to access and index file system contents. While implemented legitimately, users should be aware that search functionality could be leveraged to discover sensitive information.