Harmful

Name: Harmful
Author: considered

@considered/harmful · by considered

Most [MCP servers](https://github.com/modelcontextprotocol/servers) suggest using `npx -y` as the recommended way to install a server. This downloads and executes arbitrary scripts from the internet. This is grossly insecure and I think the MCP authors sh

0 tools npm

No known CVEs

No license

Maintenance unknown

No commit data

Works with most clients

Transport: stdio

0 tools

Grade F

Edit this pageView history

Security

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "harmful": {
      "command": "npx",
      "args": [
        "-y",
        "@considered/harmful"
      ]
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/harmful)](https://mcppedia.org/s/harmful)

Read me

What Harmful does

Test This Server

Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.

npx -y '@considered/harmful' 2>&1 | head -1 && echo "✓ Server started successfully"

After testing, let us know if it worked:

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

30/100across 5 weighted dimensions

How we score →

0255075100

−70

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

No known CVEs.

Checked @considered/harmful against OSV.dev.

Help improve this page

This server is missing a description. Tools and install config are also missing.If you've used it, help the community.

Add information

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is Harmful safe to use?: Harmful has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.
How do I install Harmful?: Install Harmful via npm: `npx @considered/harmful`. Then add it to your MCP client config file.
What AI clients work with Harmful?: Harmful is compatible with claude-desktop, cursor, claude-code. It uses stdio transport.

Similar servers

Others in security

View all →

Ida Pro Mcp92

AI-powered reverse engineering assistant that bridges IDA Pro with language models through MCP.

8.7k 3

Evil Mcp Server91

An evil MCP server used for redteam testing

30 1

Atomic Red Team Mcp90

MCP server for Atomic Red Team

123 5

Iam Policy Autopilot90

IAM Policy Autopilot is an open source static code analysis tool that helps you quickly create baseline AWS IAM policies that you can refine as your application evolves. This tool is available as a command-line utility and MCP server for use within AI coding assistants for quickly building IAM policies.

361 1

MCP Security Weekly

Get CVE alerts and security updates for Harmful and similar servers.

Community

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?

Frequently Asked Questions

Is Harmful safe to use?

Harmful has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.

How do I install Harmful?

Install Harmful via npm: `npx @considered/harmful`. Then add it to your MCP client config file.

What AI clients work with Harmful?

Harmful is compatible with claude-desktop, cursor, claude-code. It uses stdio transport.