Is io.github.Cope-Labs/selvo safe to use?

io.github.Cope-Labs/selvo has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.

How do I install io.github.Cope-Labs/selvo?

io.github.Cope-Labs/selvo can be installed by cloning its GitHub repository and following the setup instructions in the README.

What AI clients work with io.github.Cope-Labs/selvo?

io.github.Cope-Labs/selvo is compatible with Claude Desktop, Cursor, Claude Code, and most MCP clients that support stdio transport. It uses stdio transport.

io.github.Cope-Labs/selvo

Linux CVE prioritisation: 16 MCP tools for scan, fleet, runtime, and PR-able fix discovery.

UnknownNot tested

Other

GitHub

16FNo CVEsunknown

Quick Install

{
  "mcpServers": {
    "io-github-cope-labs-selvo": {
      "command": "<see-readme>",
      "args": []
    }
  }
}

Setup guide

No install config available. Check the server's README for setup instructions.

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/io-github-cope-labs-selvo)](https://mcppedia.org/s/io-github-cope-labs-selvo)

Should you use this server?

Linux CVE prioritisation: 16 MCP tools for scan, fleet, runtime, and PR-able fix discovery.

✓

Is it safe?

No package registry to scan.

No authentication — any process on your machine can connect.

License not specified.

Is it maintained?

Commit history unknown.

Will it work with my client?

Transport: stdio. Works with Claude Desktop, Cursor, Claude Code, and most MCP clients.

README

selvo

Know what's actually dangerous on your Linux servers.

selvo scans your installed packages, checks every CVE against 8 data sources, filters out what your distro already patched, and ranks the rest by blast radius and exploit probability. Not just a list --- a prioritized action plan.

Live at selvo.dev | Public Report | GitHub Action

Quick Start

Scan your server (60 seconds)

curl -s https://selvo.dev/install.sh | SELVO_API_KEY=sk_xxx bash

Collects your real installed packages, sends to the API for analysis, sets up daily monitoring via cron. Supports dpkg, rpm, pacman, apk.

Get a free API key at selvo.dev.

GitHub Actions

- uses: Cope-Labs/selvo-action@v1
  with:
    api-key: ${{ secrets.SELVO_API_KEY }}

Auto-detects runner packages. Posts results as a PR comment. Fails on CISA KEV or weaponized exploits.

curl

# Scan your actual packages
dpkg-query -W -f='${db:Status-Abbrev}  ${Package}  ${Version}\n' > packages.txt

curl -X POST https://selvo.dev/api/v1/scan/packages \
  -H "X-API-Key: $SELVO_API_KEY" \
  -H "Content-Type: application/json" \
  -d "{\"packages\": \"$(cat packages.txt)\", \"ecosystem\": \"debian\"}"

Container image scan

curl -X POST https://selvo.dev/api/v1/scan/image \
  -H "X-API-Key: $SELVO_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"image": "nginx:1.24"}'

Pipe existing scanner output

# Already running Grype or Trivy? Send the JSON for prioritized results:
curl -X POST https://selvo.dev/api/v1/scan \
  -H "X-API-Key: $SELVO_API_KEY" \
  -d "{\"grype\": \"$(cat grype-results.json)\"}"

What Makes It Different

Distro-aware CVE filtering. If Debian backported a fix into zlib 1.2.11, we don't flag it. We cross-reference the Debian Security Tracker to remove CVEs your distro already patched. Other scanners miss this and massively over-report.

Blast radius scoring. A CVE in a library that 200 packages depend on ranks higher than one in a leaf package. We build real dependency graphs from Debian Packages.gz, Alpine APKINDEX, and Arch repo DBs.

Exploit intelligence. CISA KEV status, public exploit availability, EPSS exploitation probability --- not just CVSS severity.

Your actual packages. We scan what's really installed on your system, not a generic reference list. The dashboard shows "Your system" vs "Reference scan" so you know exactly what you're looking at.

Scoring (0--100)

Signal	Weight	Source
Dependency blast radius	22%	Transitive reverse deps from package index
EPSS exploit probability	20%	FIRST.org
Chokepoint centrality	15%	Betweenness centrality via NetworkX
Version lag	14%	Repology upstream vs installed
CVSS severity	10%	NVD
Exploit maturity	8%	CISA KEV + PoC/weaponized detection
Ecosystem popularity	7%	Repology repo count
Download count	2%	popcon / Homebrew
Days exposed	2%	CVE disclosure date age

Packages with no securi

... View full README on GitHub

Test This Server

No automated test available for this server. Check the GitHub README for setup instructions.

Help improve this page

This server is missing a description. Tools and install config are also missing.If you've used it, help the community.

Add information

Score Breakdown

MCPpedia Score

Click each category to see evidence

16F

Last scored 6h ago

How we score →

Security

3/30

No known vulnerabilities.

○

Known CVEs — No package registry to scan

○

Tool safety — No tools to analyze

○

Tool poisoning — No tools to analyze

○

Injection vectors — No tools to analyze

✓

Tool stability — Tool definitions stable

○

Dependency health — No package to analyze

✗

License — No license specified

○

Authentication — No authentication required

○

Repository — active repo

CVEs checked daily via OSV.dev. Score algorithm is open source.

Reviews

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is io.github.Cope-Labs/selvo safe to use?: io.github.Cope-Labs/selvo has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.
How do I install io.github.Cope-Labs/selvo?: io.github.Cope-Labs/selvo can be installed by cloning its GitHub repository and following the setup instructions in the README.
What AI clients work with io.github.Cope-Labs/selvo?: io.github.Cope-Labs/selvo is compatible with Claude Desktop, Cursor, Claude Code, and most MCP clients that support stdio transport. It uses stdio transport.

Similar servers

View all →

Memory MCP Server

Official

No CVEs98A

Persistent memory using a knowledge graph

5 toolsstdio83.8k93.5k/wk1d ago

Hash-verified file editing MCP server with token efficiency hook. 11 tools for AI coding agents.

No CVEs95A

Hash-verified file editing MCP server with token efficiency hook. 11 tools for AI coding agents.

5 toolsremote398685.9k/wk11h ago

Context Mode

No CVEs95A

Privacy-first. MCP is the protocol for tool access. We're the virtualization layer for context.

6 toolsremote7.3k10.0k/wk22h ago

Browser Tools Mcp

No CVEs94A

Monitor browser logs directly from Cursor and other MCP compatible IDEs.

7 toolsremote7.2k2.9k/wk28d ago

MCP Security Weekly

Get CVE alerts and security updates for io.github.Cope-Labs/selvo and similar servers.

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?