Is Fetter MCP Server safe to use?

Fetter MCP Server has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.

How do I install Fetter MCP Server?

Fetter MCP Server can be installed by cloning its GitHub repository and following the setup instructions in the README.

What can Fetter MCP Server do?

Fetter MCP Server provides 3 tools: most_recent_not_vulnerable, is_vulnerable, lookup. See the full tools list on the server page for descriptions and parameters.

What AI clients work with Fetter MCP Server?

Fetter MCP Server is compatible with claude-desktop, cursor, claude-code. It uses http transport.

Is Fetter MCP Server actively maintained?

Fetter MCP Server is less actively maintained — last commit was 92 days ago. It has 1 GitHub stars.

Fetter MCP Server

Real-time Python package and vulnerability data for AI coding agents.

1 3 tools GitHub

No known CVEs

No license

Maintained

Last commit 92d ago

Works with most clients

Transport: http

3 tools · ~430 tok

Grade A · 0.2% of 200K ctx

Edit this pageView history

Security Developer Tools

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktophttp · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "fetter-mcp-server": {
      "command": "<see-readme>",
      "args": []
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/io-github-fetter-io-fetter-mcp)](https://mcppedia.org/s/io-github-fetter-io-fetter-mcp)

Read me

What Fetter MCP Server does

Fetter provides a remote Model Context Protocol (MCP) server at https://mcp.fetter.io/mcp that gives AI coding agents real-time access to Python package vulnerability data. Built on fetter, it queries PyPI and OSV to surface known CVEs, CVSS scores, and safe versions so your agent can make informed dependency decisions as it writes code.

Test This Server

No automated test available for this server. Check the GitHub README for setup instructions.

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

66/100across 5 weighted dimensions

How we score →

0255075100

−34

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

No known CVEs.

No package registry to scan.

Inventory

Tools (3)

Click any tool to inspect its schema.

~430 tokens total

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is Fetter MCP Server safe to use?: Fetter MCP Server has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.
How do I install Fetter MCP Server?: Fetter MCP Server can be installed by cloning its GitHub repository and following the setup instructions in the README.
What can Fetter MCP Server do?: Fetter MCP Server provides 3 tools: most_recent_not_vulnerable, is_vulnerable, lookup. See the full tools list on the server page for descriptions and parameters.
What AI clients work with Fetter MCP Server?: Fetter MCP Server is compatible with claude-desktop, cursor, claude-code. It uses http transport.
Is Fetter MCP Server actively maintained?: Fetter MCP Server is less actively maintained — last commit was 92 days ago. It has 1 GitHub stars.

Similar servers

Others in security / developer-tools

View all →

XcodeBuildMCP97

A Model Context Protocol (MCP) server and CLI that provides tools for agent use when working on iOS and macOS projects.

5.8k 2

XcodeBuildMCP97

XcodeBuildMCP provides tools for Xcode project management, simulator management, and app utilities.

5.8k 1

Mcp_agent_mail96

Asynchronous coordination layer for AI coding agents: identities, inboxes, searchable threads, and advisory file leases over FastMCP + Git + SQLite

2.0k 6

Figma Console Mcp96

MCP server for accessing Figma plugin console logs and screenshots via Cloudflare Workers or local mode

1.7k 2

MCP Security Weekly

Get CVE alerts and security updates for Fetter MCP Server and similar servers.

Community

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?

Edit this pageView history

Security Developer Tools

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktophttp · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "fetter-mcp-server": {
      "command": "<see-readme>",
      "args": []
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/io-github-fetter-io-fetter-mcp)](https://mcppedia.org/s/io-github-fetter-io-fetter-mcp)

Read me

What Fetter MCP Server does

Test This Server

No automated test available for this server. Check the GitHub README for setup instructions.

README

Fetter MCP

Fetter provides a remote Model Context Protocol (MCP) server at https://mcp.fetter.io/mcp that gives AI coding agents real-time access to Python package vulnerability data. Built on fetter, it queries PyPI and OSV to surface known CVEs, CVSS scores, and safe versions so your agent can make informed dependency decisions as it writes code.

Tools:

most_recent_not_vulnerable: find the latest release of a package that is free of known vulnerabilities
is_vulnerable: check whether a specific pinned version has known CVEs
lookup: find available versions and their vulnerabilities for any package or specifier

Installation

The Fetter MCP server uses the HTTP transport and requires no local installation. Just register the remote URL with your MCP client.

Claude Code

claude mcp add --transport http fetter https://mcp.fetter.io/mcp

Codex

codex mcp add fetter --url https://mcp.fetter.io/mcp

Other MCP Clients

For any other MCP-compatible client, provide the following remote server URL using the HTTP transport:

https://mcp.fetter.io/mcp

Agent Usage

Once installed, the Fetter MCP tools are available to your AI agent during coding sessions. The agent can call them automatically when adding or auditing dependencies; no explicit tool invocation is required in your prompts.

Example prompts

"Add the latest safe version of requests to requirements.txt"
"Are there any known vulnerabilities in my current dependencies?"
"What is the most recent version of pillow with no CVEs?"
"Before pinning cryptography, check whether 42.0.5 is vulnerable"

The agent selects the appropriate tool based on context:

Adding a new package: most_recent_not_vulnerable to find a safe version
Validating a specific pinned version: is_vulnerable for a definitive answer
Auditing an existing specifier: lookup to see affected versions

`most_recent_not_vulnerable`

Find the most recent version of a package that has no known vulnerabilities. Provide only a package name and the server will search recent releases for a safe version. Useful when pinning a dependency to the latest clean release.

Parameters

package_name — package name only (no version specifier), e.g. "requests"

Example Request

{
  "jsonrpc": "2.0",
  "method": "tools/call",
  "id": 2,
  "params": {
    "name": "most_recent_not_vulnerable",
    "arguments": {
      "name": "cryptography"
    }
  }
}

Example Response:

{
  "jsonrpc": "2.0",
  "id": 2,
  "result": {
    "content": [],
    "structuredContent": {
      "package": "cryptography",
      "version": "46.0.5",
      "vulnerabilities": [],
      "vulnerable": false
    },
    "isError": false
  }
}

`is_vulnerable`

Check if a specific package version has known vulnerabilities. Requires an exact version specifier. Returns vulnerability IDs, summaries, CVSS scores, severity ratings, and reference URLs.

Parameters

dep_spec — exact version specifier, e.g. "requests==2.31.0"

Example Request

{
  "jsonrpc": "2.0",
  "method": "tools/call",
  "id": 2,
  "params": {
    "name": "is_vulnerable",
    "arguments": {
      "name": "requests==2.19.1"
    }
  }
}

Example Response:

{
  "jsonrpc": "2.0",
  "id": 2,
  "result": {
    "content": [],
    "structuredContent": {
      "package": "requests",
      "version": "2.19.1",
      "vulnerabilities": [
        {
          "cvss_score": 5.3,
          "id": "GHSA-9hjg-9r4m-mvj7",
          "severity": "(Medium):",
          "summary": "Requests vulnerable to .netrc credentials leak via malicious URLs",
          "url": "https://osv.dev/vulnerability/GHSA-9hjg-9r4m-mvj7"
        },
        {
          "cvss_score": 5.6,
          "id": "GHSA-9wx4-h78v-vm56",
          "severity": "(Medium):",
          "summary": "Requests Session object does

... [View full README on GitHub](https://github.com/fetter-io/fetter-mcp#readme)

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

66/100across 5 weighted dimensions

How we score →

0255075100

−34

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

No known CVEs.

No package registry to scan.

Inventory

Tools (3)

Click any tool to inspect its schema.

~430 tokens total

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is Fetter MCP Server safe to use?: Fetter MCP Server has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.
How do I install Fetter MCP Server?: Fetter MCP Server can be installed by cloning its GitHub repository and following the setup instructions in the README.
What can Fetter MCP Server do?: Fetter MCP Server provides 3 tools: most_recent_not_vulnerable, is_vulnerable, lookup. See the full tools list on the server page for descriptions and parameters.
What AI clients work with Fetter MCP Server?: Fetter MCP Server is compatible with claude-desktop, cursor, claude-code. It uses http transport.
Is Fetter MCP Server actively maintained?: Fetter MCP Server is less actively maintained — last commit was 92 days ago. It has 1 GitHub stars.