Is io.github.srotzin/hive-mcp-sla-monitor safe to use?

io.github.srotzin/hive-mcp-sla-monitor has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.

How do I install io.github.srotzin/hive-mcp-sla-monitor?

io.github.srotzin/hive-mcp-sla-monitor supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.

What can io.github.srotzin/hive-mcp-sla-monitor do?

io.github.srotzin/hive-mcp-sla-monitor provides 4 tools: sla_register, sla_status, sla_breach_history, sla_unregister. See the full tools list on the server page for descriptions and parameters.

What AI clients work with io.github.srotzin/hive-mcp-sla-monitor?

io.github.srotzin/hive-mcp-sla-monitor is compatible with claude-desktop, cursor, claude-code. It uses stdio transport.

Is io.github.srotzin/hive-mcp-sla-monitor actively maintained?

io.github.srotzin/hive-mcp-sla-monitor is actively maintained — last commit was 17 days ago.

io.github.srotzin/hive-mcp-sla-monitor

npm

Service level agreement monitoring for the Hive agent fleet

12.5M/wk 4 tools GitHub npm

No known CVEs

No license

Actively maintained

Last commit 17d ago

Works with most clients

Transport:

4 tools · ~405 tok

Grade A · 0.2% of 200K ctx

Edit this pageView history

Other

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "io-github-srotzin-hive-mcp-sla-monitor": {
      "args": [
        "-y",
        "npm"
      ],
      "command": "npx"
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/io-github-srotzin-hive-mcp-sla-monitor)](https://mcppedia.org/s/io-github-srotzin-hive-mcp-sla-monitor)

Read me

What io.github.srotzin/hive-mcp-sla-monitor does

Service level agreement monitoring for the Hive agent fleet

Test This Server

Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.

npx -y 'npm' 2>&1 | head -1 && echo "✓ Server started successfully"

After testing, let us know if it worked:

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

86/100across 5 weighted dimensions

How we score →

0255075100

−14

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

8 fixed

CVE-2022-29244low · fixedCVSS 3.1

Packing does not respect root-level ignore files in workspaces

### Impact `npm pack` ignores root-level `.gitignore` & `.npmignore` file exclusion directives when run in a workspace or with a workspace flag (ie. `--workspaces`, `--workspace=<name>`). Anyone who has run `npm pack` or `npm publish` with workspaces, as of [v7.9.0](https://github.com/npm/cli/releases/tag/v7.9.0) & [v7.13.0](https://github.com/npm/cli/releases/tag/v7.13.0) respectively, may be affected and have published files into the npm registry they did not intend to include. ### Patch - Up

Affected: >= 7.9.0Fixed in 8.11.0source →

CVE-2018-7408low · fixedCVSS 3

Incorrect Permission Assignment for Critical Resource in NPM

An issue was discovered in an npm 5.7.0 2018-02-21 pre-release (marked as "next: 5.7.0" and therefore automatically installed by an "npm upgrade -g npm" command, and also announced in the vendor's blog without mention of pre-release status). It might allow local users to bypass intended filesystem access restrictions because ownerships of /etc and /usr directories are being changed unexpectedly, related to a "correctMkdir" issue.

Affected: >= 0Fixed in 5.7.1source →

CVE-2013-4116info · fixed

Local Privilege Escalation in npm

Affected versions of `npm` use predictable temporary file names during archive unpacking. If an attacker can create a symbolic link at the location of one of these temporary file names, the attacker can arbitrarily write to any file that the user which owns the `npm` process has permission to write to, potentially resulting in local privilege escalation. ## Recommendation Update to version 1.3.3 or later.

Affected: >= 0Fixed in 1.3.3source →

CVE-2020-15095low · fixedCVSS 3.1

npm CLI exposing sensitive information through logs

Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs like `<protocol>://[<user>[:<password>]@]<hostname>[:<port>][:][/]<path>`. The password value is not redacted and is printed to stdout and also to any generated log files.

Affected: >= 0Fixed in 6.14.6source →

CVE-2019-16777low · fixedCVSS 3.1

npm Vulnerable to Global node_modules Binary Overwrite

Versions of the npm CLI prior to 6.13.4 are vulnerable to a Global node_modules Binary Overwrite. It fails to prevent existing globally-installed binaries to be overwritten by other package installations. For example, if a package was installed globally and created a `serve` binary, any subsequent installs of packages that also create a `serve` binary would overwrite the first binary. This will not overwrite system binaries but only binaries put into the global node_modules directory. This b

Affected: >= 0Fixed in 6.13.4source →

Inventory

Tools (4)

Click any tool to inspect its schema.

~405 tokens total

Help improve this page

This server is missing a description.If you've used it, help the community.

Add information

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is io.github.srotzin/hive-mcp-sla-monitor safe to use?: io.github.srotzin/hive-mcp-sla-monitor has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.
How do I install io.github.srotzin/hive-mcp-sla-monitor?: io.github.srotzin/hive-mcp-sla-monitor supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.
What can io.github.srotzin/hive-mcp-sla-monitor do?: io.github.srotzin/hive-mcp-sla-monitor provides 4 tools: sla_register, sla_status, sla_breach_history, sla_unregister. See the full tools list on the server page for descriptions and parameters.
What AI clients work with io.github.srotzin/hive-mcp-sla-monitor?: io.github.srotzin/hive-mcp-sla-monitor is compatible with claude-desktop, cursor, claude-code. It uses stdio transport.
Is io.github.srotzin/hive-mcp-sla-monitor actively maintained?: io.github.srotzin/hive-mcp-sla-monitor is actively maintained — last commit was 17 days ago.

Similar servers

Others in other

View all →

io.github.wyre-technology/spanning-mcp90

MCP server for Spanning Cloud Backup — M365/GWS/Salesforce backups, restores, audit.

io.github.codeofaxel/kiln88

AI agent control of 3D printers — 432 tools for OctoPrint, Moonraker, Bambu, Prusa, Elegoo

18 11

io.github.wyre-technology/autotask-mcp88

MCP server for Kaseya Autotask PSA — companies, tickets, projects, time entries, and more.

36 6

io.github.AnchorRegistry/ar-mcp88

On-chain provenance lookup for AnchorRegistry. Resolve AR-IDs, hashes, and full trees. Authless.

MCP Security Weekly

Get CVE alerts and security updates for io.github.srotzin/hive-mcp-sla-monitor and similar servers.

Community

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?

Edit this pageView history

Other

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "io-github-srotzin-hive-mcp-sla-monitor": {
      "args": [
        "-y",
        "npm"
      ],
      "command": "npx"
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/io-github-srotzin-hive-mcp-sla-monitor)](https://mcppedia.org/s/io-github-srotzin-hive-mcp-sla-monitor)

Read me

What io.github.srotzin/hive-mcp-sla-monitor does

Service level agreement monitoring for the Hive agent fleet

Test This Server

Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.

npx -y 'npm' 2>&1 | head -1 && echo "✓ Server started successfully"

After testing, let us know if it worked:

README

hive-mcp-sla-monitor

SLA observation broker for the A2A network. Agents register a public health endpoint with target uptime and p95 latency; the shim probes it on a 60s schedule (read-only HTTP, 8s timeout) and records the result. When a rolling window misses the targets, a breach record is written. Reading breach records is paid. Inbound only. ENABLE=true by default.

Brand color: #C08D23 (Pantone 1245 C, Hive Civilization gold).

Observation only

Hive does not underwrite or settle SLA claims. This is observational data only. The shim does not hold custody, does not pay claims, and does not indemnify counterparties. The disclaimer rides every paid response and every breach record.

Surface

Layer	Endpoint	Description
MCP	`POST /mcp`	JSON-RPC 2.0, Streamable-HTTP, protocol `2024-11-05`.
Discovery	`GET /.well-known/mcp.json`	Tool list and transport metadata.
REST	`POST /v1/sla/register`	Register an endpoint. 402 if no proof.
REST	`GET /v1/sla/status/{id}`	Read observed uptime and p95. 402 if no proof.
REST	`GET /v1/sla/breaches?monitor_id=…`	Read recent breach records. 402 if no proof.
REST	`GET /v1/sla/today`	UTC-day ledger snapshot. Free.
Health	`GET /health`	Liveness, pricing, recipient address.
Root	`GET /`	HTML for browsers, JSON for agents (Accept-header sniff).

Tools

Name	Tier	Cost	Description
`sla_register`	1	$0.01/probe	Register a public endpoint for probing.
`sla_status`	1	$0.01	Read observed uptime and p95 over the rolling window.
`sla_breach_history`	2	$0.10	Read recent breach records. Disclaimer rides every record.
`sla_unregister`	0	free	Deactivate a monitor.

Probe semantics

The scheduler scans active monitors every 60 seconds and issues a GET with an 8-second timeout. 2xx and 3xx count as up; 5xx and timeouts count as down. Probe rows are stored at /tmp/sla.db along with the monitor record and any breach records.

The breach evaluator runs after each probe. It looks at the rolling window (default 60 minutes), computes observed uptime and observed p95 latency, and records a breach if either target is missed. Repeated breaches inside half the window are de-bounced so a single bad window does not fan out.

The service caps active monitors at 100 (SLA_MAX_MONITORS) to keep probe fan-out deterministic.

x402 envelope

Every paid endpoint returns a 402 envelope on first hit:

{
  "error": "payment_required",
  "x402_version": 1,
  "disclaimer": "Hive does not underwrite or settle SLA claims. This is observational data only.",
  "payment": {
    "nonce": "…",
    "amount_usd": 0.01,
    "accept_min_usd": 0.007,
    "accepts": [{
      "chain": "base",
      "asset": "USDC",
      "contract": "0x833589fcd6edb6e08f4c7c32d4f71b54bda02913",
      "decimals": 6,
      "recipient": "0x15184bf50b3d3f52b60434f8942b7d52f2eb436e",
      "scheme": "exact"
    }],
    "tier": 1,
    "product": "sla_register",
    "floor_pct": 0.7
  }
}

Submit the proof inline via X-Payment header on the retry, or POST it to mint an access token used in X-Hive-Access.

Pricing inherits the hivemorph barter floor pattern: the envelope advertises both amount_usd (asking) and accept_min_usd (floor). A client may submit a proof whose on-chain paid amount is anywhere in [floor, asking] and the shim accepts it.

Settlement

USDC on Base L2 (0x833589fcd6edb6e08f4c7c32d4f71b54bda02913) to the recipient address above. Verification reads Transfer logs on the receipt against the configured Base RPC. Real chain reads, no mocks. A single tx_hash may only be redeemed once.

Environment

Variable	Default	Notes
`PORT`	`3000`	HTTP port.

... View full README on GitHub

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

86/100across 5 weighted dimensions

How we score →

0255075100

−14

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

8 fixed

CVE-2022-29244low · fixedCVSS 3.1

Packing does not respect root-level ignore files in workspaces

Affected: >= 7.9.0Fixed in 8.11.0source →

CVE-2018-7408low · fixedCVSS 3

Incorrect Permission Assignment for Critical Resource in NPM

Affected: >= 0Fixed in 5.7.1source →

CVE-2013-4116info · fixed

Local Privilege Escalation in npm

Affected: >= 0Fixed in 1.3.3source →

CVE-2020-15095low · fixedCVSS 3.1

npm CLI exposing sensitive information through logs

Affected: >= 0Fixed in 6.14.6source →

CVE-2019-16777low · fixedCVSS 3.1

npm Vulnerable to Global node_modules Binary Overwrite

Affected: >= 0Fixed in 6.13.4source →

Inventory

Tools (4)

Click any tool to inspect its schema.

~405 tokens total

Help improve this page

This server is missing a description.If you've used it, help the community.

Add information

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is io.github.srotzin/hive-mcp-sla-monitor safe to use?: io.github.srotzin/hive-mcp-sla-monitor has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.
How do I install io.github.srotzin/hive-mcp-sla-monitor?: io.github.srotzin/hive-mcp-sla-monitor supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.
What can io.github.srotzin/hive-mcp-sla-monitor do?: io.github.srotzin/hive-mcp-sla-monitor provides 4 tools: sla_register, sla_status, sla_breach_history, sla_unregister. See the full tools list on the server page for descriptions and parameters.
What AI clients work with io.github.srotzin/hive-mcp-sla-monitor?: io.github.srotzin/hive-mcp-sla-monitor is compatible with claude-desktop, cursor, claude-code. It uses stdio transport.
Is io.github.srotzin/hive-mcp-sla-monitor actively maintained?: io.github.srotzin/hive-mcp-sla-monitor is actively maintained — last commit was 17 days ago.

Similar servers

Others in other

View all →

io.github.wyre-technology/spanning-mcp90

MCP server for Spanning Cloud Backup — M365/GWS/Salesforce backups, restores, audit.

io.github.codeofaxel/kiln88

AI agent control of 3D printers — 432 tools for OctoPrint, Moonraker, Bambu, Prusa, Elegoo

18 11

io.github.wyre-technology/autotask-mcp88

MCP server for Kaseya Autotask PSA — companies, tickets, projects, time entries, and more.

36 6

io.github.AnchorRegistry/ar-mcp88

On-chain provenance lookup for AnchorRegistry. Resolve AR-IDs, hashes, and full trees. Authless.

MCP Security Weekly

Get CVE alerts and security updates for io.github.srotzin/hive-mcp-sla-monitor and similar servers.

Community

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?