Skip to content

Add mcp-safety-scanner CI#100

Closed
TheodorNEngoy wants to merge 1 commit intomodelcontextprotocol:mainfrom
TheodorNEngoy:codex/mcp-safety-scan
Closed

Add mcp-safety-scanner CI#100
TheodorNEngoy wants to merge 1 commit intomodelcontextprotocol:mainfrom
TheodorNEngoy:codex/mcp-safety-scan

Conversation

@TheodorNEngoy
Copy link

@TheodorNEngoy TheodorNEngoy commented Feb 6, 2026

Adds a lightweight MCP/tool-server safety scan in CI using TheodorNEngoy/mcp-safety-scanner@v0 (JS/TS/Python/Go heuristics).\n\n- Runs on PRs + pushes to main\n- Fails only on high+ severity\n- Emits GitHub annotations for findings

@TheodorNEngoy
Copy link
Author

TheodorNEngoy commented Feb 6, 2026

Note: GitHub Actions checks may not auto-run for fork PRs until a maintainer approves them. This workflow just runs TheodorNEngoy/mcp-safety-scanner@v0 with read-only access (no secrets). If you click "Approve and run" it should go green.

@jonathanhefner
Copy link
Member

jonathanhefner commented Feb 6, 2026

Thank you for the PR, but I am not comfortable accepting this into our CI workflow.

@TheodorNEngoy
Copy link
Author

TheodorNEngoy commented Feb 6, 2026

Totally understand. Could you share what specifically makes you uncomfortable (third-party Action in CI, false positives/noise, added maintenance, etc.)?\n\nIf it helps, I can change direction and either:\n- make this docs-only (no CI),\n- recommend pinning to a full semver tag or commit SHA, or\n- provide a tiny vendorable script so the repo doesn't depend on an external Action.\n\nNo worries either way, thanks for taking a look.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@TheodorNEngoy @jonathanhefner

Comments