Back to MCP Trust Indexm8ven
29
grade F
14 days ago
pulsemcp

ArcAgent

Connects AI agents to the ArcAgent bounty marketplace for discovering, claiming, and completing coding tasks with escrowed rewards and zero-trust verification.

araujota/arcagent· listed on pulsemcp

Install from

PulseMCPGlama

M8ven verifies MCPs across every public registry — install directly from whichever one you prefer.

// key findings
🚨
Secret credentials may flow to a network call
2 flows detected: WORKER_SHARED_SECRET. We can’t prove the destination matches the brand the credential belongs to.
⚠️
Known vulnerabilities in dependencies: 1 high
Affects packages this MCP installs at runtime. Upgrade or remove the affected dependency.
🔐
You'll be asked for 22 credentials: ANTHROPIC_API_KEY, AWS_SECRET_ACCESS_KEY, BITBUCKET_APP_PASSWORD, BITBUCKET_FALLBACK_APP_PASSWORD, BITBUCKET_WEBHOOK_SECRET, CLERK_WEBHOOK_SECRET, GITHUB_API_TOKEN, GITHUB_APP_PRIVATE_KEY, GITHUB_WEBHOOK_SECRET, GITLAB_API_TOKEN, GITLAB_FALLBACK_API_TOKEN, GITLAB_WEBHOOK_SECRET, MCP_AUDIT_LOG_TOKEN, MCP_SHARED_SECRET, OPENAI_API_KEY, PROVIDER_TOKEN_ENCRYPTION_KEY, RESEND_API_KEY, STRIPE_SECRET_KEY, STRIPE_WEBHOOK_SECRET, VOYAGE_AI_API_KEY, WORKER_SHARED_SECRET, WORKER_TOKEN_SIGNING_SECRET
These are read from process.env at runtime. Make sure you trust where they’ll be sent.
// required environment variables
This server reads these from process.env. You'll be asked to provide them before it can run.
🔐 secretANTHROPIC_API_KEYConvex AI test generation pipeline
configAPP_BASE_URL
configAPP_URL
configATTEMPT_WORKER_AWS_REGION
configATTEMPT_WORKER_BASE_DOMAIN
configATTEMPT_WORKER_BOOT_LOG_LINES
configATTEMPT_WORKER_DNS_TTL
configATTEMPT_WORKER_EXECUTION_BACKEND
configATTEMPT_WORKER_HEALTH_POLL_MS
configATTEMPT_WORKER_HEALTH_TIMEOUT_MS
configATTEMPT_WORKER_INSTANCE_TYPE
configATTEMPT_WORKER_KEY_NAME
configATTEMPT_WORKER_LAUNCH_TEMPLATE_ID
configATTEMPT_WORKER_LAUNCH_TEMPLATE_NAME
configATTEMPT_WORKER_PUBLIC_PORT
configATTEMPT_WORKER_PUBLIC_PROTOCOL
configATTEMPT_WORKER_ROUTE53_ZONE_ID
configATTEMPT_WORKER_SECURITY_GROUP_IDS
configATTEMPT_WORKER_SUBNET_ID
configAWS_ACCESS_KEY_ID
configAWS_REGION
🔐 secretAWS_SECRET_ACCESS_KEY
🔐 secretBITBUCKET_APP_PASSWORD
🔐 secretBITBUCKET_FALLBACK_APP_PASSWORD
configBITBUCKET_FALLBACK_USERNAME
configBITBUCKET_USERNAME
🔐 secretBITBUCKET_WEBHOOK_SECRET
configCLERK_JWT_ISSUER_DOMAIN
🔐 secretCLERK_WEBHOOK_SECRET
configCONVEX_HTTP_ACTIONS_URL
configCONVEX_URL
configENABLE_REPO_CONTEXT_FILES
configENHANCED_REQUIREMENTS_MODEL
🔐 secretGITHUB_API_TOKENConvex + Worker Repo indexing and cloning
configGITHUB_APP_ID+ GITHUB_APP_PRIVATE_KEY Convex + Worker GitHub App installation-token auth for per-repo clone/PR flows
🔐 secretGITHUB_APP_PRIVATE_KEYGITHUB_APP_ID + Convex + Worker GitHub App installation-token auth for per-repo clone/PR flows
🔐 secretGITHUB_WEBHOOK_SECRET
🔐 secretGITLAB_API_TOKEN
🔐 secretGITLAB_FALLBACK_API_TOKEN
🔐 secretGITLAB_WEBHOOK_SECRET
configLLM_MODEL
configLLM_PROVIDER
🔐 secretMCP_AUDIT_LOG_TOKENConvex + Hosted MCP Auth token for MCP log ingestion into Convex (/api/mcp/logs/ingest)
🔐 secretMCP_SHARED_SECRET
🔐 secretOPENAI_API_KEY
🔐 secretPROVIDER_TOKEN_ENCRYPTION_KEY
🔐 secretRESEND_API_KEY
🔐 secretSTRIPE_SECRET_KEYConvex Escrow charges and Connect payouts
🔐 secretSTRIPE_WEBHOOK_SECRET
configTEST_BOUNTY_COMMIT_SHA
configTEST_BOUNTY_CREATOR_CLERK_ID
configTEST_BOUNTY_CREATOR_EMAIL
configTEST_BOUNTY_CREATOR_NAME
configTEST_BOUNTY_DEFAULT_BRANCH
configTEST_BOUNTY_REPOSITORY_URL
🔐 secretVOYAGE_AI_API_KEY
configWAITLIST_FROM_EMAIL
configWAITLIST_NOTIFY_EMAIL
configWEBHOOK_REPLAY_TTL_SECONDS
configWORKER_API_URL
🔐 secretWORKER_SHARED_SECRETMCP Tooling — 26 core tools are always available; 17 workspace tools are enabled when is configured; register_account is available for self-serve onboarding.
🔐 secretWORKER_TOKEN_SIGNING_SECRET
configWORKSPACE_ISOLATION_MODE
// full audit trail
The full breakdown of what we checked, the deductions that landed, the network hosts, the dependency advisories, and concrete fix guidance is available to verified publishers.
// improvement guidance — verified publishers only
We have 3 concrete improvements we can share with the publisher of this MCP. Each comes with specific guidance to raise the trust score.
// embed badge in your README
[![M8ven Score](https://m8ven.ai/badge/mcp/araujota-arcagent-159ydw)](https://m8ven.ai/mcp/araujota-arcagent-159ydw)
commit: 0c75f27512a7257901fe09eed8c78ae23133ec5b
code hash: 42d256922ccc8c47576546ffbfbb71c07536936b5945cc9d15a19b3ae5fbc410
verified: 4/11/2026, 2:06:52 PM
view raw JSON →