74
/ 100
1 month ago
pulsemcp

Cenogram

Search and analyze 7M+ verified real estate transactions from Poland's official RCN registry.

Is this your MCP?

Claim it to get a verified publisher badge, a free copy of our full audit findings, and direct contact for any high-priority issues we find.

Install from

M8ven verifies MCPs across every public registry — install directly from whichever one you prefer.

// key findings
⚠️
Known vulnerabilities in dependencies: 2 high
Affects packages this MCP installs at runtime. Upgrade or remove the affected dependency.
9 tools verified — handlers match their declared behaviour
9 read-only tools verified — handlers contain no write/delete/exec
No credential exfiltration, no sensitive file access, no obfuscation
Static analysis found nothing flowing your secrets to unexpected places.
Open source with a license and README
Anyone can audit the code, the license is declared, and the publisher documents what it does.
🔐
You'll be asked for 3 credentials: CENOGRAM_API_KEY, INTERNAL_AUTH_SECRET, OAUTH_JWT_PUBLIC_KEY
These are read from process.env at runtime. Make sure you trust where they’ll be sent.
// known CVEs in dependencies2 high3 low

Disclosed vulnerabilities in this server's declared npm dependencies (via OSV). Whether each is reachable depends on the installed versions.

highundici@5.29.0GHSA-v9p9-hfj2-hcw8

Undici has Unhandled Exception in WebSocket Client Due to Invalid server_max_window_bits Validation

highundici@5.29.0GHSA-vrm6-8vpv-qv8q

Undici has Unbounded Memory Consumption in WebSocket permessage-deflate Decompression

lowundici@5.29.0GHSA-2mjp-6q6p-2qxm

Undici has an HTTP Request/Response Smuggling issue

lowundici@5.29.0GHSA-4992-7rv2-5pvq

Undici has CRLF Injection in undici via `upgrade` option

lowundici@5.29.0GHSA-g9mf-h72j-4rw9

Undici has an unbounded decompression chain in HTTP responses on Node.js Fetch API via Content-Encoding leads to resource exhaustion

Depend on this server? Get alerted when its CVEs change.Watch this server free →
// required environment variables
This server reads these from process.env. You'll be asked to provide them before it can run.
🔐 secretCENOGRAM_API_KEY"": "YOUR_API_KEY"
configCENOGRAM_API_URLNo https://cenogram.pl API base URL
configCENOGRAM_CLIENT_IDNo auto-generated Persistent client identifier
🔐 secretINTERNAL_AUTH_SECRET
configMCP_PORTNo 3002 HTTP server port (HTTP mode only)
configMCP_TRANSPORTNo stdio Set to http for Streamable HTTP mode
configOAUTH_JWT_KID
🔐 secretOAUTH_JWT_PUBLIC_KEY
// full audit trail
The full breakdown of what we checked, the deductions that landed, the network hosts, the dependency advisories, and concrete fix guidance is available to verified publishers.
// improvement guidance — verified publishers only
We have 3 concrete improvements we can share with the publisher of this MCP. Each comes with specific guidance to raise the trust score.
// embed badge in your README
[![M8ven Score](https://m8ven.ai/badge/mcp/cenogram-mcp-server-ne2j2c)](https://m8ven.ai/mcp/cenogram-mcp-server-ne2j2c)
commit: e5128fe6057a59111dc0cec9ed99bf822a9998f4
code hash: 070f18b5805918e8e55493fc9aed89c9b5387ee65fa4f84e2e4e803504937912
verified: 6/9/2026, 11:25:50 AM
view raw JSON →