43
grade D
12 days ago
Install from
M8ven verifies MCPs across every public registry — install directly from whichever one you prefer.
// key findings
✅
No credential exfiltration, no sensitive file access, no obfuscation
Static analysis found nothing flowing your secrets to unexpected places.
✅
Open source with a license and README
Anyone can audit the code, the license is declared, and the publisher documents what it does.
🔐
You'll be asked for 3 credentials: NEXT_PUBLIC_GOOGLE_MAPS_API_KEY, NEXT_PUBLIC_SUPABASE_ANON_KEY, PRIVATE_SUPABASE_SERVICE_KEY
These are read from process.env at runtime. Make sure you trust where they’ll be sent.
// required environment variables
This server reads these from
process.env. You'll be asked to provide them before it can run.config
NEXT_PUBLIC_COMMON_FEATURES🔐 secret
NEXT_PUBLIC_GOOGLE_MAPS_API_KEYconfig
NEXT_PUBLIC_GOOGLE_TAGconfig
NEXT_PUBLIC_POPULAR_TIERconfig
NEXT_PUBLIC_PRODUCTNAMEconfig
NEXT_PUBLIC_SSO_PROVIDERS🔐 secret
NEXT_PUBLIC_SUPABASE_ANON_KEYconfig
NEXT_PUBLIC_SUPABASE_URLconfig
NEXT_PUBLIC_THEME— Change the theme by updating the environment variable.config
NEXT_PUBLIC_TIERS_DESCRIPTIONSconfig
NEXT_PUBLIC_TIERS_FEATURESconfig
NEXT_PUBLIC_TIERS_NAMESconfig
NEXT_PUBLIC_TIERS_PRICES🔐 secret
PRIVATE_SUPABASE_SERVICE_KEY— SERVICEROLEKEY// full audit trail
The full breakdown of what we checked, the deductions that landed, the network hosts, the dependency advisories, and concrete fix guidance is available to verified publishers.
// improvement guidance — verified publishers only
We have 1 concrete improvement we can share with the publisher of this MCP. Each comes with specific guidance to raise the trust score.
// embed badge in your README
[](https://m8ven.ai/mcp/dansever-estait-app-924sie)commit: 8fa515af89d8be67aeccc672c520f8f2f8364b0e
code hash: cf21fea93cb3a1bc36a20ae6c305e1403691f9f0e0ae016a006bb7828cf36066
verified: 4/11/2026, 1:34:26 PM