62
grade C
3 days ago
mcp_so
jellyfish-mcp: A Jellyfish MCP Server
Jellyfish MCP server
Install from
M8ven verifies MCPs across every public registry — install directly from whichever one you prefer.
// key findings
🚨
Secret credentials may flow to a network call
1 flow detected: HUGGINGFACE_API_TOKEN. We can’t prove the destination matches the brand the credential belongs to.
⚠️
Known vulnerabilities in dependencies: 3 high
Affects packages this MCP installs at runtime. Upgrade or remove the affected dependency.
🔐
You'll be asked for 2 credentials: HUGGINGFACE_API_TOKEN, JELLYFISH_API_TOKEN
These are read from process.env at runtime. Make sure you trust where they’ll be sent.
// required environment variables
This server reads these from
process.env. You'll be asked to provide them before it can run.🔐 secret
HUGGINGFACE_API_TOKEN— Your Hugging Face API token. If not provided, PromptGuard is disabled and data is always returned. No -🔐 secret
JELLYFISH_API_TOKEN— Your Jellyfish API token. Yes -config
MODEL_AVAILABILITY— claude mcp add --transport stdio jellyfish-mcp -- docker run -i --rm --pull always -e JELLYFISH_API_TOKEN -e HUGGINGFACE_API_TOKEN -e -e MODEL_TIMEOUT jellyfishco/jellyfish-mcp:latestconfig
MODEL_TIMEOUT— How long to wait for the PromptGuard model to respond, in seconds. No 10// full audit trail
The full breakdown of what we checked, the deductions that landed, the network hosts, the dependency advisories, and concrete fix guidance is available to verified publishers.
// improvement guidance — verified publishers only
We have 3 concrete improvements we can share with the publisher of this MCP. Each comes with specific guidance to raise the trust score.
// embed badge in your README
[](https://m8ven.ai/mcp/jellyfish-ai-jellyfish-mcp-13p80a)commit: 17dbf57ad7fe9fcad19a0fefefeddb3fa767f8ca
code hash: 2e2b6c25de0b6924756cb4cbc5c8f2153f3976705010e8894c33b172c249b220
verified: 4/18/2026, 7:13:53 PM