operant-mcp

A comprehensive security testing MCP server providing 51 tools for penetration testing, network forensics, memory analysis, and vulnerability assessment. It enables automated security audits and technical investigations across web applications, cloud environments, and network captures.

→ operantlabs/operant-mcp · listed on glama

Install from

Glama

M8ven verifies MCPs across every public registry — install directly from whichever one you prefer.

// key findings

🚨

Code appears obfuscated

1 file are unreadable to a human reviewer. Cannot audit what they do.

⚠️

Tool descriptions don’t match what handlers do

3 tools describe read intent but their handlers mutate — file_upload_test (line 105: fs.writeFileSync(tmpPath, content, "utf-8")); pcap_http_objects (line 163: fs.mkdirSync(output_dir, { recursive: true })); param_discover (line 253: unlink(outputFile))

⚠️

Known vulnerabilities in dependencies: 3 high

Affects packages this MCP installs at runtime. Upgrade or remove the affected dependency.

// required environment variables

This server reads these from process.env. You'll be asked to provide them before it can run.

configMCP_HTTP

configPORT

// full audit trail

The full breakdown of what we checked, the deductions that landed, the network hosts, the dependency advisories, and concrete fix guidance is available to verified publishers.

// improvement guidance — verified publishers only

We have 10 concrete improvements we can share with the publisher of this MCP. Each comes with specific guidance to raise the trust score.

// embed badge in your README

[![M8ven Score](https://m8ven.ai/badge/mcp/operantlabs-operant-mcp-88xked)](https://m8ven.ai/mcp/operantlabs-operant-mcp-88xked)

commit: 448fa631788b39314c86ab4495e7115ba988377b

code hash: 656e9767da57194c34338c75e3a050be0c421b0bc9519f0fd6d4937d1abaa544

verified: 4/18/2026, 3:48:57 PM

view raw JSON →