grade C

11 days ago

glama

Mund

MCP security scanner for AI agents - detects prompt injection, secrets, PII, and vets MCP servers before installation

→ Tyox-all/Weave_Protocol · listed on glama

Install from

Glama

M8ven verifies MCPs across every public registry — install directly from whichever one you prefer.

// key findings

✅

43 tools verified — handlers match their declared behaviour

6 read-only tools verified — handlers contain no write/delete/exec

✅

No credential exfiltration, no sensitive file access, no obfuscation

Static analysis found nothing flowing your secrets to unexpected places.

✅

Open source with a license and README

Anyone can audit the code, the license is declared, and the publisher documents what it does.

🔐

You'll be asked for 7 credentials: HORD_MASTER_KEY, HORD_MUND_API_KEY, HORD_USE_HARDWARE_KEY, MUND_API_KEY, MUND_EMAIL_SMTP_PASS, WEAVE_API_KEY, WEAVE_SIGNING_KEY

These are read from process.env at runtime. Make sure you trust where they’ll be sent.

// required environment variables

This server reads these from process.env. You'll be asked to provide them before it can run.

configHORD_ATTESTATION_CERT_FILE

configHORD_ATTESTATION_KEY_FILE

configHORD_CHAIN_ATTESTATIONS

configHORD_DATABASE_URL

configHORD_HOST

configHORD_KEY_ROTATION_DAYS

configHORD_LOG_LEVEL

🔐 secretHORD_MASTER_KEY

configHORD_MASTER_KEY_FILE

🔐 secretHORD_MUND_API_KEY

configHORD_MUND_URL

configHORD_PORT

configHORD_SANDBOX_IMAGE

configHORD_SANDBOX_MEMORY_MB

configHORD_SANDBOX_RUNTIME

configHORD_SANDBOX_TIMEOUT_MS

configHORD_STORAGE

configHORD_TRANSPORT

🔐 secretHORD_USE_HARDWARE_KEY

🔐 secretMUND_API_KEY

configMUND_BLOCK_MODE

configMUND_DATABASE_URL

configMUND_EMAIL_FROM

configMUND_EMAIL_MIN_SEVERITY

configMUND_EMAIL_SMTP_HOST

🔐 secretMUND_EMAIL_SMTP_PASS

configMUND_EMAIL_SMTP_PORT

configMUND_EMAIL_SMTP_SECURE

configMUND_EMAIL_SMTP_USER

configMUND_EMAIL_TO

configMUND_HOST

configMUND_LOG_LEVEL

configMUND_PORT

configMUND_SLACK_CHANNEL

configMUND_SLACK_EMOJI

configMUND_SLACK_MIN_SEVERITY

configMUND_SLACK_USERNAME

configMUND_SLACK_WEBHOOK

configMUND_STORAGE

configMUND_TEAMS_MIN_SEVERITY

configMUND_TEAMS_WEBHOOK

configMUND_TRANSPORT

configMUND_WEBHOOK_HEADERS

configMUND_WEBHOOK_MIN_SEVERITY

configMUND_WEBHOOK_URL

🔐 secretWEAVE_API_KEY

configWEAVE_CORS_ORIGIN

configWEAVE_PORT

configWEAVE_RATE_LIMIT

🔐 secretWEAVE_SIGNING_KEY

// full audit trail

The full breakdown of what we checked, the deductions that landed, the network hosts, the dependency advisories, and concrete fix guidance is available to verified publishers.

// improvement guidance — verified publishers only

We have 5 concrete improvements we can share with the publisher of this MCP. Each comes with specific guidance to raise the trust score.

// embed badge in your README

[![M8ven Score](https://m8ven.ai/badge/mcp/tyox-all-weave-protocol-1jwtua)](https://m8ven.ai/mcp/tyox-all-weave-protocol-1jwtua)

commit: 6c82206d876317b605f1ffb342f56e7234ec621f

code hash: 721ca1564419fc4282bbc2dffdb435b5f478a2c0bb1a354bde8a71decadc60ab

verified: 4/11/2026, 2:41:05 PM

view raw JSON →