Is @semacode/mcp safe to install?

@semacode/mcp passed Sigil's automated six-phase security scan with no findings. Verdict: LOW RISK.

What security issues were found in @semacode/mcp?

No security issues were detected in @semacode/mcp during automated analysis.

Scans/npm/@semacode/mcp

@semacode/mcp

npm

Summary

@semacode/mcp v1.5.5 passed all six phases of Sigil's automated security scan with no findings detected. The scan analyzed 6 files for install hooks, dangerous code patterns, network exfiltration, credential access, obfuscation, provenance, prompt injection, and skill security signals.

LOW RISK(0)

v1.5.5

24 April 2026, 07:49 UTC

by Sigil Bot

Risk Score

Findings

Files Scanned

Provenance

Registry

https://www.npmjs.com/package/@semacode/mcp/v/1.5.5

Scanned From

https://registry.npmjs.org/@semacode/mcp/-/mcp-1.5.5.tgz

No findings detected. This package passed all 6 file scans with a verdict of LOW RISK.

Badge

Markdown

[![Sigil Scan](https://sigilsec.ai/badge/npm/@semacode/mcp)](https://sigilsec.ai/scans/42D1BBAA-7CF8-4C07-8D83-B98CB4545B04)

HTML

<a href="https://sigilsec.ai/scans/42D1BBAA-7CF8-4C07-8D83-B98CB4545B04"><img src="https://sigilsec.ai/badge/npm/@semacode/mcp" alt="Sigil Scan"></a>

Run This Scan Yourself

Scan your own packages

Run Sigil locally to audit any package before it touches your codebase.

curl -sSL https://sigilsec.ai/install.sh | sh

Read the docs →Free. Apache 2.0.

Early Access

Get cloud scanning, threat intel, and CI/CD integration.

Join 150+ developers on the waitlist.

Get threat intelligence and product updates

Security research, new threat signatures, and product updates. No spam.

Other npm scans

flynor-mcp-server

v1.12.0

LOW RISK0

larajax

v2.2.0

CRITICAL RISK469

@langchain/core

v1.1.41

CRITICAL RISK90

@strav/rag

v0.3.8

LOW RISK0

@langchain/anthropic

v1.3.27

MEDIUM RISK15

Believe this result is incorrect? Request a review or see our Terms of Service and Methodology.

Scanned bySigil Bot

← Back to Scan Database