UFO icon indicating copy to clipboard operation
UFO copied to clipboard
verified publisher icon microsoft

Add MseeP.ai badge

Open lwsinclair opened this issue 1 month ago • 0 comments

Hi there,

This pull request shares a security update on UFO.

We also have an entry for UFO in our directory, MseeP.ai, where we provide regular security and trust updates on your app.

We invite you to add our badge for your MCP server to your README to help your users learn from a third party that provides ongoing validation of UFO.

You can easily take control over your listing for free: visit it at https://mseep.ai/app/microsoft-ufo.

Yours Sincerely,

Lawrence W. Sinclair CEO/SkyDeck AI Founder of MseeP.ai MCP servers you can trust

MseeP.ai Security Assessment Badge

Here are our latest evaluation results of UFO

Security Scan Results

Security Score: 60/100

Risk Level: high

Scan Date: 2025-11-10

Score starts at 100, deducts points for security issues, and adds points for security best practices

Security Findings

Medium Severity Issues

  • semgrep: Use of subprocess with shell=True detected. This can be dangerous if used with untrusted input.

    • Location: ufo/automator/app_apis/shell/shell_client.py
    • Line: 43

  • semgrep: Use of subprocess with shell=True detected. This can be dangerous if used with untrusted input.

    • Location: ufo/client/mcp/local_servers/cli_mcp_server.py
    • Line: 48

  • ... and 117 more medium severity issues

Low Severity Issues

  • semgrep: Use of base64 decoding detected. This might indicate obfuscated code.
  • ... and 3 more low severity issues

This security assessment was conducted by MseeP.ai, an independent security validation service for MCP servers. Visit our website to learn more about our security reviews.

lwsinclair avatar Nov 10 '25 19:11 lwsinclair