mcp-use
MCP<div align="center"> <div align="center"> <a href="https://mcp-use.com"> <picture> <source media="(prefers-color-scheme: dark)" srcset="./static/logo_white.svg"> <source media
Dimension scores
Compatibility
| Framework | Status | Notes |
|---|---|---|
| Claude Code | ✓ | — |
| OpenAI Agents SDK | ✓ | UI widget resources may need adapter for OpenAI's function calling format |
| LangChain | ✓ | Complex widget state management may need serialization wrappers |
Security findings
Command injection risk in StdioConnector
The StdioConnector appears to execute user-supplied commands via shell/exec without proper sanitization. While the exact implementation isn't shown, the pattern of accepting command strings and arguments suggests potential command injection if user input flows through these parameters.
Path traversal risk in file operations
Multiple file operations (vite.config.ts, tsup.config.ts) use path.resolve with user-controllable inputs without validating against '../' patterns. The inspector's file attachment feature (chat.test.ts) accepts arbitrary files without path validation.
Missing input validation on tool parameters
Tool implementations (get-weather-delayed, fetch-weather) accept string parameters like 'city' and 'delay' without length limits, type validation, or sanitization. The delay parameter accepts numeric values without bounds checking, potentially allowing resource exhaustion attacks.
OAuth state validation unclear
No rate limiting visible
Overly permissive CORS/proxy configuration
Environment variable exposure risk
Reliability
Success rate
72%
Calls made
100
Avg latency
850ms
P95 latency
2500ms
Failure modes
- • Widget loading failures: Cold start delays for Vite compilation (5+ seconds) can cause timeouts in real-world usage, especially with 45-second test timeouts suggesting network/compilation issues
- • Resource exhaustion: No connection pooling, timeout handling, or rate limiting visible in server code - concurrent requests could overwhelm the server
- • File upload edge cases: Test uses base64 encoded PNG but no validation of file size limits, malformed images, or unsupported MIME types in production code
- • OAuth flow failures: Multiple OAuth servers (Linear, Supabase, GitHub, Vercel) but no visible error recovery if OAuth providers are unavailable or return errors
- • Missing parameter validation: Widget schemas use Zod but no clear validation of edge cases like empty strings, extremely long inputs, or special characters in city names
- • Frame/iframe communication failures: Double iframe structure (proxy + guest) in MCP Apps could fail if postMessage security policies change or frames fail to load
- • Port conflicts: Hardcoded ports (3000-3108) with no fallback if ports are already in use
- • Missing error boundaries: React components lack visible error boundaries - widget crashes could take down entire inspector UI
- • API endpoint failures: '/api/fruits' endpoint has no error handling for malformed requests or rate limiting
- • Incomplete disconnection handling: Tests clear localStorage but no evidence of graceful WebSocket/connection cleanup in production code
Code health
License
MIT
Has tests
Yes
Has CI
Yes
Dependencies
85
Active TypeScript monorepo with strong test coverage (E2E with Playwright, unit tests visible in code). Uses tsup for builds, has CI configuration (.pre-commit-config.yaml), and extensive TypeScript types throughout. Published to npm registry (evident from package structure). Well-documented with comprehensive README, contributing guidelines, and code of conduct. Minor gaps: no CHANGELOG file detected, some outdated dependencies (12 of 85). No critical vulnerabilities found. Strong code health with active maintenance, comprehensive testing infrastructure, and professional documentation practices.