Skip to content

Add MseeP.ai badge#454

Open
mseep-ai wants to merge 1 commit into
repowise-dev:mainfrom
mseep-ai:add-mseep-badge
Open

Add MseeP.ai badge#454
mseep-ai wants to merge 1 commit into
repowise-dev:mainfrom
mseep-ai:add-mseep-badge

Conversation

@mseep-ai

@mseep-ai mseep-ai commented Jun 11, 2026

Copy link
Copy Markdown

Hi there,

This pull request shares a security update on repowise.

We also have an entry for repowise in our directory, MseeP.ai, where we provide regular security and trust updates on your app.

We invite you to add our badge for your MCP server to your README to help your users learn from a third party that provides ongoing validation of repowise.

You can easily take control over your listing for free: visit it at https://mseep.ai/app/repowise-dev-repowise.

Thanks,

The MseeP Team
MCP servers you can trust

MseeP.ai Security Assessment Badge

Here are our latest evaluation results of repowise

Security Scan Results

Security Score: 80/100

Risk Level: moderate

Scan Date: 2026-06-11

Score starts at 100, deducts points for security issues, and adds points for security best practices

Detected Vulnerabilities

Medium Severity

  • brace-expansion

    • [{'source': 1120311, 'name': 'brace-expansion', 'dependency': 'brace-expansion', 'title': 'brace-expansion: Large numeric range defeats documented max DoS protection', 'url': 'https://github.com/advisories/GHSA-jxxr-4gwj-5jf2', 'severity': 'moderate', 'cwe': ['CWE-400'], 'cvss': {'score': 6.5, 'vectorString': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}, 'range': '>=5.0.0 <5.0.6'}]
    • Fixed in version: unknown

  • postcss

    • [{'source': 1117015, 'name': 'postcss', 'dependency': 'postcss', 'title': 'PostCSS has XSS via Unescaped </style> in its CSS Stringify Output', 'url': 'https://github.com/advisories/GHSA-qx2v-qp2m-jg93', 'severity': 'moderate', 'cwe': ['CWE-79'], 'cvss': {'score': 6.1, 'vectorString': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N'}, 'range': '<8.5.10'}]
    • Fixed in version: unknown

  • uuid

    • [{'source': 1119441, 'name': 'uuid', 'dependency': 'uuid', 'title': 'uuid: Missing buffer bounds check in v3/v5/v6 when buf is provided', 'url': 'https://github.com/advisories/GHSA-w5hq-g745-h8pq', 'severity': 'moderate', 'cwe': ['CWE-787', 'CWE-1285'], 'cvss': {'score': 7.5, 'vectorString': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N'}, 'range': '<11.1.1'}]
    • Fixed in version: unknown

  • ... and 2 more medium severity vulnerabilities

Security Findings

Medium Severity Issues

  • semgrep: Use of subprocess with shell=True detected. This can be dangerous if used with untrusted input.

    • Location: packages/cli/src/repowise/cli/commands/distill_cmd.py
    • Line: 55

  • semgrep: Avoiding SQL string concatenation: untrusted input concatenated with raw SQL query can result in SQL Injection. In order to execute raw query safely, prepared statement should be used. SQLAlchemy provides TextualSQL to easily used prepared statement with named parameters. For complex SQL composition, use SQL Expression Language or Schema Definition Language. In most cases, SQLAlchemy ORM will be a better option.

    • Location: packages/core/src/repowise/core/distill/tracking.py
    • Line: 200

  • ... and 1 more medium severity issues

This security assessment was conducted by MseeP.ai, an independent security validation service for MCP servers. Visit our website to learn more about our security reviews.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@RaghavChamadiya RaghavChamadiya Awaiting requested review from RaghavChamadiya RaghavChamadiya is a code owner

@swati510 swati510 Awaiting requested review from swati510 swati510 is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@mseep-ai