ToolProof Trust Profile

ai-mcpcap-mcpcap

Meaningful risk signals. Review before team or production use.

20risk score
Review Firstconnection signal
destructive_capabilityrisk type
71evidence score
Source: https://github.com/mcpcap/mcpcap
Registry: ai.mcpcap/mcpcap 0.9.6

Connection signal

Meaningful risk signals. Review before team or production use.

Observed tools

  • None observed in this static profile.

Top findings

  • Detected capability: filesystem_write_delete — src/mcpcap/modules/base.py:70
  • Install risk pattern: unpinned_dependency — Dockerfile:28
  • Detected capability: network_egress — src/mcpcap/modules/base.py:119

Recommended controls

  • Install in a sandbox before team or production use.
  • Pin the exact package/repository version.
  • Review install scripts, Dockerfile behavior, and dependency pins.

Static analysis can miss behavior. This profile is an connection review signal, not production approval.