ToolProof Trust Profile

ai-packmind-mcp-server

High-impact capability. Restrict to sandbox/test resources and avoid production credentials.

100risk score
Connect With Limitsconnection signal
destructive_capabilityrisk type
43evidence score
Source: https://github.com/PackmindHub/packmind/tree/main/apps/mcp-server
Registry: ai.packmind/mcp-server 1.0.0

Connection signal

High-impact capability. Restrict to sandbox/test resources and avoid production credentials.

Observed tools

  • None observed in this static profile.

Top findings

  • References credential or secret pattern: JWT_SECRET — src/PackmindApp.ts:32
  • Detected capability: environment_access — src/PackmindApp.ts:38
  • References credential or secret pattern: DATABASE_URL — src/db.ts:18

Recommended controls

  • Install in a sandbox before team or production use.
  • Pin the exact package/repository version.
  • Review install scripts, Dockerfile behavior, and dependency pins.
  • Do not use production credentials during first install.
  • Restrict filesystem, repository, cloud, and database scope.
  • Require human approval for destructive actions.

Static analysis can miss behavior. This profile is an connection review signal, not production approval.