ToolProof Trust Profile

app-3dstreet-3dstreet

Meaningful risk signals. Review before team or production use.

12risk score
Review Firstconnection signal
destructive_capabilityrisk type
57evidence score
Source: https://github.com/3DStreet/3dstreet-mcp
Registry: app.3dstreet/3dstreet 0.2.2

Connection signal

Meaningful risk signals. Review before team or production use.

Observed tools

  • None observed in this static profile.

Top findings

  • Install risk pattern: unpinned_dependency — package-lock.json:11
  • Detected capability: filesystem_read — src/cli.js:15

Recommended controls

  • Install in a sandbox before team or production use.
  • Pin the exact package/repository version.
  • Review install scripts, Dockerfile behavior, and dependency pins.

Static analysis can miss behavior. This profile is an connection review signal, not production approval.