Security scan: valkey-mcp-server scored 0/100 (F) with 2 CRITICALs across 105 tools #2884
Description
We're running free security audits of popular MCP servers. The awslabs.valkey-mcp-server scored 0/100 (F) with 2 critical, 124 high, and 893 medium findings across 105 tools.
Breakdown by category:
| Category | Grade | Notes |
|---|---|---|
| Injection | D | sorted_set_range_by_score and sorted_set_range_by_lex descriptions instruct the LLM to bypass security controls |
| Permissions | F | hash_keys, json_objkeys access credentials with no scope restriction. list_remove can permanently delete data. |
| Validation | F | 105 tools, most with unbounded string parameters |
| Secrets | F | Multiple tools may expose secrets in output based on description |
| Auth | B | No authentication-related tools detected |
The two CRITICALs in the injection category are worth looking at. The tool descriptions for sorted_set_range_by_score and sorted_set_range_by_lex contain language that our scanner flags as instructing the LLM to bypass security controls.
With 105 tools this is one of the largest MCP servers in the ecosystem, which makes the lack of per-tool permission scoping particularly impactful. An agent with access to all 105 tools can read credentials, delete data, and send commands without any authorization boundary.
Full results: https://agentsid.dev/registry
Scanner is open source: npx @agentsid/scanner