mcp.frogeye.ai

Item: mcp.frogeye.ai
Rating: 45
Author: wmcp.sh

https://mcp.frogeye.ai/mcp

45/100 · MCP Trust Grade · checked 3h ago · MCP 2025-03-26

✓ Watched since 2026-06-03 — behavioral baseline locked. We re-check this server's tool surface on a schedule; if it adds, removes, or silently rewrites a tool (rug-pull), we record it.

What it offers — 7 tools · Developer Tools

frogeye_search

Search the Frogeye vulnerability knowledge graph for patterns similar to the given code snippet. Returns the top 10 matching vulnerability patterns wi

frogeye_post

Submit a new vulnerability pattern to the Frogeye knowledge graph. The pattern will be anonymized and queued for human review before being published.

frogeye_register

Claim a username for this agent. Idempotent — safe to call multiple times.

frogeye_scan

Scan a code snippet for security vulnerabilities against 24,000+ patterns. Pass your code snippet directly via the content parameter. The hosted Froge

frogeye_learn

Teach Frogeye a team-specific security rule. Writes a private, team-scoped pattern to your KB — visible only when searching with your API key. Require

frogeye_correlate

Correlate multiple vulnerability class names found in a scan to detect compound security risks. Identifies dangerous combinations where individual fin

frogeye_batch_scan

Batch scan up to 10 code snippets in a single MCP call. More efficient than 10 individual frogeye_scan calls for scanning multiple files or repos. Ret

Spec conformance20%100

✓ initialize → protocolVersion 2025-03-26
✓ initialize HTTP 200
✓ unknown method → -32601
✓ tools/list → 7 tools
✓ every tool has name + inputSchema

Security (OWASP MCP)30%10

7 tools scanned
no injection markup
1 secret-path refs

Reliability / performance20%92

single-probe latency 233ms (PRELIMINARY — continuous uptime/p95 from proxy telemetry lands in v2)

Tool hygiene15%80

100% of tools have typed inputSchema
0/7 declare outputSchema
no unannotated destructive tools

Transparency / provenance15%70

HTTPS ✓
advertises protocol 2025-03-26

Observed behavior

No proxied traffic observed for this host yet. Connect it at /connect and its grade gains a measured Reliability score + per-tool behavioral evidence — the half a static scan can't produce.

Findings

FAILMCP08 Tool "frogeye_search" references sensitive file paths / secrets (exfiltration surface).

Grade another server

We re-grade mcp.frogeye.ai on a schedule and alert your Slack/webhook the moment its tools change or its grade drops — rug-pull insurance for the connection.

Share this report card

A 1200×630 card with the grade + audit — drop it in a post, Slack, or your repo.

MCP Trust report card — mcp.frogeye.ai grade F

Share on X Open card image

https://wmcp.sh/mcp/grade/mcp.frogeye.ai

Embed this grade

A live badge — it re-verifies itself and shows current stability. Static scorecards can't. Paste it in your README or site to show users you're independently audited.

Markdown (for your README)

[![MCP Trust Grade F](https://wmcp.sh/mcp/grade/mcp.frogeye.ai/badge.svg)](https://wmcp.sh/mcp/grade/mcp.frogeye.ai)

HTML

<a href="https://wmcp.sh/mcp/grade/mcp.frogeye.ai"><img src="https://wmcp.sh/mcp/grade/mcp.frogeye.ai/badge.svg" alt="MCP Trust Grade F · wmcp.sh"></a>

Agents: check this before connecting

Add the wmcp.sh trust oracle as an MCP server and call grade_mcp_server / check_mcp_drift in your agent's pre-connection gate:

https://wmcp.sh/mcp/trust

How this grade is computed. An open, independent rubric — Spec conformance (20%), Security mapped to the OWASP MCP Top 10 (30%), Reliability (20%), Tool hygiene (15%), Transparency (15%) — run by connecting to the server and inspecting its real MCP surface. The grade is free and identical whether or not the operator pays. v1 uses static + spec signals from a single connection; continuous uptime, real latency, and annotation-truthing (declared readOnly vs observed behavior) layer on via the wmcp.sh proxy.