C-

npm:@dealsurface/mcp-server

https://www.npmjs.com/package/@dealsurface/mcp-server
70/100 · MCP Trust Grade · checked 6h ago · MCP 0.2.0

What it offers — 9 tools · Developer Tools

list_products

List active products configured for the authenticated team. Free operation. Returns product names, descriptions, keywords, sources, and target industr

get_product

Get detailed information about a specific active product, including its keywords, sources, and target industries. Free operation. Pass include_disable

list_prospects

List assessed companies ranked by deal score for a specific product. Free operation. Returns ticker, company name, deal score (1-5 stars), and rank am

get_prospect

Get full prospect analysis for a specific company ticker and product. Free operation. Returns deal score, rank among all prospects, findings summary,

search_excerpts

Search and filter evidence excerpts from SEC filings for a specific prospect and product. Free operation. Excerpts contain direct quotes indicating in

craft_outreach

Generate outreach copy (email or LinkedIn message) grounded in prospect evidence from SEC filings. Stakeholder role data from get_dealmap enables role

get_dealmap

Get the buying committee DealMap for a prospect company. Shows stakeholders with AI-assigned roles (Economic Buyer, Decision Maker, Champion, Executiv

generate_dealmap

Generate or refresh the buying committee DealMap for a prospect. Maps the org structure and assigns stakeholder roles (Economic Buyer, Decision Maker,

override_stakeholder_role

Override the AI-assigned stakeholder role for a specific person on the buying committee DealMap. This is a team-wide override visible to all team memb

Spec / packaging20%100
Security (OWASP MCP)30%25
Maintenance / popularity20%100
Tool hygiene15%95
Transparency / provenance15%55

Findings

WARNMCP08 References sensitive file paths / environment secrets.
INFO Static analysis of npm package @dealsurface/mcp-server@0.2.0 (stdio server — no remote endpoint). Reliability/behavioral signals require running it; not measured.
Grade another server

We re-grade npm:@dealsurface/mcp-server on a schedule and alert your Slack/webhook the moment its tools change or its grade drops — rug-pull insurance for the connection.

Share this report card

A 1200×630 card with the grade + audit — drop it in a post, Slack, or your repo.

MCP Trust report card — npm:@dealsurface/mcp-server grade C-
Share on X Open card image

Embed this grade

A live badge — it re-verifies itself and shows current stability. Static scorecards can't. Paste it in your README or site to show users you're independently audited.

MCP Trust Grade C- · wmcp.sh
[![MCP Trust Grade C-](https://wmcp.sh/mcp/grade/npm%3A%40dealsurface%2Fmcp-server/badge.svg)](https://wmcp.sh/mcp/grade/npm%3A%40dealsurface%2Fmcp-server)
<a href="https://wmcp.sh/mcp/grade/npm%3A%40dealsurface%2Fmcp-server"><img src="https://wmcp.sh/mcp/grade/npm%3A%40dealsurface%2Fmcp-server/badge.svg" alt="MCP Trust Grade C- · wmcp.sh"></a>

Agents: check this before connecting

Add the wmcp.sh trust oracle as an MCP server and call grade_mcp_server / check_mcp_drift in your agent's pre-connection gate:

https://wmcp.sh/mcp/trust
How this grade is computed. An open, independent rubric — Spec conformance (20%), Security mapped to the OWASP MCP Top 10 (30%), Reliability (20%), Tool hygiene (15%), Transparency (15%) — run by connecting to the server and inspecting its real MCP surface. The grade is free and identical whether or not the operator pays. v1 uses static + spec signals from a single connection; continuous uptime, real latency, and annotation-truthing (declared readOnly vs observed behavior) layer on via the wmcp.sh proxy.