C-

npm:@floomhq/mcp-server

https://www.npmjs.com/package/@floomhq/mcp-server
72/100 · MCP Trust Grade · checked 2h ago · MCP 0.1.8

What it offers — 30 tools · Developer Tools

deploy

Deploy Python code to Floom and get a usable URL. Accepts raw Python source or a base64-encoded ZIP. Optionally include a floom.yaml config to declare

run

Execute an action on a deployed Floom app. Returns the function output as JSON. Preferred: use app_slug + action for simple invocation. Alternative: u

list_projects

List all deployed Floom projects.

get_project

Get details for a Floom project including endpoint schemas and input parameters. Use this before calling run to see what inputs an endpoint expects.

manage_secrets

Manage persistent secrets (API keys, tokens) for a Floom project. Available across all runs. Supports list, set, and delete operations. For one-time s

get_logs

Get recent run logs for a Floom project.

list_versions

List all versions of a Floom project. Shows which version is dev (latest deploy) and which is prod (promoted).

promote

Promote a version to production. By default promotes the current dev version. Runs a health check; auto-rolls back if the check fails.

rollback

Rollback production to a previous version.

storage_set

Store a persistent key-value pair for a Floom project. Values persist across runs and deploys.

storage_get

Retrieve a stored value for a Floom project.

storage_delete

Delete a stored value for a Floom project.

storage_list

List all stored keys for a Floom project with usage info.

create_share_link

Create a public share link for a Floom endpoint. Share links allow anyone to run the endpoint without authentication.

list_share_links

List all share links for a Floom project.

disable_share_link

Disable a share link for a Floom project. The link will no longer be accessible.

fetch_context

Fetch external data from a URL and attach it as context to a Floom project. Context data enhances AI-powered endpoints.

list_contexts

List all context entries for a Floom project.

+12 more tools

Spec / packaging20%100
Security (OWASP MCP)30%25
Maintenance / popularity20%100
Tool hygiene15%70
Transparency / provenance15%90

Findings

WARNMCP08 References sensitive file paths / environment secrets.
INFO Static analysis of npm package @floomhq/mcp-server@0.1.8 (stdio server — no remote endpoint). Reliability/behavioral signals require running it; not measured.
Grade another server

We re-grade npm:@floomhq/mcp-server on a schedule and alert your Slack/webhook the moment its tools change or its grade drops — rug-pull insurance for the connection.

Share this report card

A 1200×630 card with the grade + audit — drop it in a post, Slack, or your repo.

MCP Trust report card — npm:@floomhq/mcp-server grade C-
Share on X Open card image

Embed this grade

A live badge — it re-verifies itself and shows current stability. Static scorecards can't. Paste it in your README or site to show users you're independently audited.

MCP Trust Grade C- · wmcp.sh
[![MCP Trust Grade C-](https://wmcp.sh/mcp/grade/npm%3A%40floomhq%2Fmcp-server/badge.svg)](https://wmcp.sh/mcp/grade/npm%3A%40floomhq%2Fmcp-server)
<a href="https://wmcp.sh/mcp/grade/npm%3A%40floomhq%2Fmcp-server"><img src="https://wmcp.sh/mcp/grade/npm%3A%40floomhq%2Fmcp-server/badge.svg" alt="MCP Trust Grade C- · wmcp.sh"></a>

Agents: check this before connecting

Add the wmcp.sh trust oracle as an MCP server and call grade_mcp_server / check_mcp_drift in your agent's pre-connection gate:

https://wmcp.sh/mcp/trust
How this grade is computed. An open, independent rubric — Spec conformance (20%), Security mapped to the OWASP MCP Top 10 (30%), Reliability (20%), Tool hygiene (15%), Transparency (15%) — run by connecting to the server and inspecting its real MCP surface. The grade is free and identical whether or not the operator pays. v1 uses static + spec signals from a single connection; continuous uptime, real latency, and annotation-truthing (declared readOnly vs observed behavior) layer on via the wmcp.sh proxy.