npm:@heyoden/mcp

Item: npm:@heyoden/mcp
Rating: 68
Author: wmcp.sh

https://www.npmjs.com/package/@heyoden/mcp

68/100 · MCP Trust Grade · checked 4h ago · MCP 1.0.2

What it offers — 17 tools · Finance & Crypto

oden_list_todos

List todos from Oden. Filter by status (pending/done) and tag ID.

oden_create_todo

Create a new todo in Oden. Use oden_list_tags to get tag IDs before creating.

oden_update_todo

Update a todo

oden_complete_todo

Mark a todo as completed by UUID.

oden_delete_todo

Delete a todo by UUID. Gets a confirm token first, then deletes.

oden_suggest_todos

Get AI-suggested focus todos for today.

oden_search_todos

Full-text search across todo titles, descriptions, and tag names.

oden_list_tags

List all tags with UUIDs, names, colors, and todo counts.

oden_create_tag

Create a new tag. Colors: amber, rose, ocean, sage, lavender, terracotta, slate, teal, coral, mint.

oden_reparent_todo

Move a todo under a parent (making it a subtask) or detach it (set parent_id to null).

oden_list_reminders

List reminders from Oden (legacy). Prefer listing todos with remindAt instead.

oden_create_reminder

Create a reminder. Prefer oden_create_todo with remind_at instead.

oden_snooze_reminder

Snooze a reminder by minutes. Prefer snoozing via todo update instead.

oden_delete_reminder

Delete a reminder by ID (legacy).

oden_get_stats

Get productivity stats: completions, streaks, most productive day.

oden_get_profile

Get user profile: name, email, plan.

oden_get_billing

Get subscription/billing status: plan, trial end, subscription status.

Spec / packaging20%100

✓ depends on an MCP SDK
✓ declares a bin entry (runnable server)
✓ 17 tool(s) detected in source

Security (OWASP MCP)30%25

⚠ references sensitive file paths / env secrets
scanned 2 source files

Maintenance / popularity20%92

published within 90 days
3 published versions

Tool hygiene15%95

✓ ships TypeScript types
2 runtime deps

Transparency / provenance15%55

no repository link
✓ MIT license

Findings

WARNMCP08 References sensitive file paths / environment secrets.

INFO Static analysis of npm package @heyoden/mcp@1.0.2 (stdio server — no remote endpoint). Reliability/behavioral signals require running it; not measured.

Grade another server

We re-grade npm:@heyoden/mcp on a schedule and alert your Slack/webhook the moment its tools change or its grade drops — rug-pull insurance for the connection.

Share this report card

A 1200×630 card with the grade + audit — drop it in a post, Slack, or your repo.

MCP Trust report card — npm:@heyoden/mcp grade D

Share on X Open card image

https://wmcp.sh/mcp/grade/npm%3A%40heyoden%2Fmcp

Embed this grade

A live badge — it re-verifies itself and shows current stability. Static scorecards can't. Paste it in your README or site to show users you're independently audited.

Markdown (for your README)

[![MCP Trust Grade D](https://wmcp.sh/mcp/grade/npm%3A%40heyoden%2Fmcp/badge.svg)](https://wmcp.sh/mcp/grade/npm%3A%40heyoden%2Fmcp)

HTML

<a href="https://wmcp.sh/mcp/grade/npm%3A%40heyoden%2Fmcp"><img src="https://wmcp.sh/mcp/grade/npm%3A%40heyoden%2Fmcp/badge.svg" alt="MCP Trust Grade D · wmcp.sh"></a>

Agents: check this before connecting

Add the wmcp.sh trust oracle as an MCP server and call grade_mcp_server / check_mcp_drift in your agent's pre-connection gate:

https://wmcp.sh/mcp/trust

How this grade is computed. An open, independent rubric — Spec conformance (20%), Security mapped to the OWASP MCP Top 10 (30%), Reliability (20%), Tool hygiene (15%), Transparency (15%) — run by connecting to the server and inspecting its real MCP surface. The grade is free and identical whether or not the operator pays. v1 uses static + spec signals from a single connection; continuous uptime, real latency, and annotation-truthing (declared readOnly vs observed behavior) layer on via the wmcp.sh proxy.