npm:@nl4ever/sshmcp

Item: npm:@nl4ever/sshmcp
Rating: 75
Author: wmcp.sh

https://www.npmjs.com/package/@nl4ever/sshmcp

75/100 · MCP Trust Grade · checked 4h ago · MCP 2.2.3

What it offers — 21 tools · Finance & Crypto

list_servers

List all configured servers and active connections

get_server

View server configuration details

connect

Manually connect to server (usually not needed, tools auto-connect)

quick_connect

Temporary server connection (not saved). Returns host:port as server_id for subsequent operations

disconnect

Disconnect from server

test_connection

Test server connectivity (does not affect existing connections)

execute

Execute shell command on remote server

write_file

Write content to remote file (overwrite)

read_file

Read remote file content (supports line range, suitable for logs and config files)

upload_file

Upload local file to remote server (path-based, zero token cost. Use async mode for large files)

upload_directory

Upload local directory to remote server (auto compress, transfer, and extract. Use async for large dirs)

download_file

Download file from remote server (use async mode for large files)

download_directory

Download remote directory (remote compress → download → local extract. Use async for large dirs)

transfer_status

Check background transfer task progress (use with async_transfer=true)

add_server

Add or update server configuration

update_server

Update server configuration (only pass fields to change, rest unchanged)

delete_server

Delete server configuration

rename_server

Rename server ID (alias)

+3 more tools

Spec / packaging20%100

✓ depends on an MCP SDK
✓ declares a bin entry (runnable server)
✓ 21 tool(s) detected in source

Security (OWASP MCP)30%25

⚠ references sensitive file paths / env secrets
uses eval/exec/child_process (review for unsanitized input)
scanned 4 source files

Maintenance / popularity20%100

published within 90 days
16 published versions

Tool hygiene15%95

✓ ships TypeScript types
4 runtime deps

Transparency / provenance15%90

✓ public repository linked
✓ MIT license

Findings

WARNMCP08 References sensitive file paths / environment secrets.

INFO Static analysis of npm package @nl4ever/sshmcp@2.2.3 (stdio server — no remote endpoint). Reliability/behavioral signals require running it; not measured.

Grade another server

We re-grade npm:@nl4ever/sshmcp on a schedule and alert your Slack/webhook the moment its tools change or its grade drops — rug-pull insurance for the connection.

Share this report card

A 1200×630 card with the grade + audit — drop it in a post, Slack, or your repo.

MCP Trust report card — npm:@nl4ever/sshmcp grade C

Share on X Open card image

https://wmcp.sh/mcp/grade/npm%3A%40nl4ever%2Fsshmcp

Embed this grade

A live badge — it re-verifies itself and shows current stability. Static scorecards can't. Paste it in your README or site to show users you're independently audited.

Markdown (for your README)

[![MCP Trust Grade C](https://wmcp.sh/mcp/grade/npm%3A%40nl4ever%2Fsshmcp/badge.svg)](https://wmcp.sh/mcp/grade/npm%3A%40nl4ever%2Fsshmcp)

HTML

<a href="https://wmcp.sh/mcp/grade/npm%3A%40nl4ever%2Fsshmcp"><img src="https://wmcp.sh/mcp/grade/npm%3A%40nl4ever%2Fsshmcp/badge.svg" alt="MCP Trust Grade C · wmcp.sh"></a>

Agents: check this before connecting

Add the wmcp.sh trust oracle as an MCP server and call grade_mcp_server / check_mcp_drift in your agent's pre-connection gate:

https://wmcp.sh/mcp/trust

How this grade is computed. An open, independent rubric — Spec conformance (20%), Security mapped to the OWASP MCP Top 10 (30%), Reliability (20%), Tool hygiene (15%), Transparency (15%) — run by connecting to the server and inspecting its real MCP surface. The grade is free and identical whether or not the operator pays. v1 uses static + spec signals from a single connection; continuous uptime, real latency, and annotation-truthing (declared readOnly vs observed behavior) layer on via the wmcp.sh proxy.