Mattermost

Unverified
NPM@conarti/mattermost-mcp
CRisk gradenotable
Catalogue entry updated 7 days ago
Auth postureNot probedno remote endpoint probed yet
Tools91 Execute · 3 Write · 5 Read
Worst categoryExecutegrade tracks the peak, not the average
Capability mix
Execute 1Write 3Read 5
What it can reach
Ingests untrusted inputTouches secretsReaches networkRuns codeTouches filesChanges permissionsSends external commsPersistsDeletes dataMoves money
Exfiltration pathReads content an attacker can plant and can send data outward — a prompt-injection-to-exfiltration route.
Change history
No changes recorded since first scan. Watched servers surface a diff within the hour.
Recommended policy
mattermost_run_monitoringrequire approval
mattermost_add_reactionrate limit
Read-only toolsallow
Full policy breakdown with enforcement rules →
DIRECT INSTALL npx -y @conarti/mattermost-mcp

Installed this way, nothing enforces the recommended policy above — calls run exactly as the agent makes them.

// LOOK UP ANOTHER SERVER

Every MCP server has a record like this.

Type a name, get the same breakdown: verified identity, auth posture, risk grade, capabilities, recommended policy.

Teams ship this data inside their own products. See what a licence covers →

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.