Zulip MCP Server
UnverifiedREPOprixite/zulip-mcp
D
Catalogue entry updated 3 days ago
Auth postureNot probedno remote endpoint probed yet
Tools171 Destructive · 10 Write · 6 Read
Worst categoryDestructivegrade tracks the peak, not the average
Capability mix
Destructive 1Write 10Read 6
What it can reach
Ingests untrusted inputTouches secretsReaches networkRuns codeTouches filesChanges permissionsSends external commsPersistsDeletes dataMoves money
Exfiltration pathReads content an attacker can plant and can send data outward — a prompt-injection-to-exfiltration route.
Tools 17
zulip_delete_messagezulip_add_reactionzulip_create_streamzulip_mark_messages_as_readzulip_remove_reaction
Change history
No changes recorded since first scan. Watched servers surface a diff within the hour.
Recommended policy
zulip_delete_messagedeny
zulip_add_reactionrate limit
Read-only toolsallow
Full policy breakdown with enforcement rules →