xigua-MCP
UnverifiedREPOxiguaxiaome/xigua-mcp
F
Catalogue entry updated 2 days ago
Auth postureNot probedno remote endpoint probed yet
Tools241 Destructive · 11 Execute · 7 Write · 5 Read
Worst categoryDestructivegrade tracks the peak, not the average
Capability mix
Destructive 1Execute 11Write 7Read 5
What it can reach
Ingests untrusted inputTouches secretsReaches networkRuns codeTouches filesChanges permissionsSends external commsPersistsDeletes dataMoves money
Exfiltration pathReads content an attacker can plant and can send data outward — a prompt-injection-to-exfiltration route.
Tools 24
delete_sticky_noteclose_camera_preview_toollock_screenopen_camera_preview_toolopen_program
View all 24 tools
open_webpageplay_bilibili_videoplay_web_musicrun_commandshow_desktopturn_off_displaywake_displayadd_sticky_noteclose_all_browser_processclose_browserclose_programmodify_sticky_noteopen_notepad_with_textsend_emailget_server_statuslist_all_sticky_notessearch_sticky_notesshow_sticky_notes_htmlvision_assistant
Change history
No changes recorded since first scan. Watched servers surface a diff within the hour.
Recommended policy
delete_sticky_notedeny
close_camera_preview_toolrequire approval
add_sticky_noterate limit
Read-only toolsallow
Full policy breakdown with enforcement rules →