Yafldev
UnverifiedNPM@yafldev/mcp
D
Catalogue entry updated 2 days ago
Auth postureNot probedno remote endpoint probed yet
Tools51 Destructive · 1 Write · 3 Read
Worst categoryDestructivegrade tracks the peak, not the average
Capability mix
Destructive 1Write 1Read 3
What it can reach
Ingests untrusted inputTouches secretsReaches networkRuns codeTouches filesChanges permissionsSends external commsPersistsDeletes dataMoves money
Exfiltration pathReads content an attacker can plant and can send data outward — a prompt-injection-to-exfiltration route.
Tools 5
delete_fileupload_filedownload_fileget_statuslist_files
These definitions cost 859 tokens of context →
Change history
No change history on record for this server.
Recommended policy
delete_filedeny
upload_filerate limit
Read-only toolsallow
Full policy breakdown with enforcement rules →