brin
brin

@modelcontextprotocol/sdk

npm

Is @modelcontextprotocol/sdk safe to use?

The latest brin safety scan flagged @modelcontextprotocol/sdk v1.25.3 with risk indicators that warrant review. No known CVE vulnerabilities. Trust score: 75/100. Review the findings below before use. This is an automated assessment and may contain errors.

Install (safety-checked)

@modelcontextprotocol/sdk Has Warnings

Warnings detected due to potential concerns

warning
CVEs

0

Threats

0

Install Scripts

0

Risk Indicators

  • Can spawn child processes

brin Recommendations

  • This package has warnings detected. Evaluate the specific concerns before proceeding.

Install with brin add @modelcontextprotocol/sdk to automatically apply these checks before installation.

This is an automated, point-in-time assessment and may contain errors. Findings are risk indicators, not confirmed threats. Security posture may change over time. Maintainers can dispute findings via the brin review process.

@modelcontextprotocol/sdk Capabilities & Permissions

What @modelcontextprotocol/sdk can access when installed. Review these capabilities before using with AI agents like Cursor, Claude Code, or Codex.

Network Access

This package makes network requests.

api.example.comdatatracker.ietf.orgexample.comgithub.comjson-schema.orgmcp-example.comopenid.netraw.githubusercontent.comspec.modelcontextprotocol.iowww.example.com
Protocols: http, https

Process Spawning

This package can spawn child processes.

Environment Variables

Accesses the following environment variables.

MCP_AUTH_PORTMCP_CLIENT_ALGORITHMMCP_CLIENT_IDMCP_CLIENT_PRIVATE_KEY_PEMMCP_CLIENT_SECRETMCP_DANGEROUSLY_ALLOW_INSECURE_ISSUER_URLMCP_PORTMCP_SERVER_URLPORT

AGENTS.md for @modelcontextprotocol/sdk

Good instructions lead to good results. brin adds @modelcontextprotocol/sdk documentation to your AGENTS.md so your agent knows how to use it properly—improving both safety and performance.

brin init

Vercel's research: 100% accuracy with AGENTS.md vs 53% without →

@modelcontextprotocol/sdk Documentation & Source Code

For the full @modelcontextprotocol/sdk README, API documentation, and source code, visit the official package registry.

View on npmView SourceHomepage

Frequently asked questions about @modelcontextprotocol/sdk safety

Weekly Downloads

13.5M

Version

1.25.3

License

MIT

Other Versions

1.26.0warning

Last Scanned

Feb 1, 2026

Trust Score

75/100·Legitimacy signals, not safety

Capabilities

Network

Connects to: api.example.com, datatracker.ietf.org, example.com...

Process

Spawns child processes

Environment

Accesses: MCP_AUTH_PORT, MCP_CLIENT_ALGORITHM, MCP_CLIENT_ID...