Is Markgatcha/universal-mcp-toolkit safe to install?

Markgatcha/universal-mcp-toolkit was flagged as CRITICAL RISK (risk score 153) with 18 findings detected across 181 files. Review the findings before installing.

What security issues were found in Markgatcha/universal-mcp-toolkit?

Sigil detected 18 findings in Markgatcha/universal-mcp-toolkit, including patterns related to provenance, network_exfil, code_patterns. See the full scan report for details.

Scans/github/Markgatcha/universal-mcp-toolkit

Markgatcha/universal-mcp-toolkit

github

Summary

Markgatcha/universal-mcp-toolkit v2026-03-22 was classified as CRITICAL RISK with a risk score of 153. Sigil detected 18 findings across 181 files, covering phases including provenance, network exfiltration, code patterns. Review the findings below before installing this package.

Package description: The canonical open-source monorepo for production-ready MCP servers.

CRITICAL RISK(153)

v2026-03-22

22 March 2026, 23:50 UTC

by Sigil Bot

Risk Score

153

Findings

Files Scanned

181

Provenance

Registry

https://github.com/Markgatcha/universal-mcp-toolkit

Repository

https://github.com/Markgatcha/universal-mcp-toolkit

Scanned From

https://github.com/Markgatcha/universal-mcp-toolkit.git

Findings by Phase

•

Phase Ordering

Phases are ordered by criticality, with the most dangerous at the top. Click any phase header to expand or collapse its findings. Critical phases are expanded by default.

Badge

Markdown

[![Sigil Scan](https://sigilsec.ai/badge/github/Markgatcha/universal-mcp-toolkit)](https://sigilsec.ai/scans/3328F8CB-0705-4FE6-B8D8-16107CD32330)

HTML

<a href="https://sigilsec.ai/scans/3328F8CB-0705-4FE6-B8D8-16107CD32330"><img src="https://sigilsec.ai/badge/github/Markgatcha/universal-mcp-toolkit" alt="Sigil Scan"></a>

Run This Scan Yourself