Is zorak1103/ha-mcp safe to install?

zorak1103/ha-mcp was flagged as CRITICAL RISK (risk score 53) with 9 findings detected across 241 files. Review the findings before installing.

What security issues were found in zorak1103/ha-mcp?

Sigil detected 9 findings in zorak1103/ha-mcp, including patterns related to provenance, network_exfil. See the full scan report for details.

Scans/github/zorak1103/ha-mcp

zorak1103/ha-mcp

github

Summary

zorak1103/ha-mcp v2026-03-23 was classified as CRITICAL RISK with a risk score of 53. Sigil detected 9 findings across 241 files, covering phases including provenance, network exfiltration. Review the findings below before installing this package.

Package description: A Model Context Protocol (MCP) server that provides AI assistants with access to Home Assistant, enabling smart home control and automation management.

CRITICAL RISK(53)

v2026-03-23

23 March 2026, 11:47 UTC

by Sigil Bot

Risk Score

Findings

Files Scanned

241

Provenance

Registry

https://github.com/zorak1103/ha-mcp

Repository

https://github.com/zorak1103/ha-mcp

Scanned From

https://github.com/zorak1103/ha-mcp.git

Findings by Phase

•

Phase Ordering

Phases are ordered by criticality, with the most dangerous at the top. Click any phase header to expand or collapse its findings. Critical phases are expanded by default.

Badge

Markdown

[![Sigil Scan](https://sigilsec.ai/badge/github/zorak1103/ha-mcp)](https://sigilsec.ai/scans/6248B1FE-2943-4DE9-96B6-0166277E3AF7)

HTML

<a href="https://sigilsec.ai/scans/6248B1FE-2943-4DE9-96B6-0166277E3AF7"><img src="https://sigilsec.ai/badge/github/zorak1103/ha-mcp" alt="Sigil Scan"></a>

Run This Scan Yourself