Is Mcp Context Forge safe to use?

Mcp Context Forge is rated NOT_RECOMMENDED by SpiderRating. Mcp Context Forge is not recommended — low score (2.0/10) with 24 critical issues.

What are the security risks of Mcp Context Forge?

Key risk flags: sql_injection (critical), command_injection (critical), path_traversal (high). Overall security score: 7.6/10 with 24 critical issues.

Are there safer alternatives to Mcp Context Forge?

Similar tools include: bilelmoussaoui/gnome-mcp-server, cookjohn/zotero-mcp, yoavf/ai-sessions-mcp. View full comparison at spiderrating.com.

Mcp Context Forge

IBM/mcp-context-forgeApache-2.0⭐ 3,456🔧 78 tools

F2.0SpiderScore (registry)

Use cases:code-execution api-integration kb-memory

⚠ Hard constraint applied: critical vulnerability

Decision

Not Recommended

Confidence

90%

Mcp Context Forge is not recommended — low score (2.0/10) with 24 critical issues.

Recommended Actions

high
Run In Container
24 critical vulnerabilities require isolation
high
Limit Permissions
Restrict tool access to minimum required scope

Do Not

✗running in production without container isolation
✗exposing this tool to untrusted input
✗using for security-sensitive tasks

Risk Flags (7)

critical
sql_injection×3
SQL injection â€” .execute() called with f-string (user input may reach query)
critical
command_injection
Command injection risk â€” subprocess called with shell=True and non-literal command
high
path_traversal×3
Tainted path traversal â€” user-controlled path flows to file operation without validation
high
token_leakage×9
Secret or token may be leaked through error messages, logs, or return values
medium
ssrf×2
Potential SSRF -- unrestricted network requests with user-controlled URLs
medium
timing_attack_comparison
Secret compared with == operator -- timing side-channel may leak value length
medium
input_reflection
User input reflected directly in tool output -- may enable prompt injection via reflection

How This Was Decided

negativew=0.5Overall quality score = 2.0/10 (grade F)
negativew=0.824 critical security issue(s) detected
negativew=0.5494 high-severity issue(s) detected
negativew=0.3Tool description clarity score = 2.0/10

Source: SpiderRating automated security scanUpdated: 2026-03-21Protocol: v1.1

Description Quality

Composite: 2.0 / 10

3-Layer Breakdown

Description (38%)

2.0

Security (34%)

7.6

Metadata (28%)

9.4

Description Dimensions

Intent Clarity

3.1

Permission Scope

0.0

Side Effects

2.0

Capability Disclosure

3.0

Operational Boundaries

2.3

Security Analysis

7.6

Score

Critical

494

High

Medium

Low

Findings Redacted

Detailed security findings are hidden during the 90-day responsible disclosure window. Maintainers have been notified.

488 HIGH24 CRITICAL18 MEDIUM

Metadata Health

Provenance (40%)

10.0

Maintenance (35%)

9.0

Popularity (25%)

9.2

Badge

Add this badge to your README:

[![SpiderRating](https://spiderrating.com/badge/IBM__mcp-context-forge.svg)](https://spiderrating.com/servers/IBM/mcp-context-forge)

🛡️

Protect Your Agents

Get a free API key. Every MCP tool call checked against 15,923 rated servers in real-time.

Get Free API Key →

📊

Monitor All Your Servers

Dashboard for your entire MCP portfolio. Score tracking, alerts, and compliance reports.

Start Free Trial →

⭐

Scan Locally (Open Source)

Run SpiderShield on your own machine. 46+ security rules, zero data leaves your system.

Star on GitHub →

4.0D

Zotero Mcpcookjohn/zotero-mcp

4.0D

Ai Sessions Mcpyoavf/ai-sessions-mcp

4.0D

Actors Mcp Serverapify/actors-mcp-server

4.0D

Awesome Mcp ServerAIAnytime/Awesome-MCP-Server

3.9D

Mcp Context Forge

Recommended Actions

Do Not

Description Quality

3-Layer Breakdown

Description Dimensions

Security Analysis

Metadata Health

Badge

Protect Your Agents

Monitor All Your Servers

Scan Locally (Open Source)

Similar Servers