Is Npcpy safe to use?

Npcpy is rated ALLOW_WITH_RISK by SpiderRating. Npcpy has risks — usable with isolation (5.19/10, 2 critical, 0 high).

What are the security risks of Npcpy?

Key risk flags: command_injection (critical), ssrf (medium), no_input_validation (low). Overall security score: 4.9/10 with 2 critical issues.

Are there safer alternatives to Npcpy?

Similar tools include: Dataojitori/nocturne_memory, aaronx-hu/memory-lancedb-pro, darcy-wang/memory-lancedb-pro-skill. View full comparison at spiderrating.com.

Npcpy

NPC-Worldwide/npcpyMIT⭐ 1,231🔧 6 tools

D5.2SpiderScore (registry)

The python library for research and development in NLP, multimodal LLMs, Agents, ML, Knowledge Graphs, and more.

Use cases:kb-memory code-execution

⚠ Hard constraint applied: critical issue caps D

Decision

Allow with Risk

Confidence

90%

Npcpy has risks — usable with isolation (5.19/10, 2 critical, 0 high).

Recommended Actions

high
Run In Container
2 critical vulnerabilities require isolation
high
Limit Permissions
Restrict tool access to minimum required scope

Do Not

✗running in production without container isolation

Risk Flags (3)

critical
command_injection×2
Command injection risk â€” subprocess called with shell=True and non-literal command
medium
ssrf×12
Potential SSRF -- unrestricted network requests with user-controlled URLs
low
no_input_validation×2
MCP tool handler accepts raw string input without validation

How This Was Decided

positivew=0.5Overall quality score = 5.19/10 (grade D)
negativew=0.82 critical security issue(s) detected
negativew=0.3Tool description clarity score = 2.4/10

Source: SpiderRating automated security scanUpdated: 2026-03-13Protocol: v1.1

Description Quality

Composite: 2.4 / 10

3-Layer Breakdown

Description (38%)

2.4

Security (34%)

4.9

Metadata (28%)

9.3

Description Dimensions

Intent Clarity

4.0

Permission Scope

0.0

Side Effects

2.0

Capability Disclosure

4.0

Operational Boundaries

2.9

Security Analysis

4.9

Score

Critical

High

Medium

Low

Findings Redacted

Detailed security findings are hidden during the 90-day responsible disclosure window. Maintainers have been notified.

2 CRITICAL2 LOW12 MEDIUM

Metadata Health

Provenance (40%)

10.0

Maintenance (35%)

9.0

Popularity (25%)

8.7

Badge

Add this badge to your README:

[![SpiderRating](https://spiderrating.com/badge/NPC-Worldwide__npcpy.svg)](https://spiderrating.com/servers/NPC-Worldwide/npcpy)

🛡️

Protect Your Agents

Get a free API key. Every MCP tool call checked against 15,923 rated servers in real-time.

Get Free API Key →

📊

Monitor All Your Servers

Dashboard for your entire MCP portfolio. Score tracking, alerts, and compliance reports.

Start Free Trial →

⭐

Scan Locally (Open Source)

Run SpiderShield on your own machine. 46+ security rules, zero data leaves your system.

Star on GitHub →

6.9C

Memory Lancedb Proaaronx-hu/memory-lancedb-pro

6.4C

Memory Lancedb Pro Skilldarcy-wang/memory-lancedb-pro-skill

6.3C

Fermat Mcpabhiphile/fermat-mcp