Goose
block/gooseApache-2.0⭐ 32,932🔧 63 tools
F5.3SpiderScore (registry)
an open source, extensible AI agent that goes beyond code suggestions - install, execute, edit, and test with any LLM
⚠ Hard constraint applied: multiple critical issues forces F
Decision
Not Recommended
Confidence
90%
Goose is not recommended — low score (5.3/10) with 14 critical issues.
Recommended Actions
- highRun In Container14 critical vulnerabilities require isolation
- highLimit PermissionsRestrict tool access to minimum required scope
Do Not
- ✗running in production without container isolation
- ✗exposing this tool to untrusted input
Risk Flags (1)
- criticalchild_process_injection×14Command injection — execSync() with template literal interpolation
How This Was Decided
- positivew=0.5Overall quality score = 5.3/10 (grade F)
- negativew=0.814 critical security issue(s) detected
- negativew=0.3Tool description clarity score = 2.1/10
Source: SpiderRating automated security scanUpdated: 2026-03-13Protocol: v1.1
Description Quality
Composite: 2.1 / 10
3-Layer Breakdown
Description (38%)
2.1
Security (34%)
5.3
Metadata (28%)
9.7
Description Dimensions
Intent Clarity
3.2
Permission Scope
0.2
Side Effects
2.0
Capability Disclosure
3.3
Operational Boundaries
2.4
Security Analysis
5.3
Score
14
Critical
0
High
0
Medium
0
Low
Findings Redacted
Detailed security findings are hidden during the 90-day responsible disclosure window. Maintainers have been notified.
14 CRITICAL
Metadata Health
Provenance (40%)
10.0
Maintenance (35%)
9.0
Popularity (25%)
10.0
Badge
Add this badge to your README:
[](https://spiderrating.com/servers/block/goose)🛡️
Protect Your Agents
Get a free API key. Every MCP tool call checked against 15,923 rated servers in real-time.
Get Free API Key →📊
Monitor All Your Servers
Dashboard for your entire MCP portfolio. Score tracking, alerts, and compliance reports.
Start Free Trial →⭐
Scan Locally (Open Source)
Run SpiderShield on your own machine. 46+ security rules, zero data leaves your system.
Star on GitHub →