Serena

oraios/serenaMIT21,854🔧 0 tools

F6.1SpiderScore (registry)

A powerful MCP toolkit for coding, providing semantic retrieval and editing capabilities - the IDE for your agent

Use cases:code-editcode-searchvector-search
⚠ Hard constraint applied: multiple critical issues forces F
Decision
Not Recommended
Confidence
90%

Serena is not recommended — low score (6.06/10) with 8 critical issues.

Recommended Actions

  • high
    Run In Container
    8 critical vulnerabilities require isolation
  • high
    Limit Permissions
    Restrict tool access to minimum required scope

Do Not

  • running in production without container isolation
  • exposing this tool to untrusted input
Risk Flags (2)
  • critical
    command_injection×8
    Command injection risk — os.system() called with non-literal argument
  • medium
    ssrf×6
    Potential SSRF -- unrestricted network requests with user-controlled URLs
How This Was Decided
  • positivew=0.5Overall quality score = 6.06/10 (grade F)
  • negativew=0.88 critical security issue(s) detected
  • positivew=0.3Tool description clarity score = 5.0/10
Source: SpiderRating automated security scanUpdated: 2026-03-13Protocol: v1.1

Description Quality

Composite: 5.0 / 10

3-Layer Breakdown

Description (38%)
5.0
Security (34%)
4.6
Metadata (28%)
9.3

Description Dimensions

Intent Clarity
5.0
Permission Scope
5.0
Side Effects
5.0
Capability Disclosure
5.0
Operational Boundaries
5.0

Security Analysis

4.6
Score
8
Critical
0
High
6
Medium
0
Low

Findings Redacted

Detailed security findings are hidden during the 90-day responsible disclosure window. Maintainers have been notified.

8 CRITICAL6 MEDIUM

Metadata Health

Provenance (40%)
10.0
Maintenance (35%)
8.0
Popularity (25%)
9.8

Badge

Add this badge to your README:

[![SpiderRating](https://spiderrating.com/badge/oraios__serena.svg)](https://spiderrating.com/servers/oraios/serena)
🛡️

Protect Your Agents

Get a free API key. Every MCP tool call checked against 15,923 rated servers in real-time.

Get Free API Key →
📊

Monitor All Your Servers

Dashboard for your entire MCP portfolio. Score tracking, alerts, and compliance reports.

Start Free Trial →

Scan Locally (Open Source)

Run SpiderShield on your own machine. 46+ security rules, zero data leaves your system.

Star on GitHub →

Similar Servers

Mcp Language Serverisaacphi/mcp-language-server
6.4C
Vscode Mcp Serverjuehang/vscode-mcp-server
6.4C
Mcp Design System Extractorfreema/mcp-design-system-extractor
6.3C
Jetbrains Index Mcp Pluginhechtcarmel/jetbrains-index-mcp-plugin
6.3C
Javalens Mcppzalutski-pixel/javalens-mcp
5.9C