Fetter MCP
Get the most-recent Python package without vulnerabilities, and more.
Fetter MCP
Fetter provides a remote Model Context Protocol (MCP) server at https://mcp.fetter.io/mcp that gives AI coding agents real-time access to Python package vulnerability data. Built on fetter, it queries PyPI and OSV to surface known CVEs, CVSS scores, and safe versions so your agent can make informed dependency decisions as it writes code.
Tools:
most_recent_not_vulnerable: find the latest release of a package that is free of known vulnerabilitiesis_vulnerable: check whether a specific pinned version has known CVEslookup: find available versions and their vulnerabilities for any package or specifier
Installation
The Fetter MCP server uses the HTTP transport and requires no local installation. Just register the remote URL with your MCP client.
Claude Code
claude mcp add --transport http fetter https://mcp.fetter.io/mcp
Codex
codex mcp add fetter --url https://mcp.fetter.io/mcp
Other MCP Clients
For any other MCP-compatible client, provide the following remote server URL using the HTTP transport:
https://mcp.fetter.io/mcp
Agent Usage
Once installed, the Fetter MCP tools are available to your AI agent during coding sessions. The agent can call them automatically when adding or auditing dependencies; no explicit tool invocation is required in your prompts.
Example prompts
- "Add the latest safe version of requests to requirements.txt"
- "Are there any known vulnerabilities in my current dependencies?"
- "What is the most recent version of pillow with no CVEs?"
- "Before pinning cryptography, check whether 42.0.5 is vulnerable"
The agent selects the appropriate tool based on context:
- Adding a new package:
most_recent_not_vulnerableto find a safe version - Validating a specific pinned version:
is_vulnerablefor a definitive answer - Auditing an existing specifier:
lookupto see affected versions
most_recent_not_vulnerable
Find the most recent version of a package that has no known vulnerabilities. Provide only a package name and the server will search recent releases for a safe version. Useful when pinning a dependency to the latest clean release.
Parameters
package_name— package name only (no version specifier), e.g."requests"
Example Request
{ "jsonrpc": "2.0", "method": "tools/call", "id": 2, "params": { "name": "most_recent_not_vulnerable", "arguments": { "name": "cryptography" } } }
Example Response:
{ "jsonrpc": "2.0", "id": 2, "result": { "content": [], "structuredContent": { "package": "cryptography", "version": "46.0.5", "vulnerabilities": [], "vulnerable": false }, "isError": false } }
is_vulnerable
Check if a specific package version has known vulnerabilities. Requires an exact version specifier. Returns vulnerability IDs, summaries, CVSS scores, severity ratings, and reference URLs.
Parameters
dep_spec— exact version specifier, e.g."requests==2.31.0"
{ "jsonrpc": "2.0", "method": "tools/call", "id": 2, "params": { "name": "is_vulnerable", "arguments": { "name": "requests==2.19.1" } } }
{ "jsonrpc": "2.0", "id": 2, "result": { "content": [], "structuredContent": { "package": "requests", "version": "2.19.1", "vulnerabilities": [ { "cvss_score": 5.3, "id": "GHSA-9hjg-9r4m-mvj7", "severity": "(Medium):", "summary": "Requests vulnerable to .netrc credentials leak via malicious URLs", "url": "https://osv.dev/vulnerability/GHSA-9hjg-9r4m-mvj7" }, { "cvss_score": 5.6, "id": "GHSA-9wx4-h78v-vm56", "severity": "(Medium):", "summary": "Requests Session object does not verify requests after making first request with verify=False", "url": "https://osv.dev/vulnerability/GHSA-9wx4-h78v-vm56" }, { "cvss_score": 6.1, "id": "GHSA-j8r2-6x86-q33q", "severity": "(Medium):", "summary": "Unintended leak of Proxy-Authorization header in requests", "url": "https://osv.dev/vulnerability/GHSA-j8r2-6x86-q33q" }, { "cvss_score": 7.5, "id": "GHSA-x84v-xcm2-53pg", "severity": "(High):", "summary": "Insufficiently Protected Credentials in Requests", "url": "https://osv.dev/vulnerability/GHSA-x84v-xcm2-53pg" }, { "cvss_score": null, "id": "PYSEC-2018-28", "severity": null, "summary": "", "url": "https://osv.dev/vulnerability/PYSEC-2018-28" }, { "cvss_score": null, "id": "PYSEC-2023-74", "severity": null, "summary": "", "url": "https://osv.dev/vulnerability/PYSEC-2023-74" } ], "vulnerable": true }, "isError": false } }
lookup
Look up a package by name and optional version specifier to find which versions are available and whether they have known vulnerabilities. Supports specifiers such as "requests", "numpy>=2.0", or "flask==3.0.0".
Parameters
dep_specs— package name or version specifiercvss_threshold— filter to vulnerabilities at or above this CVSS score (0–10)max_observed_score— return only the highest CVSS score per version rather than all individual vulnerabilitiescount— limit the number of recent versions checkedretain_passing— include versions with no known vulnerabilities in the results
{ "jsonrpc": "2.0", "method": "tools/call", "id": 2, "params": { "name": "lookup", "arguments": { "name": "requests>=2.32.0", "retain_passing": true } } }
{ "jsonrpc": "2.0", "id": 2, "result": { "content": [], "structuredContent": { "package": "requests", "versions": [ { "version": "2.32.0", "vulnerabilities": [ { "cvss_score": 5.3, "id": "GHSA-9hjg-9r4m-mvj7", "severity": "(Medium):", "summary": "Requests vulnerable to .netrc credentials leak via malicious URLs", "url": "https://osv.dev/vulnerability/GHSA-9hjg-9r4m-mvj7" } ], "vulnerable": true }, { "version": "2.32.1", "vulnerabilities": [ { "cvss_score": 5.3, "id": "GHSA-9hjg-9r4m-mvj7", "severity": "(Medium):", "summary": "Requests vulnerable to .netrc credentials leak via malicious URLs", "url": "https://osv.dev/vulnerability/GHSA-9hjg-9r4m-mvj7" } ], "vulnerable": true }, { "version": "2.32.2", "vulnerabilities": [ { "cvss_score": 5.3, "id": "GHSA-9hjg-9r4m-mvj7", "severity": "(Medium):", "summary": "Requests vulnerable to .netrc credentials leak via malicious URLs", "url": "https://osv.dev/vulnerability/GHSA-9hjg-9r4m-mvj7" } ], "vulnerable": true }, { "version": "2.32.3", "vulnerabilities": [ { "cvss_score": 5.3, "id": "GHSA-9hjg-9r4m-mvj7", "severity": "(Medium):", "summary": "Requests vulnerable to .netrc credentials leak via malicious URLs", "url": "https://osv.dev/vulnerability/GHSA-9hjg-9r4m-mvj7" } ], "vulnerable": true }, { "version": "2.32.4", "vulnerabilities": [], "vulnerable": false }, { "version": "2.32.5", "vulnerabilities": [], "vulnerable": false } ] }, "isError": false } }
Máy chủ liên quan
Scout Monitoring MCP
nhà tài trợPut performance and error data directly in the hands of your AI assistant.
Alpha Vantage MCP Server
nhà tài trợAccess financial market data: realtime & historical stock, ETF, options, forex, crypto, commodities, fundamentals, technical indicators, & more
Lassare
Your AI coding agent asks you questions and requests approvals via Slack — so you can respond from your phone, while AFK
Remote MCP Server (Authless)
An authentication-free remote MCP server deployable on Cloudflare Workers.
MCP JS Debugger
Debug JavaScript and TypeScript applications through the Chrome DevTools Protocol with full source map support.
Revit MCP
Interact with Autodesk Revit using the MCP protocol. This server provides AI tools and requires the corresponding Revit plugin to function.
xpay✦
1000+ AI tools as MCP servers — finance, lead gen, web scraping, dev tools, media, research, competitive intel, social media, and more. 80+ providers in one endpoint. Starts at $0.01/call. Get your API key at app.xpay.sh or xpay.tools
GPT Image 1
Generate high-quality AI images with OpenAI's GPT-Image-1 model and save them directly to your local machine.
Perf MCP
Fact-check and fix AI outputs — hallucination detection, schema validation, and auto-repair.
P4 MCP Server
Perforce P4MCP Server is a Model Context Protocol (MCP) server that integrates with the Perforce P4 version control system.
ICP MCP
A developer-friendly and type-safe TypeScript SDK for the ICP MCP API.
analyze-coverage-mcp
MCP server that bridges LCOV coverage reports to AI agents.