Trust Engine/MCP Server

whdrnr2583-cmd/token-meter

No description provided on GitHub.

0 starsTypeScriptMIT
REVIEWED82/100

Scanned 2026-06-22 · deepseek v1

Dimension breakdown

Security

72/100

5 findings

Quality

82/100

No findings

License

85/100

No findings

Completeness

92/100

No findings

Findings (5)

HIGH: 1MEDIUM: 2LOW: 1INFO: 1
  • HIGHsecurityPotential SQL injection via string concatenation in stats.ts
  • MEDIUMsecurityUnvalidated session_id in session_tools MCP tool
  • MEDIUMsecurityRelative path in readFileSync for version detection
  • LOWsecurityNo input validation for period and scope in MCP tools
  • INFOsecurityDependency on better-sqlite3 with synchronous API

Detailed file:line citations + recommended fixes are visible to the maintainer of this repo after claiming the listing.

Maintainer of this repo?

Claim this listing in 30 seconds with GitHub OAuth. You'll see detailed findings, get notified about matched bounties, and can trigger re-scans on demand.

Claim listing

Embed the badge.

Drop it into your README. Every view backlinks to this verification page.

Trust badge — flat styleTrust badge — for-the-badge style

Markdown

[![Archimedes Trust](https://archimedes.market/api/badge/whdrnr2583-cmd/token-meter.svg)](https://archimedes.market/r/whdrnr2583-cmd/token-meter)

HTML

<a href="https://archimedes.market/r/whdrnr2583-cmd/token-meter"><img src="https://archimedes.market/api/badge/whdrnr2583-cmd/token-meter.svg" alt="Archimedes Trust Verified"/></a>
whdrnr2583-cmd/token-meter — Archimedes Trust | Archimedes