$ timeahead_
/mcp/blog/about
← mcp scores
0
@considered/harmful
npmnpm ↗dev-tools

Most MCP servers suggest using npx -y as the recommended way to install a server. This downloads and executes arbitrary scripts from the internet. This is grossly insecure and I think the MCP authors sh

install
add to your claude desktop / cursor / windsurf mcp config:
{
  "mcpServers": {
    "consideredharmful": {
      "command": "npx",
      "args": [
        "-y",
        "@considered/harmful"
      ]
    }
  }
}
per-client install guide (claude desktop · cursor · windsurf · vscode · claude code) →
score breakdown
security (35%)0
freshness (25%)0
adoption (20%)0
quality (10%)0
trust (10%)0
raw data
weekly downloads20
github stars0
forks0
open issues0
license✓ present
readme length0 chars
last updated3h ago
score drop alerts
get notified by email when this server's score drops 5+ points