MCP Server△ Evaluated

mcp-server-fetch

Provides HTTP fetch capabilities for making web requests and retrieving data from external APIs and websites.

/ 80 · Grade F

Maturity: Initial

“I need to fetch data from external websites, APIs, or web services within my application workflow.”

networkingdata accessweb servicesintegration

Publisher: Model Context Protocol a Series of LF Projects, LLC.Version: 0.6.2Certified: Mar 16, 2026Expires: Mar 16, 2027Source ↗

Trust Score Breakdown

Eight weighted signals composing the aggregate trust score

security scan

100% × 15w

15.0

supply chain

100% × 10w

10.0

behavioral pass

0% × 20w

0.0

contract accuracy

0% × 15w

0.0

adversarial

0% × 5w

0.0

consumer confirm

0% × 20w

0.0

provenance

70% × 10w

7.0

uptime

100% × 5w

5.0

Scheme v1.1 · Weights provisional · Consumer confirmations and uptime use pipeline-derived baselines.

Pipeline Completion

Stages executed during verification

stage1-ingest✓ completed

stage2a-sbom✓ completed

stage2b-security✓ completed

stage3a-functional✓ completed

stage3b-adversarial✕ failed

stage3c-fingerprint✓ completed

Supply Chain

SBOM analysis and vulnerability assessment

Components

Direct deps

Transitive deps

Total vulns

Vulnerability breakdown

critical: 0high: 8medium: 0low: 7

Format: CycloneDX 1.5 · Generated: Mar 16, 2026

Security Scan

Cisco MCP Scanner — static and behavioral analysis

cisco-mcp-scannerSAFE

yarallmreadiness

critical: 0high: 0medium: 0low: 0informational: 0

Live scan: error · 0 findings · 15541ms

Code scan: completed · 0 findings · 10030ms

Adversarial Testing

Structured attack patterns from the Fidensa adversarial taxonomy

Categories tested

Findings

Methodology

v1.0

No adversarial findings — all attack patterns handled gracefully.

Behavioral Fingerprint

Runtime performance baseline for drift detection

Samples

Error rate

NaN%

Peak memory

— MB

Avg CPU

—%

Fingerprint v1.0 · Baseline: — · Status: no_baseline

Interface

Enumerated tools, resources, and prompts

Transport: stdio

Review Flags

4 flags · 0 blocking

highpipelinestage3b-adversarial

Stage "stage3b-adversarial" failed during pipeline execution — verify stage output data is complete and valid

highcontentstage4-assembler

Behavioral guarantees (given/then/edge_cases) not populated — requires human input. The pipeline tested behavior but cannot declare what the capability promises.

mediumcontentstage4-assembler

Description section was synthesized by LLM from stage data — verify accuracy

mediumpublisherstage1-ingest

Publisher "Model Context Protocol a Series of LF Projects, LLC." is not verified — first certification from this publisher

Signed Artifact

Certification provenance and verification metadata

Content hashsha256:69cf4a42d7ebf2c315ca4516474d04ce1d13cfa580d87dec299738846a31ea10

Key IDplatform-key-2026-03

CertifiedMar 16, 2026

ExpiresMar 16, 2027

Pipeline version1.0

Statusvalid

attestation API →badge →

Pipeline Artifacts

Raw data files from this certification run — downloadable for independent verification

contract.json

Full unsigned contract

↓

stage1-ingest.json

Ingest stage output

↓

stage2a-sbom.json

SBOM generation results

↓

stage2a-vulns.json

Vulnerability scan results

↓

stage2b-security.json

Security scan results

↓

stage3a-functional.json

Functional test results

↓

stage3b-adversarial.json

Adversarial test results

↓

stage3c-fingerprint.json

Behavioral fingerprint

↓

stage4-certify.json

Certification decision + trust score

↓

stage3a-measurements.json

Raw functional test measurements

↓

stage3b-measurements.json

Raw adversarial test measurements

↓

run-log.json

Pipeline execution log

↓

Files served from Supabase Storage. Not all files may be present for every certification.