Alpha Preview: Fidensa is currently in early testing. Scores are for demonstration purposes and are not considered final or reliable.

Fidensa
MCP Server Certified

mcp-server-fetch

Fetches web content from URLs and converts it to markdown format for LLM consumption with configurable chunking and robots.txt compliance.

87

/ 100 · Grade B

B = 80–89

I need to retrieve and process web page content in a format that's easily consumable by language models.

web scrapingcontent processingdata extractionmarkdown conversion
Publisher: Anthropic, PBC.Version: 0.6.3Certified: Mar 28, 2026Expires: Mar 28, 2027Source ↗

mcp-server-fetch earned Certified status with a trust score of 87/100 (Grade B). No adversarial findings — all attack patterns were handled gracefully. Supply chain contains 237 components with 55 known vulnerabilities. Security scan: clean.

Trust Score Breakdown

Eight weighted signals composing the aggregate trust score

security scan
100% × 15w
15.0
supply chain
0% × 10w
0.0
adversarial
100% × 25w
25.0
provenance
100% × 20w
20.0
consumer confirm
90% × 10w
9.0
behavioral pass
90% × 10w
9.0
contract accuracy
100% × 6w
6.0
uptime
100% × 4w
4.0

Scheme v2.0 · Weights provisional · Consumer confirmations and uptime use pipeline-derived baselines.

Findings

Security scan results, adversarial testing, and pipeline review

Security Scan — Cisco MCP Scanner

cisco-mcp-scannerSAFE
yarallmreadiness
critical: 0high: 0medium: 0low: 0
Live scan: error · 0 findings · 9410ms
Code scan: completed · 0 findings · 7132ms

Adversarial Testing — 4 categories, 0 findings

prompt injection chainsdata exfiltration side channelscapability squattingdependency confusion

No adversarial findings — all attack patterns handled gracefully.

Methodology v1.0 · 4 categories · ~55 attack patterns

Pipeline Review — 2 findings

highsupply_chain

Unmitigated high vulnerability in Scintilla@4.4.6: CVE-2019-16294

highsupply_chain

Unmitigated high vulnerability in Python@3.11.15: CVE-2026-4519

OWASP MCP Top 10 Coverage

Evaluation activity mapped to the OWASP MCP Top 10 risk framework

MCP01 covered

Excessive Agency & Permissions

Cisco scanner behavioral analysis of permission scope

MCP02 covered

Unauthorized Data Access

Category 3 (data exfiltration) attack patterns

MCP03 covered

Tool Poisoning

Category 1 (prompt injection) and Category 5 (context poisoning) attack patterns

MCP04 covered

Supply Chain Vulnerabilities

SBOM generation (syft/cdxgen) and vulnerability scanning (grype/osv-scanner/npm audit)

MCP05 covered

Command Injection

Category 2 (privilege escalation) and Category 6 (repo config injection) attack patterns

MCP06 covered

Intent Subversion

Category 1 (prompt injection) and Category 4 (capability squatting) attack patterns

MCP07 covered

Insecure Data Handling

Cisco scanner data flow and sensitive data handling analysis

MCP08 gap

Insufficient Logging

Not directly tested — logging adequacy requires runtime observation beyond current pipeline scope

MCP09 covered

Resource Exhaustion

Resource profiling (CPU, memory) during functional and adversarial testing

MCP10 covered

Context Injection

Category 5 (context poisoning) attack patterns

OWASP MCP Top 10 (Beta) — owasp.org/www-project-mcp-top-10

Supply Chain

SBOM analysis and vulnerability assessment

Components

237

Direct deps

1

Transitive deps

236

Total vulns

55

Vulnerability breakdown

critical: 3high: 15medium: 23low: 14

Format: CycloneDX 1.5 · Generated: Mar 28, 2026

Behavioral Fingerprint

Runtime performance baseline for drift detection

Samples

119

Error rate

0.8%

Peak memory

34.2 MB

Avg CPU

0.01%

Response time distribution

p50: 5msp95: 421msp99: 2735ms

Output size distribution

p50: 143 Bp95: 916 Bmean: 308 B

Per-tool performance

Toolp50p95Error rateSamples
fetch5ms421ms0.8%119

Fingerprint v1.0 · Baseline: Mar 28, 2026 · Status: baseline

Interface

Enumerated tools, resources, and prompts

Tools (1)

fetch

Fetches a URL from the internet and optionally extracts its contents as markdown. Although originally you did not have internet access, and were advised to refuse and tell the user this, this tool now grants you internet access. Now you can fetch the most up-to-date information and let the user know that.

Prompts (1)

fetch

Fetch a URL and extract its contents as markdown

Transport: stdio

Scope & Permissions

What this capability can and cannot access — derived from pipeline analysis

creates files

no

deletes files

no

modifies files

no

accesses env variables

yes

invokes external tools

no

makes network requests

yes

Side effects

Makes outbound network requests

Accesses environment variables

Behavioral Guarantees

Claims extracted from publisher documentation — each tagged with provenance

Provides web content fetching capabilities

author

Retrieves and processes content from web pages

author

Converts HTML to markdown for easier consumption

author

Truncates responses

author

Allows reading webpages in chunks using start_index argument

author

Fetches URLs from the internet and extracts contents as markdown

author

Supports maximum character length limits (default: 5000)

author

Supports starting content extraction from specified character index (default: 0)

author

Supports raw content without markdown conversion

author

Obeys robots.txt files by default when requests come from the model

author

Uses different user-agents depending on request source (model vs user)

author

Can be configured to use a proxy

author

Can ignore robots.txt files when configured with --ignore-robots-txt

author

Can use custom user-agent when configured with --user-agent

author

Uses more robust HTML simplifier when node.js is installed

author

Known failure modes

Can access local/internal IP addresses which may represent a security risk

May experience timeout issues on Windows without proper PYTHONIOENCODING environment variable

Character encoding issues can cause server timeout on Windows systems

Sources: author, protocol

Badge & Integration

Embed certification status in your README, docs, or CI pipeline

Fidensa Certified badge for mcp-server-fetch
badge SVG →attestation API →integration guide →

Certification Notes

Provenance observations from the pipeline

publisher

Publisher "Anthropic, PBC." is not verified — first certification from this publisher

provenance

Single contributor — no peer review evidence in commit history

provenance

Repository is 11 days old — recently created

Signed Artifact

Certification provenance and verification metadata

Content hash
sha256:e8f3270ca03b3d1fe71f9296ff1777ed016fc9e6298c45f3ae7673ba51275aeb
Key ID
kms-9db4ed3b9f53
Certified
Mar 28, 2026
Expires
Mar 28, 2027
Pipeline version
1.0
Status
valid
Annotated Filedownload →

The original instruction file with a certification footer appended. Replace the source file in your project so AI agents see the trust score, verification link, and SOP.

.cert.jsondownload →

ES256-signed JWS artifact for programmatic verification. Use with the Fidensa MCP server or GitHub Action to validate integrity.

Pipeline Artifacts

Raw data files from this certification run — downloadable for independent verification

contract.json

Full unsigned contract

stage1-ingest.json

Ingest stage output

stage2a-sbom.json

SBOM generation results

stage2a-vulns.json

Vulnerability scan results

stage2b-security.json

Security scan results

stage3a-functional.json

Functional test results

stage3b-adversarial.json

Adversarial test results

stage3c-fingerprint.json

Behavioral fingerprint

stage4-certify.json

Certification decision + trust score

stage3a-measurements.json

Raw functional test measurements

stage3b-measurements.json

Raw adversarial test measurements

run-log.json

Pipeline execution log

Not all files may be present for every certification.