Is Context7 MCP server safe?
@upstash/context7-mcp is an AI npm_package analyzed by SkillTotal's deterministic static scanner. The scan found no malicious indicators. It can: no notable capabilities — capabilities are what the code can do, not a verdict on intent. Risk score 0/100 (low).
@upstash/context7-mcp 3.2.2
npm_package · npm:@upstash/context7-mcp
LOW
0
/ 100 malicious-risk
Snapshot · scanned Jun 23, 2026 · @upstash/context7-mcp@3.2.2 · engine 0.18.0 / ruleset 19
No significant risks found
No malicious indicators found by static analysis.
Check your own component
Run the same evidence-backed scan on any MCP server, agent skill, or package.
Scan your own componentOr get notified if this component's risk changes:
How we determine this: deterministic static analysis (regex + AST), evidence-anchored, no code execution. Methodology →