SkillTotal

Is Oxylabs MCP server safe?

oxylabs-mcp is an AI python_package analyzed by SkillTotal's deterministic static scanner. The scan found no malicious indicators, though 2 risky constructs are reported for review. It can: mcp tools detected and network egress — capabilities are what the code can do, not a verdict on intent. Risk score 0/100 (low).

oxylabs-mcp 0.8.1

python_package · https://github.com/oxylabs/oxylabs-mcp
LOW
0
/ 100 malicious-risk
Snapshot · scanned Jun 20, 2026 · oxylabs-mcp@0.8.1 · engine 0.18.0 / ruleset 19
No malicious indicators - review capabilities before installing
Notable — review in context (capabilities are not malware):
  • Python network egress
  • MCP tool surface detected

No malicious indicators found by static analysis.

Capabilities — what this component can do (not a risk score):
mcp tools detectednetwork egress

Findings (2)

MEDIUMPython network egressST-NET-PY

The component makes outbound network requests.

src/oxylabs_mcp/utils.py:12-18 
from httpx import (
    AsyncClient,
    BasicAuth,
    HTTPStatusError,
    RequestError,
    Timeout,
)
src/oxylabs_mcp/utils.py:211-211 
auth = BasicAuth(username=username, password=password)
src/oxylabs_mcp/utils.py:213-218 
async with AsyncClient(
        timeout=Timeout(settings.OXYLABS_REQUEST_TIMEOUT_S),
        verify=True,
        headers=headers,
        auth=auth,
    ) as client:
src/oxylabs_mcp/utils.py:214-214 
timeout=Timeout(settings.OXYLABS_REQUEST_TIMEOUT_S),

Why it matters: Usually legitimate, but confirm the destinations are expected and no sensitive data leaves.

Fix: Confirm the destination hosts are expected and that no sensitive data is sent off-host.

LOWMCP tool surface detectedST-MCP-DETECTED

An MCP tool surface (manifest or tool definitions) was found.

server.json:1-1 
{
src/oxylabs_mcp/tools/ai_studio.py:32-32 
mcp = FastMCP("ai_studio")
src/oxylabs_mcp/tools/ai_studio.py:35-35 
@mcp.tool(annotations=ToolAnnotations(readOnlyHint=True))
src/oxylabs_mcp/tools/ai_studio.py:107-107 
@mcp.tool(annotations=ToolAnnotations(readOnlyHint=True))
src/oxylabs_mcp/tools/ai_studio.py:166-166 
@mcp.tool(annotations=ToolAnnotations(readOnlyHint=True))
src/oxylabs_mcp/tools/ai_studio.py:219-219 
@mcp.tool(annotations=ToolAnnotations(readOnlyHint=True))
src/oxylabs_mcp/tools/ai_studio.py:264-264 
@mcp.tool(annotations=ToolAnnotations(readOnlyHint=True))
src/oxylabs_mcp/tools/ai_studio.py:285-285 
@mcp.tool(annotations=ToolAnnotations(readOnlyHint=True))
src/oxylabs_mcp/tools/scraper.py:21-21 
mcp = FastMCP("scraper")
src/oxylabs_mcp/tools/scraper.py:24-24 
@mcp.tool(annotations=ToolAnnotations(readOnlyHint=True))
src/oxylabs_mcp/tools/scraper.py:55-55 
@mcp.tool(annotations=ToolAnnotations(readOnlyHint=True))
src/oxylabs_mcp/tools/scraper.py:110-110 
@mcp.tool(annotations=ToolAnnotations(readOnlyHint=True))
src/oxylabs_mcp/tools/scraper.py:170-170 
@mcp.tool(annotations=ToolAnnotations(readOnlyHint=True))

Why it matters: Just context — review which tools it offers and their permissions.

Fix: Review the declared MCP tools and their permissions.

Check your own component

Run the same evidence-backed scan on any MCP server, agent skill, or package.

Scan your own component

Or get notified if this component's risk changes:

How we determine this: deterministic static analysis (regex + AST), evidence-anchored, no code execution. Methodology →