Hi, we scanned opik-mcp through AgentSeal -- 7-stage pipeline: sandbox install, 16 static analyzers, live adversarial probing, AI semantic analysis, cross-tool review, FP filtering, and scoring.
Scored 93.2/100 (SAFE). 10 tools for Opik LLM observability data. One finding worth noting:
Trace retrieval tools (get-trace-by-id, list-traces) return full LLM conversation inputs and outputs. If an agent is connected to a shared Opik workspace, a manipulated agent could harvest conversation history from other users' traces. Adding a readOnlyHint annotation and documenting the data sensitivity in tool descriptions would help hosts make informed decisions about access.
Full report: https://agentseal.org/mcp/https-githubcom-comet-ml-opik-mcp
Badge for your README if you want it:
[](https://agentseal.org/mcp/https-githubcom-comet-ml-opik-mcp)
If anything looks off or is a false positive, let us know.
Hi, we scanned opik-mcp through AgentSeal -- 7-stage pipeline: sandbox install, 16 static analyzers, live adversarial probing, AI semantic analysis, cross-tool review, FP filtering, and scoring.
Scored 93.2/100 (SAFE). 10 tools for Opik LLM observability data. One finding worth noting:
Trace retrieval tools (
get-trace-by-id,list-traces) return full LLM conversation inputs and outputs. If an agent is connected to a shared Opik workspace, a manipulated agent could harvest conversation history from other users' traces. Adding areadOnlyHintannotation and documenting the data sensitivity in tool descriptions would help hosts make informed decisions about access.Full report: https://agentseal.org/mcp/https-githubcom-comet-ml-opik-mcp
Badge for your README if you want it:
If anything looks off or is a false positive, let us know.