Skip to content

Add MseeP.ai badge#4

Open
mseep-ai wants to merge 1 commit into
lucaperret:mainfrom
mseep-ai:add-mseep-badge
Open

Add MseeP.ai badge#4
mseep-ai wants to merge 1 commit into
lucaperret:mainfrom
mseep-ai:add-mseep-badge

Conversation

@mseep-ai

@mseep-ai mseep-ai commented Jul 7, 2026

Copy link
Copy Markdown

Hi there,

This pull request shares a security update on tidal-cli.

We also have an entry for tidal-cli in our directory, MseeP.ai, where we provide regular security and trust updates on your app.

We invite you to add our badge for your MCP server to your README to help your users learn from a third party that provides ongoing validation of tidal-cli.

You can easily take control over your listing for free: visit it at https://mseep.ai/app/lucaperret-tidal-cli.

Thanks,

The MseeP Team
MCP servers you can trust


MseeP.ai Security Assessment Badge

Here are our latest evaluation results of tidal-cli

Security Scan Results

Security Score: 66/100

Risk Level: high

Scan Date: 2026-07-07

Score starts at 100, deducts points for security issues, and adds points for security best practices

Detected Vulnerabilities

Medium Severity

  • ip-address

    • [{'source': 1118827, 'name': 'ip-address', 'dependency': 'ip-address', 'title': 'ip-address has XSS in Address6 HTML-emitting methods', 'url': 'https://github.com/advisories/GHSA-v2v4-37r5-5v8g', 'severity': 'moderate', 'cwe': ['CWE-79'], 'cvss': {'score': 0, 'vectorString': None}, 'range': '<=10.1.0'}]
    • Fixed in version: unknown
  • express-rate-limit

    • ['ip-address']
    • Fixed in version: unknown
  • qs

    • [{'source': 1119502, 'name': 'qs', 'dependency': 'qs', 'title': 'qs has a remotely triggerable DoS: qs.stringify crashes with TypeError on null/undefined entries in comma-format arrays when encodeValuesOnly is set', 'url': 'https://github.com/advisories/GHSA-q8mj-m7cp-5q26', 'severity': 'moderate', 'cwe': ['CWE-476'], 'cvss': {'score': 5.3, 'vectorString': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L'}, 'range': '>=6.11.1 <=6.15.1'}]
    • Fixed in version: unknown
  • ... and 3 more medium severity vulnerabilities

Security Findings

Medium Severity Issues

  • semgrep: Use of child_process.exec() with dynamic input detected. This can lead to command injection.

    • Location: src/auth.ts
    • Line: 55
  • semgrep: Use of child_process.exec() with dynamic input detected. This can lead to command injection.

    • Location: src/playback.ts
    • Line: 293

This security assessment was conducted by MseeP.ai, an independent security validation service for MCP servers. Visit our website to learn more about our security reviews.

@vercel

vercel Bot commented Jul 7, 2026

Copy link
Copy Markdown

@mseep-ai is attempting to deploy a commit to the Luca Perret's projects Team on Vercel.

A member of the Team first needs to authorize it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant