Add MseeP.ai badge

[lwsinclair]

Hi there,

This pull request shares a security update on app-store-connect-mcp-server.

We also have an entry for app-store-connect-mcp-server in our directory, MseeP.ai, where we provide regular security and trust updates on your app.

We invite you to add our badge for your MCP server to your README to help your users learn from a third party that provides ongoing validation of app-store-connect-mcp-server.

You can easily take control over your listing for free: visit it at https://mseep.ai/app/joshuarileydev-app-store-connect-mcp-server.

Yours Sincerely,

Lawrence W. Sinclair
CEO/SkyDeck AI
Founder of MseeP.ai
MCP servers you can trust

---

Here are our latest evaluation results of app-store-connect-mcp-server

Security Scan Results

Security Score: 60/100

Risk Level: high

Scan Date: 2025-06-13

Score starts at 100, deducts points for security issues, and adds points for security best practices

Detected Vulnerabilities

Medium Severity

• axios

  • [{'source': 1103618, 'name': 'axios', 'dependency': 'axios', 'title': 'axios Requests Vulnerable To Possible SSRF and Credential Leakage via Absolute URL', 'url': 'https://github.com/advisories/GHSA-jr5f-v2jv-69x6', 'severity': 'high', 'cwe': ['CWE-918'], 'cvss': {'score': 0, 'vectorString': None}, 'range': '>=1.0.0 <1.8.2'}]
  • Fixed in version: unknown

• tar-fs

  • [{'source': 1104676, 'name': 'tar-fs', 'dependency': 'tar-fs', 'title': 'tar-fs Vulnerable to Link Following and Path Traversal via Extracting a Crafted tar File', 'url': 'https://github.com/advisories/GHSA-pq67-2wwv-3xjx', 'severity': 'high', 'cwe': ['CWE-22'], 'cvss': {'score': 7.5, 'vectorString': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N'}, 'range': '>=3.0.0 <3.0.7'}, {'source': 1104677, 'name': 'tar-fs', 'dependency': 'tar-fs', 'title': 'tar-fs Vulnerable to Link Following and Path Traversal via Extracting a Crafted tar File', 'url': 'https://github.com/advisories/GHSA-pq67-2wwv-3xjx', 'severity': 'high', 'cwe': ['CWE-22'], 'cvss': {'score': 7.5, 'vectorString': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N'}, 'range': '>=2.0.0 <2.1.2'}, {'source': 1105196, 'name': 'tar-fs', 'dependency': 'tar-fs', 'title': 'tar-fs can extract outside the specified dir with a specific tarball', 'url': 'https://github.com/advisories/GHSA-8cj5-5rvv-wf4v', 'severity': 'high', 'cwe': ['CWE-22'], 'cvss': {'score': 0, 'vectorString': None}, 'range': '>=3.0.0 <3.0.9'}, {'source': 1105197, 'name': 'tar-fs', 'dependency': 'tar-fs', 'title': 'tar-fs can extract outside the specified dir with a specific tarball', 'url': 'https://github.com/advisories/GHSA-8cj5-5rvv-wf4v', 'severity': 'high', 'cwe': ['CWE-22'], 'cvss': {'score': 0, 'vectorString': None}, 'range': '>=2.0.0 <2.1.3'}]
  • Fixed in version: unknown

• brace-expansion

  • [{'source': 1105443, 'name': 'brace-expansion', 'dependency': 'brace-expansion', 'title': 'brace-expansion Regular Expression Denial of Service vulnerability', 'url': 'https://github.com/advisories/GHSA-v6h2-p8h4-qcjw', 'severity': 'low', 'cwe': ['CWE-400'], 'cvss': {'score': 3.1, 'vectorString': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L'}, 'range': '>=1.0.0 <=1.1.11'}]
  • Fixed in version: unknown

Security Findings

Medium Severity Issues

• semgrep: Use of child_process.exec() with dynamic input detected. This can lead to command injection.

  • Location: node_modules/detect-libc/lib/detect-libc.js
  • Line: 19

• semgrep: Use of child_process.exec() with dynamic input detected. This can lead to command injection.

  • Location: node_modules/shelljs/src/exec-child.js
  • Line: 19

• ... and 4 more medium severity issues

This security assessment was conducted by MseeP.ai, an independent security validation service for MCP servers. Visit our website to learn more about our security reviews.