Decode VINs and look up recalls, complaints, ratings, and investigations.
This MCP tool is listed in the official registry and is open source, with a stated purpose consistent with vehicle safety data lookups; no clear high-risk red flags are evident. The main exposure appears limited to typical MCP tool behavior: local execution, access to the declared remote endpoint, and reduced auditability due to sparse source documentation.
The materials only show MCP_LOG_LEVEL, which is typically a log-level setting rather than a sensitive credential; no API key, OAuth token, or other high-sensitivity secret is indicated, so credential abuse risk appears low.
The tool connects to the remote endpoint nhtsa.caseyjhand.com to perform VIN decoding, recall, and safety-data lookups; this is normal for its stated functionality, but query contents may be sent to that endpoint, so its privacy handling and actual backend ownership should still be verified.
System checks indicate that this tool executes code or starts a local process, which is a common MCP tool behavior. The available materials do not show requests for unusual system privileges or clearly unrelated high-risk operations.
The description and materials do not specify its exact file read/write scope, so local data-access boundaries are not fully transparent. Based on available facts, it appears to have only typical MCP data-handling capabilities, with no clear evidence of overbroad access, but it should still be run with least privilege.
Positive factors include official registry listing, an auditable open-source repository, and updates within the last year, all of which reduce supply-chain risk. Points to watch are the missing README, undeclared license, and very low community adoption (0 stars), which weaken auditability and maturity signals but are not enough on their own to make it high risk.
Copy the install command and let the AI configure it · recommended for beginners
Please install the "io.github.cyanheads/nhtsa-vehicle-safety-mcp-server" MCP server from askskill: Run: claude mcp add 'io-github-cyanheads-nhtsa-vehicle-safety-mcp-server' -- npx -y @cyanheads/nhtsa-vehicle-safety-mcp-server
Query U.S. vehicle catalog data, including makes, models, and VIN decoding.
Check product recall risk scores and active official recall notices.
Search and audit NIST vulnerability data using keywords and risk filters.
Search US product recalls to find hazards, remedies, and affected items.
Access structured vehicle data for models, issues, manuals, and comparisons.
Search vehicle inventory, dealers, deals, and automotive market data with AI.