Access verifiable US public-domain government and scientific data per record.
This MCP tool executes code and connects to a single remote endpoint to fetch data; based on the stated purpose, these are typical tool capabilities and no clear overreach or credential-abuse red flags are evident. The main concerns are the lack of auditable source code, no declared license, and low community adoption, so the overall posture is cautionary.
The materials explicitly state there are no required keys or environment variables, and there is no indication that users must provide API keys or system credentials. The description mentions x402 USDC pay-per-record, but the provided materials do not show any requirement to expose wallet private keys, signing authority, or other sensitive credentials.
The tool connects to the remote endpoint api.osf-master-server.com; for a data-marketplace MCP, user queries or request parameters would typically be sent to that service. The materials do not disclose a more detailed data flow, privacy notice, or whether any other third parties receive data, so the scope of outbound data warrants attention.
The system checks indicate this tool has executes-code capability, meaning it runs code or processes locally. The materials do not describe the exact system capabilities, sandbox boundaries, or least-privilege design, but local execution alone is a standard MCP property and is not, by itself, enough to classify as high risk.
The materials only state that it accesses public-domain government/scientific data; they do not specify which local files, cache paths, or persistence locations may be read or written, and there is no stated request for data permissions beyond the claimed function. Since execution-capable MCPs may inherently touch input data and the local runtime environment, it should be treated as having limited but noteworthy data access unless proven otherwise.
Positive factors include distribution via an official registry and updates within the last year, which help reduce risk; however, the source is not auditable, no license is declared, and community adoption is effectively zero stars, reducing verifiability and external scrutiny. Overall, there is no explicit malicious red flag, but the supply-chain transparency is limited and warrants caution.
Copy the install command and let the AI configure it · recommended for beginners
Please install the "io.github.onefreeman1337/osf-data-marketplace" MCP server from askskill: Run: claude mcp add --transport http 'io-github-onefreeman1337-osf-data-marketplace' 'https://api.osf-master-server.com/mcp'
No documentation provided
Check the source repo for usage and examples.
Access real-world data APIs for AI agents with pay-per-call usage.
Access attested USDC data feeds for AI agents with pay-per-call pricing.
Pay-per-call gateway for AI agents to enrich, read web, and scan repos.
Access public data on CVEs, compliance, patents, contracts, and domains.
Build an automated agent to collect, enrich, and store public data.
Enable AI agents to send messages, read history, and collaborate in public chat.