Labsco
fetter-io logo

Fetter MCP

โ˜… 1

from fetter-io

Get the most-recent Python package without vulnerabilities, and more.

๐Ÿ”ฅ๐Ÿ”ฅ๐Ÿ”ฅ๐Ÿ”ฅโœ“ VerifiedFreeQuick setup

Fetter MCP

Fetter provides a remote Model Context Protocol (MCP) server at https://mcp.fetter.io/mcp that gives AI coding agents real-time access to Python package vulnerability data. Built on fetter, it queries PyPI and OSV to surface known CVEs, CVSS scores, and safe versions so your agent can make informed dependency decisions as it writes code.

Tools:

  • most_recent_not_vulnerable: find the latest release of a package that is free of known vulnerabilities
  • is_vulnerable: check whether a specific pinned version has known CVEs
  • lookup: find available versions and their vulnerabilities for any package or specifier

most_recent_not_vulnerable

Find the most recent version of a package that has no known vulnerabilities. Provide only a package name and the server will search recent releases for a safe version. Useful when pinning a dependency to the latest clean release.

Parameters

  • package_name โ€” package name only (no version specifier), e.g. "requests"

Example Request

{
  "jsonrpc": "2.0",
  "method": "tools/call",
  "id": 2,
  "params": {
    "name": "most_recent_not_vulnerable",
    "arguments": {
      "name": "cryptography"
    }
  }
}

Example Response:

{
  "jsonrpc": "2.0",
  "id": 2,
  "result": {
    "content": [],
    "structuredContent": {
      "package": "cryptography",
      "version": "46.0.5",
      "vulnerabilities": [],
      "vulnerable": false
    },
    "isError": false
  }
}

is_vulnerable

Check if a specific package version has known vulnerabilities. Requires an exact version specifier. Returns vulnerability IDs, summaries, CVSS scores, severity ratings, and reference URLs.

Parameters

  • dep_spec โ€” exact version specifier, e.g. "requests==2.31.0"

Example Request

{
  "jsonrpc": "2.0",
  "method": "tools/call",
  "id": 2,
  "params": {
    "name": "is_vulnerable",
    "arguments": {
      "name": "requests==2.19.1"
    }
  }
}

Example Response:

{
  "jsonrpc": "2.0",
  "id": 2,
  "result": {
    "content": [],
    "structuredContent": {
      "package": "requests",
      "version": "2.19.1",
      "vulnerabilities": [
        {
          "cvss_score": 5.3,
          "id": "GHSA-9hjg-9r4m-mvj7",
          "severity": "(Medium):",
          "summary": "Requests vulnerable to .netrc credentials leak via malicious URLs",
          "url": "https://osv.dev/vulnerability/GHSA-9hjg-9r4m-mvj7"
        },
        {
          "cvss_score": 5.6,
          "id": "GHSA-9wx4-h78v-vm56",
          "severity": "(Medium):",
          "summary": "Requests Session object does not verify requests after making first request with verify=False",
          "url": "https://osv.dev/vulnerability/GHSA-9wx4-h78v-vm56"
        },
        {
          "cvss_score": 6.1,
          "id": "GHSA-j8r2-6x86-q33q",
          "severity": "(Medium):",
          "summary": "Unintended leak of Proxy-Authorization header in requests",
          "url": "https://osv.dev/vulnerability/GHSA-j8r2-6x86-q33q"
        },
        {
          "cvss_score": 7.5,
          "id": "GHSA-x84v-xcm2-53pg",
          "severity": "(High):",
          "summary": "Insufficiently Protected Credentials in Requests",
          "url": "https://osv.dev/vulnerability/GHSA-x84v-xcm2-53pg"
        },
        {
          "cvss_score": null,
          "id": "PYSEC-2018-28",
          "severity": null,
          "summary": "",
          "url": "https://osv.dev/vulnerability/PYSEC-2018-28"
        },
        {
          "cvss_score": null,
          "id": "PYSEC-2023-74",
          "severity": null,
          "summary": "",
          "url": "https://osv.dev/vulnerability/PYSEC-2023-74"
        }
      ],
      "vulnerable": true
    },
    "isError": false
  }
}

lookup

Look up a package by name and optional version specifier to find which versions are available and whether they have known vulnerabilities. Supports specifiers such as "requests", "numpy>=2.0", or "flask==3.0.0".

Parameters

  • dep_specs โ€” package name or version specifier
  • cvss_threshold โ€” filter to vulnerabilities at or above this CVSS score (0โ€“10)
  • max_observed_score โ€” return only the highest CVSS score per version rather than all individual vulnerabilities
  • count โ€” limit the number of recent versions checked
  • retain_passing โ€” include versions with no known vulnerabilities in the results

Example Request

{
  "jsonrpc": "2.0",
  "method": "tools/call",
  "id": 2,
  "params": {
    "name": "lookup",
    "arguments": {
      "name": "requests>=2.32.0",
      "retain_passing": true
    }
  }
}

Example Response:

{
  "jsonrpc": "2.0",
  "id": 2,
  "result": {
    "content": [],
    "structuredContent": {
      "package": "requests",
      "versions": [
        {
          "version": "2.32.0",
          "vulnerabilities": [
            {
              "cvss_score": 5.3,
              "id": "GHSA-9hjg-9r4m-mvj7",
              "severity": "(Medium):",
              "summary": "Requests vulnerable to .netrc credentials leak via malicious URLs",
              "url": "https://osv.dev/vulnerability/GHSA-9hjg-9r4m-mvj7"
            }
          ],
          "vulnerable": true
        },
        {
          "version": "2.32.1",
          "vulnerabilities": [
            {
              "cvss_score": 5.3,
              "id": "GHSA-9hjg-9r4m-mvj7",
              "severity": "(Medium):",
              "summary": "Requests vulnerable to .netrc credentials leak via malicious URLs",
              "url": "https://osv.dev/vulnerability/GHSA-9hjg-9r4m-mvj7"
            }
          ],
          "vulnerable": true
        },
        {
          "version": "2.32.2",
          "vulnerabilities": [
            {
              "cvss_score": 5.3,
              "id": "GHSA-9hjg-9r4m-mvj7",
              "severity": "(Medium):",
              "summary": "Requests vulnerable to .netrc credentials leak via malicious URLs",
              "url": "https://osv.dev/vulnerability/GHSA-9hjg-9r4m-mvj7"
            }
          ],
          "vulnerable": true
        },
        {
          "version": "2.32.3",
          "vulnerabilities": [
            {
              "cvss_score": 5.3,
              "id": "GHSA-9hjg-9r4m-mvj7",
              "severity": "(Medium):",
              "summary": "Requests vulnerable to .netrc credentials leak via malicious URLs",
              "url": "https://osv.dev/vulnerability/GHSA-9hjg-9r4m-mvj7"
            }
          ],
          "vulnerable": true
        },
        {
          "version": "2.32.4",
          "vulnerabilities": [],
          "vulnerable": false
        },
        {
          "version": "2.32.5",
          "vulnerabilities": [],
          "vulnerable": false
        }
      ]
    },
    "isError": false
  }
}