AgentRank

Google PageRank for AI agents. 25,000+ tools indexed.

chub-supply-chain-poc MCP Server

mickmicksh/chub-supply-chain-poc

Score: 55.1 Rank #22 MCP Server
Are you the maintainer of mickmicksh/chub-supply-chain-poc? Claim this listing →

Silent dependency injection through AI documentation pipelines. 240 isolated Docker runs proving Context Hub's zero-sanitization MCP server lets poisoned docs compromise developer projects without warning.

Add AgentRank to Claude Code Discover and compare tools like mickmicksh/chub-supply-chain-poc — your AI finds the right one automatically
Get API Access →
claude mcp add agentrank -- npx -y agentrank-mcp-server

Overview

mickmicksh/chub-supply-chain-poc is a Python MCP server licensed under MIT. Silent dependency injection through AI documentation pipelines. 240 isolated Docker runs proving Context Hub's zero-sanitization MCP server lets poisoned docs compromise developer projects without warning. Topics: prompt-injection, security-research, supply-chain-security, prompt-injection-defense, ai-agents, claude, llm-security, mcp, owasp, vulnerability-disclosure.

Ranked #22 out of 124 indexed tools.

Actively maintained with commits in the last week.

Ecosystem

Python MIT
prompt-injectionsecurity-researchsupply-chain-securityprompt-injection-defenseai-agentsclaudellm-securitymcpowaspvulnerability-disclosure

Score Breakdown

StarsFreshnessIssue HealthContributorsDependents
Stars 15% 1

1 stars → early stage

Freshness 25% today

Last commit today → actively maintained

Issue Health 25% 50%

No issues filed → no history to score

Contributors 10% 1

1 contributor → solo project

Dependents 25% 0

No dependents → no downstream usage

npm Downloads N/A
PyPI Downloads N/A
Forks 0
Description Detailed
License MIT

Weights: Freshness 25% · Issue Health 25% · Dependents 25% · Stars 15% · Contributors 10% · How we score →

How to Improve

Contributors medium impact

Single-contributor projects carry bus-factor risk — welcoming contributors boosts confidence

Dependents medium impact

No downstream dependents detected yet — adoption by other projects is the strongest trust signal

Badge all embed codes →

AgentRank score for mickmicksh/chub-supply-chain-poc
[![AgentRank](https://agentrank-ai.com/api/badge/tool/mickmicksh--chub-supply-chain-poc)](https://agentrank-ai.com/tool/mickmicksh--chub-supply-chain-poc/?utm_source=badge&utm_medium=readme&utm_campaign=agentrank_badge)
<a href="https://agentrank-ai.com/tool/mickmicksh--chub-supply-chain-poc/?utm_source=badge&utm_medium=readme&utm_campaign=agentrank_badge"><img src="https://agentrank-ai.com/api/badge/tool/mickmicksh--chub-supply-chain-poc" alt="AgentRank"></a>

Embed Widget docs →

Embed a rich score widget on your site or blog.

<script src="https://agentrank-ai.com/embed.js" data-tool="mickmicksh/chub-supply-chain-poc"></script>

Details

Stars
1
Forks
0
Open Issues
0
Closed Issues
0
Contributors
1
Dependents
Language
Python
License
MIT
Last Commit
today

Matched Queries

"mcp server""mcp-server"

From the README

<p align="center">

<a href="https://www.npmjs.com/package/@aisuite/chub"></a>
<a href="RESULTS.md"></a>
<a href="REPRODUCE.md"></a>
<a href="LICENSE"></a>
</p>

# Context Hub Supply Chain PoC

**Zero-sanitization vulnerability in [Context Hub](https://github.com/andrewyng/context-hub) (`@aisuite/chub` v0.1.3) enables silent dependency injection through the MCP documentation pipeline.**

**References:** [CWE-94](https://cwe.mitre.org/data/definitions/94.html) (Code Injection) | [CWE-829](https://cwe.mitre.org/data/definitions/829.html) (Untrusted Control Sphere) | [CWE-345](https://cwe.mitre.org/data/definitions/345.html) (Insufficient Verification of Data Authenticity) | [OWASP LLM01](https://genai.owasp.org/llmrisk/llm01-prompt-injection/) (Prompt Injection)

> **Full write-up:** [Stack Overflow for AI Agents Sounds Great - Until Someone Poisons the Well](article.html)

## TL;DR

We created realistic poisoned docs containing fake dependencies (`plaid-link-verify`, `stripe-checkout-gu
Read full README on GitHub →

Similar MCP Server Tools

file-converter-mcp 55.1
★ 1

83-tool file conversion MCP server for AI agents — ilovepdf-style. PDF, images, documents, data, arc…
edgefinder-cli 55.1
★ 1

CLI and MCP server for EdgeFinder sports analysis. Get AI-powered NFL and NBA betting recommendation…
beach-safety-mcp 55.1
★ 1

Comprehensive beach and surf conditions for any beach in the world — rip current risk, waves, swell,…
pipedrive-mcp 55.1
★ 1

Pipedrive CRM server for the Model Context Protocol (MCP). 75 tools covering full CRUD, custom field…
Origin-Pro-MCP 55.1
★ 1

MCP server for controlling OriginLab Origin Pro via COM automation — enables AI assistants to create…
toolradar-mcp 55.1
★ 1

MCP server to search, compare, and recommend software tools. 8,400+ tools with verified pricing, G2/…
Compare chub-supply-chain-poc vs similar tools →
See alternatives to mickmicksh/chub-supply-chain-poc → Browse mcp-server category → Compare mickmicksh/chub-supply-chain-poc → How to Build an MCP Server in 2026 →MCP Server Comparison: Top 10 Head-to-Head →
View on GitHub →

Get the weekly AgentRank digest

Top movers, new tools, ecosystem insights — straight to your inbox.