Skip to content
ai-supply.store
DécouvrirCatégoriesClassementsCommunautéAgent APIFAQ
Se connecterInscription gratuite
catalog / Research / Exa MCP Server
◇MCP serverResearchFree

Exa MCP Server

Connects AI assistants to Exa web search, code search, and company/deep research.

@ai-supply
Installations1.4k
↗ Dépôt source
← More ResearchResearch leaderboard →How we grade security →Source ↗

Exa MCP Server

The Exa MCP Server connects AI assistants to Exa's search capabilities through the Model Context Protocol.

It exposes tools for real-time web search, code search, and company/deep research, returning high-quality, relevant results that an agent can use as grounded context. Exa also offers a hosted MCP endpoint for zero-install setup.

It is intended for developers who want to give their agents fast, high-signal web and research search.

Rating rank
#1
of 16 in Research
Install rank
#16
of 16 in Research
Security score
100/100 · A
safe
Security rank
#1
of 16 in Research
Installs
1.4k
cat avg 51k
This listing vs category average
Installs
this
cat avg
Security (of 100)
this
cat avg
Adoption trend
See the Research leaderboard →
✓ Security: Safe · 100100/100 · grade Ascanned 34m ago
✓ no compromise signals16 risk-surface · 10/20 OWASP controls flagged

Only compromise signals — malicious or tampered code (leaked secrets, backdoors, a dropped executable) — reduce the score. Dangerous-by-capability traits are risk surface, expected for some capabilities. Every finding is mapped to the OWASP control it belongs to below.

What this capability can do · high confidence (static)
Tools (12)
agent_cancel_runagent_create_runagent_get_run_outputagent_wait_for_runcompany_research_exadeep_researcher_checkdeep_researcher_startdeep_search_exaget_code_context_exalinkedin_search_exapeople_search_exaweb_search_advanced_exa
⚑ filesystem⚑ network⚑ secrets
egress → docs.exa.ai, mcp.exa.ai, img.shields.io, cursor.com, vscode.dev, badge.fury.io, www.npmjs.com, dashboard.exa.ai +25

Findings mapped to the OWASP Top 10 for LLM Applications (2025) and the OWASP Machine Learning Security Top 10. Expand any flagged control for the exact findings — compromise reduces the score; expected/risk-surface do not.

OWASP Top 10 for LLM Applications
⚠LLM01Prompt Injectionhigh
Adversarial instructions embedded in an artifact that hijack a downstream LLM.
•Prompt-injection phrasing — instruction-subversion language detected · exa-labs-exa-mcp-server-c4b419a/llm_mcp_docs.txt (CWE-77)expected
⚠LLM02Sensitive Information Disclosurehigh
Secrets, credentials or PII shipped inside the artifact.
•Embedded credentials — found: hardcoded credential · exa-labs-exa-mcp-server-c4b419a/tests/unit/api/mcp.test.ts (CWE-798)expected
⚠LLM03Supply Chainhigh
Vulnerable/compromised dependencies, models or archives in the artifact.
•Dependency manifest — 17 npm dependencies declared · exa-labs-exa-mcp-server-c4b419a/package.jsonrisk surface
•Vulnerable dependencies — 51 known vulnerabilities in: @tootallnate/once@2.0.0, ajv@8.6.3, axios@1.15.2, debug@4.1.1, esbuild@0.14.47, esbuild@0.27.7, fast-uri@3.1.0, form-data@4.0.5 (CWE-1395)risk surface
⚠LLM05Improper Output Handlinghigh
Code that pipes model/user output into shell, eval, SQL or paths unsafely.
•Path traversal sequences — '../' present in content or name · exa-labs-exa-mcp-server-c4b419a/api/mcp.ts (CWE-22)risk surface
•Suspicious code patterns — pipe-to-shell install · exa-labs-exa-mcp-server-c4b419a/llm_mcp_docs.txt (CWE-494)risk surface
⚠LLM07System Prompt Leakagehigh
Secrets, internal hosts or proprietary logic exposed in shipped prompts.
•Embedded credentials — found: hardcoded credential · exa-labs-exa-mcp-server-c4b419a/tests/unit/api/mcp.test.ts (CWE-798)expected
⚠LLM06Excessive Agencymedium
Over-broad tool/permission surface or unrestricted egress.
•External endpoints declared — 3 distinct host(s) · exa-labs-exa-mcp-server-c4b419a/.claude-plugin/marketplace.jsonrisk surface
•External endpoints declared — 2 distinct host(s) · exa-labs-exa-mcp-server-c4b419a/.claude-plugin/plugin.jsonrisk surface
•Broad capability surface — 3 high-impact capability categories referenced — verify least-privilege · exa-labs-exa-mcp-server-c4b419a/README.md (CWE-272)risk surface
•External endpoints declared — 12 distinct host(s) · exa-labs-exa-mcp-server-c4b419a/README.mdrisk surface
•External endpoints declared — 1 distinct host(s) · exa-labs-exa-mcp-server-c4b419a/env.examplerisk surface
•Broad capability surface — 5 high-impact capability categories referenced — verify least-privilege · exa-labs-exa-mcp-server-c4b419a/llm_mcp_docs.txt (CWE-272)risk surface
•External endpoints declared — 76 distinct host(s) · exa-labs-exa-mcp-server-c4b419a/llm_mcp_docs.txtrisk surface
•External endpoints declared — 7 distinct host(s) · exa-labs-exa-mcp-server-c4b419a/npm.readme.mdrisk surface
•External endpoints declared — 4 distinct host(s) · exa-labs-exa-mcp-server-c4b419a/tests/unit/api/mcp.test.tsrisk surface
⚠LLM10Unbounded Consumptionmedium
Unbounded loops/recursion causing DoS or runaway cost.
Enforced at runtime by the gateway (rate limits + spend caps + size caps); static check flags unbounded loops.
•Potentially unbounded loop — an infinite loop (while True / while(1) / for(;;)) may cause runaway consumption · exa-labs-exa-mcp-server-c4b419a/llm_mcp_docs.txt (CWE-835)risk surface
§LLM09MisinformationGovernance
Artifacts designed to produce false/deceptive output.
Detectable only by runtime behavioral evaluation; addressed via responsible-use attestation.
✓LLM04Data and Model PoisoningPassed
Backdoors/poisoning in training data or serialized models.
Behavioral poisoning needs model execution; static check covers unsafe serialization + dataset skew only.
✓LLM08Vector and Embedding WeaknessesPassed
PII or plaintext source leakage in embedding/vector exports.
Embedding inversion/poisoning is largely runtime; static check covers PII in vector exports.
OWASP Machine Learning Security Top 10
⚠ML02Data Poisoninghigh
Poisoned training datasets with triggers or anomalous distributions.
Static check covers trigger phrasing, PII and label skew; full poisoning detection is runtime.
•Prompt-injection phrasing — instruction-subversion language detected · exa-labs-exa-mcp-server-c4b419a/llm_mcp_docs.txt (CWE-77)expected
⚠ML06AI Supply Chainhigh
Compromised PyPI/npm packages, typosquats, unsafe serialized models.
•Dependency manifest — 17 npm dependencies declared · exa-labs-exa-mcp-server-c4b419a/package.jsonrisk surface
•Vulnerable dependencies — 51 known vulnerabilities in: @tootallnate/once@2.0.0, ajv@8.6.3, axios@1.15.2, debug@4.1.1, esbuild@0.14.47, esbuild@0.27.7, fast-uri@3.1.0, form-data@4.0.5 (CWE-1395)risk surface
⚠ML09Output Integrityhigh
Middleware tampering with model outputs in transit.
Gateway enforces TLS + response integrity; static check flags output-rewriting code.
•Path traversal sequences — '../' present in content or name · exa-labs-exa-mcp-server-c4b419a/api/mcp.ts (CWE-22)risk surface
•Suspicious code patterns — pipe-to-shell install · exa-labs-exa-mcp-server-c4b419a/llm_mcp_docs.txt (CWE-494)risk surface
§ML01Input Manipulation (Adversarial)Governance
Models vulnerable to adversarial perturbations.
Requires runtime robustness evaluation; addressed via publisher robustness attestation.
§ML03Model InversionGovernance
Training data reconstructable from a model's outputs.
Runtime/evaluation property; addressed via model-card data-provenance + DP attestation.
§ML04Membership InferenceGovernance
Determining whether a record was in the training set.
Runtime/evaluation property; addressed via overfitting disclosure + DP attestation.
§ML08Model SkewingGovernance
Models trained on skewed data producing biased output.
Requires fairness evaluation; addressed via model-card bias/limitations disclosure.
✓ML05Model TheftPassed
Unlicensed re-distribution / license-incompatible derivatives.
Static check verifies license declaration; extraction throttling is runtime.
✓ML07Transfer Learning AttackPassed
Backdoored base models / LoRA adapters propagating to derivatives.
Backdoor detection needs behavioral probing; static check covers unsafe serialization + provenance.
✓ML10Model Poisoning (Weights)Passed
Tampered model weight files; integrity must be verifiable.
Static check enforces safe formats + records a content hash for downstream verification.
Other findings (6) · hygiene / uncategorized
•Unrecognized file type — '.gitignore' is not on the allowlist · exa-labs-exa-mcp-server-c4b419a/.gitignorerisk surface
•Unrecognized file type — '.npmignore' is not on the allowlist · exa-labs-exa-mcp-server-c4b419a/.npmignorerisk surface
•Unrecognized file type — '.vercelignore' is not on the allowlist · exa-labs-exa-mcp-server-c4b419a/.vercelignorerisk surface
•Unrecognized file type — '.?' is not on the allowlist · exa-labs-exa-mcp-server-c4b419a/Dockerfilerisk surface
•Unrecognized file type — '.example' is not on the allowlist · exa-labs-exa-mcp-server-c4b419a/env.examplerisk surface
•Possible obfuscation — very long lines · exa-labs-exa-mcp-server-c4b419a/src/tools/companyResearch.tsrisk surface
✔ verified source · pinned exa-labs-exa-mcp-server-c4b419a · changed since last scan · +egress docs.exa.ai, img.shields.io, cursor.com, vscode.dev, badge.fury.io, www.npmjs.com, lmstudio.ai, files.lmstudio.ai, replit.com, registry.npmjs.org, opencollective.com, dotenvx.com, tidelift.com, www.patreon.com, feross.org, static.modelcontextprotocol.io, source-1.com, source-2.com, subject-website.com, company.com, promising-url-1.com, promising-url-2.com
Check against a policy

The same gate an agent runs before installing (POST /api/v1/trust/exa-mcp-server/check). Click a policy:

Consume Exa MCP Server programmatically. Authenticate with an API key or session — see Authorize an agent.

# Agents: CHECK BEFORE YOU INSTALL (no auth) — score, grade, level, capability manifest
curl https://ai-supply.store/api/v1/trust/exa-mcp-server

# Gate against your org policy (returns { pass, violations })
curl -X POST https://ai-supply.store/api/v1/trust/exa-mcp-server/check \
  -H "Content-Type: application/json" \
  -d '{"minGrade":"B","denyPermissions":["shell"],"denyUnknownEgress":true}'

# CLI
npx ai-supply add exa-mcp-server

# REST (install → download)
curl -X POST https://ai-supply.store/api/v1/listings/exa-mcp-server/install \
  -H "Authorization: Bearer $AIM_KEY"

# MCP tool
install_listing({ "slug": "exa-mcp-server" })
OpenAPI spec →
vlatest
✓ Security: Safe · 1005h ago

Curated mirror — latest upstream source. See the repository for tagged releases.

Sign in and install this listing to leave a review.

More from @ai-supply

View profile →
◉Agent
MetaGPT
Multi-agent framework that assigns GPT roles (PM, engineer, QA) to solve complex software tasks end-to-end.
↓ 1.0M
⇄Connector
vLLM
High-throughput, memory-efficient LLM inference engine with PagedAttention and continuous batching.
↓ 892k
⇄Connector
Meilisearch
Lightning-fast open-source search engine with typo-tolerance, semantic hybrid search, and sub-50ms response times.
↓ 811k
△Eval
Weights & Biases (wandb)
ML experiment tracking and visualization — log metrics, hyperparameters, models, and media in real time.
↓ 784k
ai-supply.store

Des capacités d'IA gratuites et vérifiées pour la sécurité — skills, MCP, plugins, agents, datasets et bien plus, chacune notée et suivie pour rester à jour, et pensée autant pour les humains que pour les agents.

api · v3.1status · all green
Contact
support@ai-supply.storesecurity@ai-supply.store
Catalogue
  • Découvrir
  • Catégories
  • Classements
  • Benchmarks
  • Sécurité
Communauté
  • Communauté
  • FAQ
Pour les agents
  • Démarrage rapide (60s)
  • Autoriser un agent
  • Agent API
  • Spécification OpenAPI
Pour les développeurs
  • Publier
  • Tableau de bord
Compte
  • Créer un compte
  • Se connecter
  • Paramètres
Mentions légales
  • Conditions
  • Accord éditeur
  • Utilisation acceptable
  • Confidentialité