Search • Shortlists • Rankings • Digests • Backfill • Incident feed • MCP API

github-noelschwarz/copper

noelschwarz/copper

Copper is an open-source CLI by Basematter that tails MCP (Model Context Protocol) tool calls, redacts secrets, and flags risky ones. See what your AI agent is actually doing.

JSON report • History API • Manage this server • Global feed

Status

Unknown

Score

n/a

Transport

unknown

Tools

Production readiness

Verdict

Metadata only

No live validation evidence exists yet for this entry.

Critical alerts

Production verdicts degrade quickly when critical alerts are active.

Evidence confidence

Confidence score

20.0

No live validation run exists yet; confidence is mostly metadata-derived.

Live checks captured

More direct checks increase trust in the current verdict.

Validation age

n/a

Lower age means fresher evidence.

Recommended for

Metadata-first exploration only

Evidence confidence is still low, so verify the server manually before depending on it.

Client readiness verdicts

Ready for ChatGPT custom connector

Blocked

Requires a streamable HTTP endpoint.; Requires a public remote MCP endpoint.; OpenAI connectors expect OAuth for remote server auth.; Dynamic client registration materially improves connector setup.; Initialize must be reachable.; tools/list must succeed.; OAuth interoperability should be strong.

Confidence: low (20.0)

Evidence provenance

Winner: live_validation

Supporting sources: live_validation, history, server_card

Disagreements: none

initialize • Missing
tools_list • Missing
transport_compliance_probe • Missing
step_up_auth_probe • Missing
connector_replay_probe • Missing — Frozen tool snapshots must survive refresh.
request_association_probe • Missing — Roots, sampling, and elicitation should stay request-scoped.

Ready for Claude remote MCP

Blocked

Requires a reachable remote MCP URL.; Initialize must succeed or cleanly request auth.; tools/list must succeed.; A useful Claude integration needs at least one exposed tool.; Claude remote wrappers expect HTTP/SSE transports.

Confidence: low (20.0)

Evidence provenance

Winner: live_validation

Supporting sources: live_validation, history, server_card

Disagreements: none

initialize • Missing
tools_list • Missing
transport_compliance_probe • Missing

Unsafe for write actions

Yes

High-risk write, exec, or destructive tools need stronger auth and confirmation semantics.

Confidence: low (20.0)

Evidence provenance

Winner: live_validation

Supporting sources: live_validation, history

Disagreements: none

action_safety_probe • Missing

Snapshot churn risk

Low

No material tool-surface churn detected in the latest comparison.

Confidence: low (20.0)

Evidence provenance

Winner: history

Supporting sources: history, live_validation

Disagreements: none

tool_snapshot_probe • Missing
connector_replay_probe • Missing

Why not ready by client

ChatGPT custom connector

Blocked

Remediation checklist

No explicit blockers recorded.

Claude remote MCP

Blocked

Remediation checklist

No explicit blockers recorded.

Write-safe publishing

Blocked

Remediation checklist

No explicit blockers recorded.

Verdict traces

Production verdict

Metadata only

No live validation evidence exists yet for this entry.

Confidence: low (20.0)

Winning source: metadata

Triggering alerts

never_validated • high • Server has never been validated

Client verdict trace table

Verdict	Status	Checks	Winning source	Conflicts
`openai_connectors`	Blocked	initialize, tools_list, transport_compliance_probe, step_up_auth_probe, connector_replay_probe, request_association_probe	live_validation	none
`claude_desktop`	Blocked	initialize, tools_list, transport_compliance_probe	live_validation	none
`unsafe_for_write_actions`	Yes	action_safety_probe	live_validation	none
`snapshot_churn_risk`	Low	tool_snapshot_probe, connector_replay_probe	history	none

Publishability policy profiles

ChatGPT custom connector publishability

Caution

Search Fetch Only: No
Write Actions Present: No
Oauth Configured: No
Admin Refresh Required: No
Safe For Company Knowledge: No
Safe For Messages Api Remote Mcp: No

Claude remote MCP publishability

Caution

Search Fetch Only: No
Write Actions Present: No
Oauth Configured: No
Admin Refresh Required: No
Safe For Company Knowledge: No
Safe For Messages Api Remote Mcp: No

Compatibility fixtures

ChatGPT custom connector fixture

Degraded

remote_http_endpoint: Likely to fail
oauth_discovery: Degraded
frozen_tool_snapshot_refresh: Passes
request_association: Passes

Anthropic remote MCP fixture

Degraded

remote_transport: Likely to fail
tool_discovery: Likely to fail
auth_connect: Likely to fail
safe_write_review: Degraded

Authenticated validation sessions

Latest profile

remote_mcp

Authenticated session used

Public score isolation

✓

Preview endpoint

/v1/verify

CI preview endpoint

/v1/ci/preview

Public server reputation

Validation success 7d

n/a

Validation success 30d

n/a

Mean time to recover

n/a

Breaking diffs 30d

Registry drift frequency 30d

Snapshot changes 30d

Incident & change feed

No incidents or changes recorded yet.

Capabilities

OAuth: ✕
DCR/CIMD: ✕
Prompts: ✕
Homepage: https://basematter.dev
Docs: https://basematter.dev
Support: https://github.com/noelschwarz/copper
Icon: https://avatars.githubusercontent.com/u/139234123?v=4
Remote endpoint: none
Server card: none

Use-case taxonomy

development automation

Security posture

Tools analyzed

High-risk tools

Destructive tools

Exec tools

Egress tools

Secret tools

Bulk-access tools

Risk distribution

none

Tool capability & risk inventory

No tool inventory available from the latest validation run.

Write-action governance

Governance status

Missing

Safe to publish

Auth boundary

public_or_unclear

Blast radius

Low

High-risk tools

Confirmation signals

none

Safeguard count

Status detail: No write-action governance evidence is available yet.

Tool	Risk	Flags	Safeguards
No high-risk tools were detected on the latest run.

Action-controls diff

Need at least two validation runs before diffing action controls.

Why this score?

Access & Protocol

0/44

Connectivity, auth, and transport expectations for common clients.

Interface Quality

0/56

How well the tool/resource interface communicates and behaves under automation.

Security Posture

0/36

How safely the exposed tool surface handles destructive actions, egress, execution, secrets, and risky inputs.

Reliability & Trust

0/24

Operational stability, consistency, and trustworthiness over time.

Discovery & Governance

0/28

How well the server is documented, listed, and governed in public registries.

Adoption & Market

0/8

Adoption clues and public evidence that the server is intended for external use.

Algorithmic score breakdown

No score components recorded yet.

Compatibility profiles

OpenAI Connectors

22.2

blocked

Connector URL: https://example.com/mcp
# No OAuth metadata detected.
# Server: github-noelschwarz/copper

Claude Desktop

16.7

blocked

{
  "mcpServers": {
    "copper": {
      "command": "npx",
      "args": ["mcp-remote", "https://example.com/mcp"]
    }
  }
}

Smithery

0.0

blocked

Requires a public remote MCP URL.; Tool discovery must succeed.; Initialize should work before execution.; Metadata quality should be serviceable.; Machine-readable failure semantics should be present.

smithery mcp add "https://example.com/mcp"

Generic Streamable HTTP

0.0

blocked

Requires an HTTP-native transport.; Requires a reachable remote MCP URL.; Initialize must succeed.; tools/list must succeed.; Transport behavior should match metadata.; Session behavior should be predictable.

curl -sS https://example.com/mcp -H 'content-type: application/json' -d '{"jsonrpc":"2.0","id":1,"method":"initialize","params":{"protocolVersion":"2025-03-26","capabilities":{},"clientInfo":{"name":"mcp-verify","version":"0.1.0"}}}'

Actionable remediation

Severity	Remediation	Why it matters	Recommended action
High	Respond to server has never been validated	No live validation evidence exists yet for this entry.	Inspect the latest validation evidence and resolve the client-visible regression. Playbook Inspect the latest validation evidence. Resolve the highest-severity client-facing gap first. Revalidate and confirm the score and verdict improve.
Medium	Raise Access & Protocol score	Connectivity, auth, and transport expectations for common clients.	Tighten auth discovery, session behavior, and transport metadata until remote clients can connect without guesswork. Playbook Inspect the latest validation evidence. Resolve the highest-severity client-facing gap first. Revalidate and confirm the score and verdict improve.
Medium	Raise Adoption & Market score	Adoption clues and public evidence that the server is intended for external use.	Increase external documentation and directory coverage so users can discover and evaluate the server. Playbook Inspect the latest validation evidence. Resolve the highest-severity client-facing gap first. Revalidate and confirm the score and verdict improve.
Medium	Raise Discovery & Governance score	How well the server is documented, listed, and governed in public registries.	Fill out homepage, docs, support, license, and registry metadata so directories stay aligned. Playbook Inspect the latest validation evidence. Resolve the highest-severity client-facing gap first. Revalidate and confirm the score and verdict improve.
Medium	Raise Interface Quality score	How well the tool/resource interface communicates and behaves under automation.	Improve schemas, error contracts, and recovery messages so agents can reason about the surface automatically. Playbook Inspect the latest validation evidence. Resolve the highest-severity client-facing gap first. Revalidate and confirm the score and verdict improve.
Medium	Raise Reliability & Trust score	Operational stability, consistency, and trustworthiness over time.	Stabilize behavior over time and reduce failure drift between validation runs. Playbook Inspect the latest validation evidence. Resolve the highest-severity client-facing gap first. Revalidate and confirm the score and verdict improve.
Medium	Raise Security Posture score	How safely the exposed tool surface handles destructive actions, egress, execution, secrets, and risky inputs.	Reduce destructive, egress, exec, secret, and freeform-input risk across the exposed tool surface. Playbook Classify each tool by read/write/delete/exec/network capability and confirm the classification is intentional. Gate high-risk tools behind scoped auth, narrow their schemas, and document safeguards such as allowlists or dry-run paths. Revalidate after the risky tools are tightened so the security posture score reflects the current surface.

Point loss breakdown

No current score penalties are recorded.

Validation diff

Need at least two validation runs before diffing changes.

Tool snapshot diff & changelog

Need at least two validation runs before building a tool changelog.

Connector replay

Status

Missing

Backward compatible

Would break after refresh

Added tools

none

Removed tools

none

Additive output changes

none

Required-argument replay breaks

Tool	Added required args	Removed required args
No required-argument replay breaks detected.

Output-schema replay breaks

Tool	Removed properties	Added properties
No output-schema replay breaks detected.

Transport compliance drilldown

Probe status

Missing

Transport

unknown

Session header

Protocol header

Bad protocol response

n/a

DELETE teardown

n/a

Expired session retry

n/a

Last-Event-ID visible

Issues: none

Request association

Status

Missing

Advertised capabilities

none

Observed idle methods

none

Violating methods

none

Probe HTTP status

n/a

Issues

none

Utility coverage

Probe status

Missing

Completions

not detected

Completion probe target: none

Pagination

not detected

No nextCursor evidence.

Tasks

Missing

Advertised: no

Benchmark tasks

Benchmark task	Status	Evidence
Discover tools	Likely to fail	`initialize` • Missing `tools_list` • Missing
Read-only fetch flow	Likely to fail	`resource_read` • Missing `read_only_tool_surface` • Missing
OAuth-required connect	Degraded	`oauth_protected_resource` • Missing `step_up_auth_probe` • Missing
Safe write flow with confirmation	Likely to fail	`action_safety_probe` • Missing

Registry & provenance divergence

Probe status

Missing

Direct official match

Drift fields

none

Field	Registry	Live server card
Title	n/a	n/a
Version	n/a	n/a
Homepage	n/a	n/a

Active alerts

Server has never been validated (high)
No live validation evidence exists yet for this entry.

Aliases & registry graph

Identifier	Source	Canonical	Score
`github-noelschwarz/copper`	github_topic_registry	yes	n/a

Alias consolidation

Canonical identifier

github-noelschwarz/copper

Duplicate aliases

Registry sources

github_topic_registry

Remote URLs

none

Homepages

https://basematter.dev

Source disagreements

Field	What differs	Observed values
No source disagreements detected.

Install snippets

Openai Connectors

Connector URL: https://example.com/mcp
# No OAuth metadata detected.
# Server: github-noelschwarz/copper

Claude Desktop

{
  "mcpServers": {
    "copper": {
      "command": "npx",
      "args": ["mcp-remote", "https://example.com/mcp"]
    }
  }
}

Smithery

smithery mcp add "https://example.com/mcp"

Generic Http

curl -sS https://example.com/mcp -H 'content-type: application/json' -d '{"jsonrpc":"2.0","id":1,"method":"initialize","params":{"protocolVersion":"2025-03-26","capabilities":{},"clientInfo":{"name":"mcp-verify","version":"0.1.0"}}}'

Agent access & tool surface

Live server tools

No live tool surface captured yet.

Observed from the latest live validation against none. This is the target server surface, not Verify's own inspection tools.

Live capability counts

0 tools • 0 prompts • 0 resources

Counts come from the latest tools/list, prompts/list, and resources/list checks.

Inspect with Verify

search_servers recommend_servers get_server_report compare_servers

Use Verify itself to search, recommend, compare, and fetch the full report for github-noelschwarz/copper.

Direct machine links

JSON report • Compare this server • Verify MCP API

Claims & monitoring

Server ownership

No verified maintainer claim recorded.

Watch subscriptions

Teams: none

Alert routing

Active watches

Generic webhooks

Slack routes

Teams routes

Email routes

Watch	Team	Channels	Minimum severity
No active watch destinations.

Maintainer analytics

Validation Run Count

Average Latency Ms

None

Healthy Run Ratio Recent

None

Registry Presence Count

Active Alert Count

Watcher Count

Verified Claim

False

Taxonomy Tags

development, automation

Score Trend

none

Remediation Count

High Risk Tool Count

Destructive Tool Count

Exec Tool Count

Maintainer response quality

Score

33.33

Verified claim

Support contact

✓

Changelog present

Incident notes present

Tool changes documented

✓

Annotation history

Annotation count

Maintainer annotations

No maintainer annotations have been recorded yet.

Maintainer rebuttals & expected behavior

No maintainer rebuttals or expected-behavior overrides are recorded yet.

Latest validation evidence

No validation run available yet.

Raw evidence view

Show raw JSON evidence

{
  "checks": {},
  "failures": {},
  "remote_url": null,
  "server_card_payload": null,
  "server_identifier": "github-noelschwarz/copper"
}

Known versions

No versions recorded.

Validation history

7 day score delta

n/a

30 day score delta

n/a

Recent healthy ratio

n/a

Freshness

n/a

Timestamp	Status	Score	Latency	Tools
Not enough history for trend points yet.

Validation timeline

No validation timeline is available yet.

Recent validation runs

Started	Status	Summary	Latency	Checks
No validation runs yet.