{ "report": { "version": "1.0", "server": { "slug": "mcp-deepwiki-com-20260516082508-a4cfb2", "name": "mcp.deepwiki.com", "github_url": null, "scan_id": "ea225ec1-d8ce-44d7-b6db-6ea34d638eb0" }, "framework": { "id": "eu_ai_act", "name": "EU AI Act", "version": "2024/1689", "last_updated": "2026-04-23", "source_url": "https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32024R1689" }, "assessment": { "assessed_at": "2026-05-16T08:25:08.606Z", "rules_version": "2026-04-23", "sentinel_version": "0.4.0", "coverage_band": "medium", "coverage_ratio": 0.7, "techniques_run": [ "ast-taint", "capability-graph", "entropy", "linguistic-scoring", "schema-inference" ] }, "controls": [ { "control_id": "Art.9", "control_name": "Risk Management System", "control_description": "High-risk AI providers must establish, implement, and maintain a risk management system covering the entire lifecycle, including analysis of reasonably foreseeable misuse and supply-chain risk.", "source_url": "https://artificialintelligenceact.eu/article/9/", "status": "met", "evidence": [], "rationale": "22 assessor rule(s) evaluated this control; no findings observed.", "required_mitigations": [], "assessor_rule_ids": [ "D1", "D2", "D3", "D4", "D5", "D6", "D7", "K9", "K10", "K11", "L1", "L2", "L3", "L5", "L6", "L7", "L8", "L10", "L12", "L13", "Q4", "Q13" ] }, { "control_id": "Art.12", "control_name": "Record-Keeping", "control_description": "High-risk AI systems must automatically record events ('logs') over the system lifetime to ensure traceability of the system's functioning appropriate for the intended purpose.", "source_url": "https://artificialintelligenceact.eu/article/12/", "status": "met", "evidence": [], "rationale": "5 assessor rule(s) evaluated this control; no findings observed.", "required_mitigations": [], "assessor_rule_ids": [ "K1", "K2", "K3", "K20", "E3" ] }, { "control_id": "Art.13", "control_name": "Transparency & Provision of Information to Deployers", "control_description": "High-risk AI systems must be sufficiently transparent to enable deployers to interpret the system's output appropriately, including capabilities, limitations, and the conditions of intended use.", "source_url": "https://artificialintelligenceact.eu/article/13/", "status": "met", "evidence": [], "rationale": "14 assessor rule(s) evaluated this control; no findings observed.", "required_mitigations": [], "assessor_rule_ids": [ "A2", "A4", "A6", "A8", "F2", "F5", "G6", "I1", "I2", "I5", "I16", "K12", "K13", "L15" ] }, { "control_id": "Art.14", "control_name": "Human Oversight", "control_description": "High-risk AI systems must be designed so that they can be effectively overseen by natural persons during use. Covers the ability to fully understand, monitor, and intervene in the system's operation.", "source_url": "https://artificialintelligenceact.eu/article/14/", "status": "met", "evidence": [], "rationale": "13 assessor rule(s) evaluated this control; no findings observed.", "required_mitigations": [], "assessor_rule_ids": [ "K4", "K5", "I12", "M5", "M6", "Q15", "H3", "F1", "F6", "J1", "K14", "K15", "Q10" ] }, { "control_id": "Art.15", "control_name": "Accuracy, Robustness, and Cybersecurity", "control_description": "High-risk AI systems must achieve appropriate levels of accuracy, robustness, and cybersecurity throughout their lifecycle. Covers resilience against errors, faults, and adversarial manipulation.", "source_url": "https://artificialintelligenceact.eu/article/15/", "status": "partial", "evidence": [ { "finding_id": "324ac4a6-8623-4c40-8622-fe6a823ae2ba", "rule_id": "B1", "severity": "medium", "evidence_summary": "SOURCE: user-parameter at tool read_wiki_structure — Tool \"read_wiki_structure\" accepts parameters without structural validation. The AI fills each parameter from user input; nothing in the schema rej", "confidence": 0.77 }, { "finding_id": "48a91f4f-2ee7-4b41-b65e-c0071f3573b6", "rule_id": "B1", "severity": "medium", "evidence_summary": "SOURCE: user-parameter at tool read_wiki_contents — Tool \"read_wiki_contents\" accepts parameters without structural validation. The AI fills each parameter from user input; nothing in the schema rejec", "confidence": 0.77 }, { "finding_id": "6aec3e33-4bc2-465a-b05e-a7c419b81ef1", "rule_id": "B1", "severity": "medium", "evidence_summary": "SOURCE: user-parameter at tool ask_question — Tool \"ask_question\" accepts parameters without structural validation. The AI fills each parameter from user input; nothing in the schema rejects injection", "confidence": 0.77 }, { "finding_id": "ee16e871-7791-49c4-a1fa-19b7eeddc96b", "rule_id": "B6", "severity": "medium", "evidence_summary": "SOURCE: user-parameter at tool read_wiki_structure — Tool \"read_wiki_structure\" input_schema accepts arbitrary extra keys. The declared properties are validated, but the handler may read undeclared ke", "confidence": 0.75 }, { "finding_id": "be99f936-40d2-418d-924d-f01b8faaf50b", "rule_id": "B6", "severity": "medium", "evidence_summary": "SOURCE: user-parameter at tool read_wiki_contents — Tool \"read_wiki_contents\" input_schema accepts arbitrary extra keys. The declared properties are validated, but the handler may read undeclared keys", "confidence": 0.75 }, { "finding_id": "f3411b16-ffd9-4940-b8c1-aaad2e03ba37", "rule_id": "B6", "severity": "medium", "evidence_summary": "SOURCE: user-parameter at tool ask_question — Tool \"ask_question\" input_schema accepts arbitrary extra keys. The declared properties are validated, but the handler may read undeclared keys that bypass", "confidence": 0.75 }, { "finding_id": "5bc7066c-4a00-411f-b6a9-b7325672fd62", "rule_id": "E1", "severity": "medium", "evidence_summary": "SOURCE: environment at capability:tools — An MCP server that answers tool enumeration without authentication trusts the network. Under modern threat models (CCS 2007 DNS rebinding, open cloud networki", "confidence": 0.75 } ], "rationale": "111 assessor rule(s) evaluated this control; 7 finding(s) observed (7 medium); all findings are below the high threshold (status: partial).", "required_mitigations": [ "Add at least one validation keyword to every string and number parameter. For strings: maxLength, pattern, format, or enum. For numbers: minimum, maximum, or multipleOf. JSON Schema validation runs before the tool handler and is the cheapest first-line defence against injection and DoS.", "Set additionalProperties: false on every object schema. This rejects any key outside the declared properties, closing the side-channel smuggling path and enforcing the schema's stated contract.", "Require authentication for all MCP server connections. For remote MCP servers adopt OAuth 2.0 per RFC 9700 / the MCP Authorization specification. For stdio-launched servers rely on the parent process's security boundary and DO NOT expose the same server over network transports. Even localhost-bound servers should require auth: DNS rebinding (CCS 2007) makes localhost reachable from any browser tab." ], "assessor_rule_ids": [ "A1", "A3", "A5", "A7", "A9", "B1", "B2", "B3", "B4", "B5", "B6", "B7", "C1", "C2", "C3", "C4", "C5", "C6", "C7", "C8", "C9", "C10", "C11", "C12", "C13", "C14", "C15", "C16", "E1", "E2", "E4", "F3", "F4", "F7", "G1", "G2", "G3", "G4", "G5", "G7", "H1", "H2", "I3", "I4", "I6", "I7", "I8", "I9", "I10", "I11", "I13", "I15", "J2", "J3", "J4", "J5", "J6", "J7", "K6", "K7", "K8", "K16", "K17", "K18", "K19", "L4", "L9", "L11", "L14", "M1", "M2", "M4", "M7", "M8", "M9", "N1", "N2", "N3", "N4", "N5", "N6", "N7", "N8", "N9", "N10", "N11", "N12", "N13", "N14", "N15", "O4", "O5", "O6", "O8", "O9", "O10", "P1", "P2", "P3", "P4", "P5", "P6", "P7", "P8", "P9", "P10", "Q3", "Q6", "Q7", "Q10", "Q15" ] } ], "summary": { "total_controls": 5, "met": 4, "unmet": 0, "partial": 1, "not_applicable": 0, "overall_status": "partially_compliant" }, "kill_chains": [], "executive_summary": "Assessment of mcp.deepwiki.com against EU AI Act: overall status partially compliant. Of 5 controls, 4 met, 0 unmet, 1 partial, 0 not applicable. 5 control(s) fell within MCP Sentinel's current assessor coverage; remaining control(s) are documented as not_applicable until Phase 6 expands coverage. No control is unmet, but partial findings indicate residual risk below the mandatory threshold. All claims are traceable to individual finding rows via finding_id and to the governing rule via rule_id; the enclosing signed envelope commits MCP Sentinel to the exact bytes of this report." }, "attestation": { "algorithm": "HMAC-SHA256", "signature": "CpkFWFhBz+U6KxMUxRz0skeeftZpGwZhM9U0uCMtisU=", "key_id": "mcp-sentinel-dev", "signed_at": "2026-05-16T11:06:31.540Z", "signer": "mcp-sentinel/v1", "canonicalization": "RFC8785" } }