Skip to content
Discussion options

You must be logged in to vote

Yes — we did a comprehensive audit. 8 research agents, source code analysis, hands-on testing of every major tool category.

Beyond the dependency vulns you found, here's what the code itself does:

~290 of 300+ MCP tools are stubs. They accept input and return JSON but don't execute anything:

  • agent_spawn{status: 'idle', taskCount: 0} forever
  • neural_train → reports Math.random() accuracy, predictions always 'coder'
  • wasm_agent_prompt → echoes input back
  • verifySignature() in consensus → unconditionally returns true
  • All consensus types (byzantine/raft/queen) → same JSON file handler

~10 tools actually work: memory/HNSW vector search, embeddings, terminal, sessions.

Token Optimizer claims …

Replies: 1 comment

Comment options

You must be logged in to vote
0 replies
Answer selected by andrewgwallace
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Category
Q&A
Labels
None yet
2 participants