Add MseeP.ai badge#315
Conversation
|
@mseep-ai is attempting to deploy a commit to the Million Team on Vercel. A member of the Team first needs to authorize it. |
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit d9ff8a8. Configure here.
| @@ -1,3 +1,5 @@ | |||
| [](https://mseep.ai/app/aidenybai-react-grab) | |||
There was a problem hiding this comment.
Unsolicited third-party badge propagates to npm package
Medium Severity
An external third-party badge linking to mseep.net (image) and mseep.ai (click target) is added above the project title. Because the build script copies the root README.md into packages/react-grab/README.md, this badge will be distributed to all npm package consumers. The remote image can act as a tracking pixel (leaking viewer IP/User-Agent), and the external domains are outside project maintainer control, creating a vector for future abuse if the domain changes hands.
Reviewed by Cursor Bugbot for commit d9ff8a8. Configure here.
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
There was a problem hiding this comment.
1 issue found across 1 file
Prompt for AI agents (unresolved issues)
Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.
<file name="README.md">
<violation number="1" location="README.md:1">
P2: This externally-hosted badge image (`mseep.net`) is outside project maintainer control and will be rendered on the npm package page, where it can function as a tracking pixel (leaking viewer IP and User-Agent). If the domain changes hands in the future, the image could be replaced with arbitrary content. Additionally, this is an unsolicited PR from a third party adding their branding to the project.</violation>
</file>
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.
| @@ -1,3 +1,5 @@ | |||
| [](https://mseep.ai/app/aidenybai-react-grab) | |||
There was a problem hiding this comment.
P2: This externally-hosted badge image (mseep.net) is outside project maintainer control and will be rendered on the npm package page, where it can function as a tracking pixel (leaking viewer IP and User-Agent). If the domain changes hands in the future, the image could be replaced with arbitrary content. Additionally, this is an unsolicited PR from a third party adding their branding to the project.
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At README.md, line 1:
<comment>This externally-hosted badge image (`mseep.net`) is outside project maintainer control and will be rendered on the npm package page, where it can function as a tracking pixel (leaking viewer IP and User-Agent). If the domain changes hands in the future, the image could be replaced with arbitrary content. Additionally, this is an unsolicited PR from a third party adding their branding to the project.</comment>
<file context>
@@ -1,3 +1,5 @@
+[](https://mseep.ai/app/aidenybai-react-grab)
+
# <img src="https://github.com/aidenybai/react-grab/blob/main/.github/public/logo.png?raw=true" width="60" align="center" /> React Grab
</file context>
1 participant
Hi there,
This pull request shares a security update on react-grab.
We also have an entry for react-grab in our directory, MseeP.ai, where we provide regular security and trust updates on your app.
We invite you to add our badge for your MCP server to your README to help your users learn from a third party that provides ongoing validation of react-grab.
You can easily take control over your listing for free: visit it at https://mseep.ai/app/aidenybai-react-grab.
Thanks,
The MseeP Team
MCP servers you can trust
Note
Low Risk
Low risk documentation-only change; no runtime code or dependencies are modified.
Overview
Adds an MseeP.ai Security Assessment Badge to
README.md, linking to the project’s MseeP.ai listing.Reviewed by Cursor Bugbot for commit d9ff8a8. Bugbot is set up for automated code reviews on this repo. Configure here.
Summary by cubic
Added MseeP.ai security assessment badge to the
react-grabREADME to display third-party security status and link to the project’s listing. The badge is placed at the top of the README for visibility.Written for commit d9ff8a8. Summary will update on new commits. Review in cubic