Does @modelcontextprotocol/server-everything send data, and where? — data-flow verdict

provisional · AUTOMATED — forensic confirmation pending. A preliminary, fact-based result, not a judgment.

Verdict (the facts)

Tool

npm/@modelcontextprotocol/server-everything

Integrity axis

honest — Observed behaviour matches its description; no undisclosed recipient.

Data-flow axis

No network egress to external destinations was observed — the tool ran purely locally.

Disclosure

n/a — No external egress was observed; there is nothing to disclose.

Capture self-test

verified

Severity

none — integrity axis (no undeclared exfiltration; no egress at all).

Version (pinned)

2026.1.26 · commit a1e5a9a9b186f00462a8a2448ee041728ce052d5

Content hash

sha256:01e6bc6424e64b4ae3ec52f4c8ef04de60ee401597e2c52b97f6e52739132614

Signature

ed25519:tLlzH66Z95ENfde1wOcE/YUq6Bw3SorR7whFM5… · Ed25519 public key · sha256:49cf8457b42a7048

Scanned

2026-06-13T00:00:00Z — Pinned to @modelcontextprotocol/server-everything@2026.1.26 (git a1e5a9a9b186f00462a8a2448ee041728ce052d5), published 2026-01-27. This verdict applies to that exact version; a newer release would require a re-scan.

Re-verified

2026-06-14 — pinned version current

Categories

dev-tools no-egress published

Observation history

1 scan(s); first seen 2026-06-13T00:00:00Z · latest 2026-06-13T00:00:00Z

Observed egress destinations

Jurisdiction context:

Disclosure check (the §824 evidence)

Read

Quoted from the tool's own docs

“”

Match

No external egress was observed; there is nothing to disclose.

Residual gap

How we know this — claims by basis

A verdict is a reproducible evidence container, not just a claim. Each assertion is tagged: an observation is in the capture and reproducible; an inference is our reasoning over it; documented is the tool’s own statement; a classification is our adversarially-reviewed judgment. Observation never reads as inference.

Observed — directly in the capture, reproducible

• No network egress to an external destination was observed during the scan. — Capture self-test: verified — a decoy beacon emitted from the tool's own network context appeared in the intercept, so the absence is a verified negative, not a blind spot. (confidence: high)

Classified — our adversarially-reviewed judgment

• No telemetry, analytics or error-reporting side-channel was found. — Reviewed against the tool's observed behaviour in the run. (confidence: medium)

Method

Installed and run in an isolated container; fed traceable decoy data; all outbound traffic intercepted (TLS broken via own CA, iptables transparent redirect). A beacon self-test confirmed the capture was live.

Scope

Compares the tool's declared destinations against what was observed in one sandbox run. Checks transparency / integrity for a cooperative tool, NOT resistance to deliberate evasion. "honest"/"clean" means "observed without deviation within our reach", NOT "guaranteed no hidden egress". Out of scope: exfiltration split/chunked across requests; tool-side encryption of the payload before egress; input/time/state-triggered processing not triggered in the run.

Machine-readable verdict: /verdict/everything.json. This page describes observed behaviour and its relation to the tool's own disclosures — it is not a legal judgment. Search context: does @modelcontextprotocol/server-everything send data, @modelcontextprotocol/server-everything privacy, @modelcontextprotocol/server-everything data flow, @modelcontextprotocol/server-everything telemetry, where does @modelcontextprotocol/server-everything send data, is @modelcontextprotocol/server-everything safe, what data does @modelcontextprotocol/server-everything collect, how to disable @modelcontextprotocol/server-everything telemetry, @modelcontextprotocol/server-everything opt out tracking, @modelcontextprotocol/server-everything GDPR data residency, @modelcontextprotocol/server-everything third-party / jurisdiction.