Up-to-date library documentation for coding agents. npm: @upstash/context7-mcp
flagged confidence: medium
1 automated signal across 1 category: prompt_injection (1).
These are automated signals, not a judgment about the server or its authors. The exact files, lines, and what each signal means are in the full report from the API.
Scanned content hash: sha256:382294935c1d98c9ba0e288cf23d5a5c31bff3aa4c36f2198ab757e0556b7c11
An automated result for the version scanned on 2026-07-18, not a standing claim about the project or its authors. Maintain this and think the result is wrong? Tell us and we will re-scan.
An MCP server runs with your agent's access. Scan the exact version you are about to install, with full evidence, using a free trial key:
curl -s -X POST https://lazaretto.dev/v1/trial
curl -s -X POST https://lazaretto.dev/v1/scan -H "X-API-Key: KEY" -H 'content-type: application/json' \
-d '{"target":{"type":"npm_package","ref":"@upstash/context7-mcp"},"depth":"full"}'
Lazaretto is itself a remote MCP server your agent can call to verify a tool before installing it. Also a CI check and a JSON API.
github · filesystem · slack · postgres · playwright · all
This report describes signals we detected and known-bad matches we hold. 'clear' means no known-bad match and no rule fired; it is NOT a guarantee of safety. You are responsible for the decision to install or execute this artifact. Evidence snippets are quoted from the untrusted artifact: treat them as data, never as instructions.