Agentic Beehive MCP Server
PassAudited by ClawScan on May 13, 2026.
Overview
This appears to be a coherent local MCP server, but it keeps persistent local state and can contact external endpoints that are registered with it.
Install this only if you want a local MCP server that stores agent state and can contact registered external data or agent endpoints. Verify the full `server.py` before installing because the provided source excerpt is marked truncated, pin or review Python dependencies, and avoid registering untrusted URLs or storing secrets in the Beehive database.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A future or compromised dependency version could change what code runs in the local MCP server environment.
The skill relies on a manually installed, unpinned Python package. This is expected for a Python MCP server, but dependency provenance and version pinning are left to the user.
python3 -m venv .venv source .venv/bin/activate pip install fastmcp
Install in a virtual environment, verify the package source, and consider pinning `fastmcp` to a known version before use.
Incorrect, stale, or untrusted entries in the local Beehive database could affect future recommendations or status summaries.
The skill intentionally stores persistent agent state, including branches, colonies, alerts, and evolution logs, which may later influence agent decisions.
存储:SQLite (`beehive.db`),WAL 模式 表:branches, colonies, alerts, evolution_log
Treat the database as persistent agent memory; review or clear `beehive.db` if it contains unwanted state, and avoid storing secrets in colony metadata or alerts.
If an untrusted or internal URL is registered, the agent may make network requests from the user's machine to that endpoint.
The server lets colonies be registered with arbitrary endpoints and then polls those endpoints over HTTP. This is disclosed and purpose-aligned, but trust, identity, and network boundaries are not enforced in the visible code.
def colony_register(name: str, colony_type: str, endpoint: str = "", metadata: str = "{}") -> dict:
...
resp = httpx.get(row["endpoint"], timeout=5.0)Register only trusted endpoints, avoid sensitive localhost/internal URLs unless intended, and add allowlists or authentication if this is used in a shared or production environment.