Security audit
SayDeploy
Security checks across malware telemetry and agentic risk
Overview
SayDeploy is purpose-aligned, but it gives an auto-downloaded MCP tool broad authority over cloud, payment, database, and developer accounts with unclear limits.
Install only if you trust SayDeploy and are comfortable giving it access to the listed services. Prefer test or least-privilege accounts, check the scopes requested during pairing, require explicit approval for writes/deployments, and be cautious because the MCP server runs an unpinned `saydeploy@latest` package.
VirusTotal
VirusTotal engine telemetry is currently stale for this artifact.
Static analysis
No suspicious patterns detected.
