π₯ Repository Vitality Report β 2026-02-25
Repository: ajentik/mcp_server
Language: Ruby
Created: 2025-07-03
License: MIT
Assessment Date: 2026-02-25
π Activity Summary (Last 12 Months)
| Metric |
Value |
| Commits |
22 |
| Pull Requests |
10 |
| Issues |
0 |
| Contributors |
1 (Ezra) |
| Last Commit |
2025-07-07 |
| Days Since Last Commit |
~233 days |
Activity Level: π‘ Stalled but Strategic β Active development for ~5 days (July 3-7, 2025) with a healthy PR workflow (10 PRs for 22 commits = good review culture). But completely dormant for 7+ months.
π Security & Dependency Audit
Open Dependabot Alerts: 8
| Severity |
Count |
Key Vulnerabilities |
| π High |
6 |
Rack directory traversal, memory exhaustion DoS, multipart DoS (3 separate), query parser bypass |
| π‘ Medium |
2 |
Rack XSS via Directory, information disclosure |
Dependency Analysis (Gemfile)
mcp gem (from github.com/modelcontextprotocol/ruby-sdk, main branch) β Pinned to main branch β οΈ- Uses gemspec β library-style packaging β
Critical Concern: ALL 8 vulnerabilities are in Rack, which is the HTTP middleware layer. Since this is an MCP server that handles HTTP requests, these vulnerabilities directly affect its attack surface.
Double Concern: core repository depends on this repo via gem "mcp_server", git: "https://github.com/ajentik/mcp_server.git" β so core's security is transitively affected.
π§ Technology Obsolescence Check
| Technology |
Status |
| Ruby |
β
Current |
| MCP (Model Context Protocol) |
β
Cutting-edge β MCP is a 2024-2025 standard for AI tool use |
| Rack |
β
Current (needs security patches) |
| mcp gem (ruby-sdk) |
β οΈ Pinned to main branch β unstable dependency |
MCP is highly strategic. The Model Context Protocol is the emerging standard for AI agent tool integration. This repo implements an MCP server in Ruby β relevant and forward-looking technology.
π Vitality Score Calculation
| Factor |
Weight |
Score |
Weighted |
| Commit frequency (12mo) |
25% |
25/100 |
6.25 |
| PR/Issue activity |
15% |
40/100 |
6.0 |
| Contributor diversity |
10% |
10/100 |
1.0 |
| Security posture |
20% |
20/100 |
4.0 |
| Tech currency |
15% |
85/100 |
12.75 |
| Recency of activity |
15% |
15/100 |
2.25 |
Vitality Score: 32/100 π‘
π― Recommendation: KEEP (with conditions)
Rationale for Keeping Despite Low Score
- Strategic dependency β
core depends on this repo directly; archiving would break the main product
- MCP is cutting-edge β Model Context Protocol is the future of AI tool integration
- MIT Licensed β open-source, good practice for a library
- Good PR hygiene when it was active β suggests quality code
- Small, focused library (48KB) β not a maintenance burden
Why Not Higher Score
- 7+ months dormant
- 8 Rack vulnerabilities unpatched
- Single contributor (bus factor = 1)
- Depends on
main branch of upstream MCP ruby-sdk (unstable)
Required Actions:
- Urgent: Update Rack to patch all 8 vulnerabilities β this transitively affects
core
- Important: Pin
mcp gem to a tagged release instead of main branch
- Recommended: Add a second maintainer to reduce bus factor
- Recommended: Set up CI/CD with automated security scanning
Generated by Repo Vitality Assessment β 2026-02-25
π₯ Repository Vitality Report β 2026-02-25
Repository:
ajentik/mcp_serverLanguage: Ruby
Created: 2025-07-03
License: MIT
Assessment Date: 2026-02-25
π Activity Summary (Last 12 Months)
Activity Level: π‘ Stalled but Strategic β Active development for ~5 days (July 3-7, 2025) with a healthy PR workflow (10 PRs for 22 commits = good review culture). But completely dormant for 7+ months.
π Security & Dependency Audit
Open Dependabot Alerts: 8
Rackdirectory traversal, memory exhaustion DoS, multipart DoS (3 separate), query parser bypassRackXSS via Directory, information disclosureDependency Analysis (Gemfile)
mcpgem (fromgithub.com/modelcontextprotocol/ruby-sdk, main branch) β Pinned to main branchCritical Concern: ALL 8 vulnerabilities are in
Rack, which is the HTTP middleware layer. Since this is an MCP server that handles HTTP requests, these vulnerabilities directly affect its attack surface.Double Concern:
corerepository depends on this repo viagem "mcp_server", git: "https://github.com/ajentik/mcp_server.git"β socore's security is transitively affected.π§ Technology Obsolescence Check
mainbranch β unstable dependencyMCP is highly strategic. The Model Context Protocol is the emerging standard for AI agent tool integration. This repo implements an MCP server in Ruby β relevant and forward-looking technology.
π Vitality Score Calculation
Vitality Score: 32/100 π‘
π― Recommendation: KEEP (with conditions)
Rationale for Keeping Despite Low Score
coredepends on this repo directly; archiving would break the main productWhy Not Higher Score
mainbranch of upstream MCP ruby-sdk (unstable)Required Actions:
coremcpgem to a tagged release instead ofmainbranchGenerated by Repo Vitality Assessment β 2026-02-25