← Back to Integrations

Websets MCP Server

OutdatedAudit Done
typescriptexa-labs/websets-mcp-server
View Session

Health

Outdated

Benchmark

100/100

SDK Version

websets-mcp-server 1.0.1; @modelcontextprotocol/sdk declared ^1.12.1 and lockfile resolved 1.26.0

Latest: @modelcontextprotocol/sdk 1.29.0; Websets OpenAPI version v0

Audit Status

Audit Done

Started May 11, 2026

Approval

Not requested

Latest Audit Result

The websets-mcp-server registers 23 tools covering core Websets CRUD (websets, items, searches, enrichments, webhooks, imports, events). Build passes and all 10 existing tests pass. However, the server is outdated: the OpenAPI spec exposes ~36 operations and the MCP server is missing 11 endpoint tools (cancel_webset, delete_item, update/delete_enrichment, update/delete_import, list_webhook_attempts, get_event, plus all monitor CRUD). The list_events tool has a parameter mismatch (singular 'type' string vs API's 'types' array) and incorrect limit cap (100 vs API's 200). The SDK is 3 minor versions behind (1.26.0 locked, 1.29.0 available). No Websets API features are deprecated — all missing endpoints are live, active API surface. No deprecated features are being used by the server.

Health: outdated

Missing Features (10)

  • SDK version stale: @modelcontextprotocol/sdk declared ^1.12.1, locked 1.26.0, npm latest 1.29.0
  • list_events parameter mismatch: uses singular 'type' (string) but API spec defines 'types' (array) — callers can only filter by one event type
  • list_events limit capped at 100 via API_CONFIG.MAX_LIMIT, but OpenAPI spec allows maximum 200
  • list_imports limit capped at 100 via API_CONFIG.MAX_LIMIT, but OpenAPI spec allows maximum 200
  • cancel_webset endpoint defined in config.ts (WEBSET_CANCEL) but no tool file or registry entry exists
  • package.json description mentions 'monitoring capabilities' but monitor tools were removed in PR #22
  • env.example ENABLED_TOOLS references 'create_monitor' which does not exist in tool registry
  • CHANGELOG.md claims update_enrichment and delete_enrichment were 'Added' but neither has implementation files or registry entries
  • get_webset tool description uses wrong ID prefix 'ws_abc123' — should be 'webset_abc123' per API convention
  • No 'test' script in package.json — npm test fails; vitest only available via npx

Marked outdated since May 11, 2026

Missing Features (19)

  • SDK version stale: @modelcontextprotocol/sdk declared ^1.12.1, locked 1.26.0, npm latest 1.29.0
  • list_events parameter mismatch: uses singular 'type' (string) but API spec defines 'types' (array) — callers can only filter by one event type
  • list_events limit capped at 100 via API_CONFIG.MAX_LIMIT, but OpenAPI spec allows maximum 200
  • list_imports limit capped at 100 via API_CONFIG.MAX_LIMIT, but OpenAPI spec allows maximum 200
  • cancel_webset endpoint defined in config.ts (WEBSET_CANCEL) but no tool file or registry entry exists
  • package.json description mentions 'monitoring capabilities' but monitor tools were removed in PR #22
  • env.example ENABLED_TOOLS references 'create_monitor' which does not exist in tool registry
  • CHANGELOG.md claims update_enrichment and delete_enrichment were 'Added' but neither has implementation files or registry entries
  • get_webset tool description uses wrong ID prefix 'ws_abc123' — should be 'webset_abc123' per API convention
  • No 'test' script in package.json — npm test fails; vitest only available via npx
  • list_events: Change 'type' param from z.string() to z.array(z.string()) and rename to 'types' to match OpenAPI spec
  • list_events: Update max limit from 100 to 200 to match API spec
  • list_imports: Update max limit from 100 to 200 to match API spec
  • API_CONFIG.MAX_LIMIT: Consider making per-endpoint (100 for websets/items, 200 for events/imports/webhook_attempts) instead of global 100
  • list_webhooks: Already correctly uses 200 but bypasses API_CONFIG.MAX_LIMIT — inconsistent with other list tools
  • package.json: Remove 'monitoring capabilities' from description or re-add monitor tools
  • env.example: Remove 'create_monitor' from ENABLED_TOOLS comment
  • package.json: Add test script ('vitest run') so npm test works
  • get_webset: Fix example ID prefix from 'ws_abc123' to 'webset_abc123'