THRONE
See report Verify server

registry / record

github.com/grafana/mcp-grafana

github / sealed 2026-06-12 / No. 3be1f679

re-scan this server gate it in your CI
> throne registry github.com/grafana/mcp-grafana sealed
This target couldn't be started as an MCP serverno package.json or pyproject.toml at the repository root — Throne can launch Node (npm/pnpm/yarn) and Python (uv) projects
receiptsealed evidence
scan id
3be1f679bb374f42b123be4c250e871f
target
https://github.com/grafana/mcp-grafana
sealed at
2026-06-12 06:57:39Z
evidence hash
sha256:2e4c7b8359ce57786e220593b4a8704fd0e0fc521df61d4dd3424e71dbfba007
01connectFAIL0ms

server never launched: no package.json or pyproject.toml at the repository root — Throne can launch Node (npm/pnpm/yarn) and Python (uv) projects

02discoverSKIPPED0ms

not run — server never launched

03validate_schemasSKIPPED0ms

not run — server never launched

04smoke_test_toolsSKIPPED0ms

not run — server never launched

05error_handlingSKIPPED0ms

not run — server never launched

06streamingSKIPPED0ms

not run — server never launched

07resource_lifecycleSKIPPED0ms

not run — server never launched

08concurrent_callsSKIPPED0ms

not run — server never launched

09reconnectSKIPPED0ms

not run — server never launched

01connectFAIL0ms

server never launched: no package.json or pyproject.toml at the repository root — Throne can launch Node (npm/pnpm/yarn) and Python (uv) projects

02discoverSKIPPED0ms

not run — server never launched

03validate_schemasSKIPPED0ms

not run — server never launched

04smoke_test_toolsSKIPPED0ms

not run — server never launched

05error_handlingSKIPPED0ms

not run — server never launched

06streamingSKIPPED0ms

not run — server never launched

07resource_lifecycleSKIPPED0ms

not run — server never launched

08concurrent_callsSKIPPED0ms

not run — server never launched

09reconnectSKIPPED0ms

not run — server never launched

chatgpt desktopemulation profile pending real-traffic captureCOMING SOON
SECURITY: REVIEW / 8 finding(s), 2 high / review material, not a verdict
MEDIUMTHR-SECRET-02 / Hardcoded secrets or tokens in source

APIKey assigned a literal value shou… (18 chars) — verify it is not a live credential

mcp-grafana-HEAD/k8s_client_test.go:407
MEDIUMTHR-SECRET-02 / Hardcoded secrets or tokens in source

APIKey assigned a literal value glsa… (25 chars) — verify it is not a live credential

mcp-grafana-HEAD/mcpgrafana_test.go:1125
MEDIUMTHR-SECRET-02 / Hardcoded secrets or tokens in source

APIKey assigned a literal value glsa… (25 chars) — verify it is not a live credential

mcp-grafana-HEAD/mcpgrafana_test.go:1187
MEDIUMTHR-EXEC-04 / Arbitrary command execution from tool arguments

spawn() called with a dynamically built command (heuristic — review): '\'powershell\', [\'-Command\', `Expand-Archive -Path "${archivePath}" -DestinationPa'

mcp-grafana-HEAD/.claude-plugin/install-binary.mjs:125
HIGHTHR-EXEC-04 / Arbitrary command execution from tool arguments

spawn() called with a dynamically built command (heuristic — review): "BINARY_PATH, process.argv.slice(2), { stdio: 'inherit' });"

mcp-grafana-HEAD/.claude-plugin/install-binary.mjs:149
HIGHTHR-EXEC-04 / Arbitrary command execution from tool arguments

spawn() called with a dynamically built command (heuristic — review): "BINARY_PATH, process.argv.slice(2), { stdio: 'inherit' });"

mcp-grafana-HEAD/.claude-plugin/install-binary.mjs:214
LOWTHR-NET-05 / Hardcoded outbound endpoints

4 non-local endpoint host(s) referenced in code — verify each is expected for this server's purpose: docs.victoriametrics.com (mcp-grafana-HEAD/tools/loki_backend_victorialogs.go:29), grafana.com (mcp-grafana-HEAD/mcpgrafana.go:79), opentelemetry.io (mcp-grafana-HEAD/observability/semconv.go:8), user (mcp-grafana-HEAD/validate_url.go:46)

mcp-grafana-HEAD/mcpgrafana.go:79
LOWTHR-VER-11 / Outdated MCP SDK or protocol version pin

obsolete protocol version string '2024-11-05' in source

mcp-grafana-HEAD/observability/observability_test.go:364
VERDICT: INCONCLUSIVESANDBOXED RUN — submitted server executed in a disposable microVM — compatibility not assessable: server never launched: no package.json or pyproject.toml at the repository root — Throne can launch Node (npm/pnpm/yarn) and Python (uv) projects / security: review — 8 finding(s), 2 highsealed by THRONE / No. 3be1f679 / 2026-06-12
executed in a disposable microVM, created for this scan and destroyed after it. nothing outlives a run.

maintainer of this server? challenge this record: hello@usethrone.dev. tell us what we got wrong and we re-run it in the open.

this page renders the stored record of a real run. nothing on it is asserted without the execution that proved it.