Skip to content

Add badge for mcp-customs to README.md#520

Open
mcpcustoms wants to merge 3 commits into
stickerdaniel:mainfrom
mcpcustoms:main
Open

Add badge for mcp-customs to README.md#520
mcpcustoms wants to merge 3 commits into
stickerdaniel:mainfrom
mcpcustoms:main

Conversation

@mcpcustoms

Copy link
Copy Markdown

Ran your server through mcp-customs (https://github.com/mcpcustoms/mcp-customs), a free offline scanner I built that checks MCP servers for common security risks before install. It came back clean — 94/100.

Wrote up the full methodology (and where the tool got things wrong on other servers) here: https://dev.to/mcpcustoms/we-scanned-12-popular-mcp-servers-the-most-interesting-finding-was-our-own-false-positives-kcf

Adding the badge is obviously optional — totally fine to close this if you'd rather not, no hard feelings either way.

@greptile-apps

greptile-apps Bot commented Jun 19, 2026

Copy link
Copy Markdown
Contributor

Greptile Summary

This PR adds a third-party security-scan badge from mcp-customs to the README header, reporting a 94/100 scan score. The badge is added as an HTML anchor consistent with the surrounding badge style.

  • A static <a href="..."><img ...></a> badge is inserted into the existing <p> badge block, linking to mcpcustoms.github.io/?server=linkedin-mcp-server with target="_blank" matching sibling badges.
  • The badge carries a point-in-time score (CLEARED_94/100); as discussed in the PR thread, a date annotation or dynamic endpoint is a future improvement once the tool has a hosted lookup service.

Confidence Score: 5/5

Safe to merge — the change is a single HTML badge line in the README with no code or configuration touched.

The only changed file is README.md, adding one badge line. The badge uses the same HTML anchor pattern as all existing badges, includes target="_blank", and does not touch any source code, CI configuration, or dependencies.

No files require special attention.

Important Files Changed

Filename Overview
README.md Adds an mcp-customs security scan badge in HTML format with target="_blank" inside the existing badge block; uses correct HTML anchor syntax consistent with sibling badges.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[README.md badge block] --> B[PyPI badge]
    A --> C[CI Status badge]
    A --> D[Release badge]
    A --> E[License badge]
    A --> F[mcp-customs badge NEW]
    F --> G["mcpcustoms.github.io\n?server=linkedin-mcp-server\n(static score: 94/100)"]
Loading
%%{init: {'theme': 'base', 'themeVariables': {"darkMode": true, "background": "#0d1117", "primaryColor": "#21262d", "primaryTextColor": "#e6edf3", "primaryBorderColor": "#8b949e", "lineColor": "#8b949e", "textColor": "#e6edf3", "edgeLabelBackground": "#161b22", "actorBkg": "#21262d", "actorBorder": "#8b949e", "actorTextColor": "#e6edf3", "actorLineColor": "#8b949e", "signalColor": "#8b949e", "signalTextColor": "#e6edf3", "noteBkgColor": "#373320", "noteBorderColor": "#d4a72c", "noteTextColor": "#f0e6c0", "labelBoxBkgColor": "#21262d", "labelBoxBorderColor": "#8b949e", "labelTextColor": "#e6edf3", "loopTextColor": "#e6edf3", "activationBkgColor": "#30363d", "activationBorderColor": "#8b949e"}}}%%
flowchart TD
    A[README.md badge block] --> B[PyPI badge]
    A --> C[CI Status badge]
    A --> D[Release badge]
    A --> E[License badge]
    A --> F[mcp-customs badge NEW]
    F --> G["mcpcustoms.github.io\n?server=linkedin-mcp-server\n(static score: 94/100)"]
Loading

Reviews (3): Last reviewed commit: "Fix mcp-customs badge link in README" | Re-trigger Greptile

Comment thread README.md Outdated
Comment thread README.md Outdated
Comment thread README.md Outdated
<a href="https://github.com/stickerdaniel/linkedin-mcp-server/actions/workflows/ci.yml" target="_blank"><img src="https://github.com/stickerdaniel/linkedin-mcp-server/actions/workflows/ci.yml/badge.svg?branch=main" alt="CI Status"></a>
<a href="https://github.com/stickerdaniel/linkedin-mcp-server/actions/workflows/release.yml" target="_blank"><img src="https://github.com/stickerdaniel/linkedin-mcp-server/actions/workflows/release.yml/badge.svg?branch=main" alt="Release"></a>
<a href="https://github.com/stickerdaniel/linkedin-mcp-server/blob/main/LICENSE" target="_blank"><img src="https://img.shields.io/badge/License-Apache%202.0-%233fb950?labelColor=32383f" alt="License"></a>
[![mcp-customs](https://img.shields.io/badge/mcp--customs-CLEARED_94%2F100-brightgreen)](https://github.com/mcpcustoms/mcp-customs)

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 The badge label bakes in a point-in-time score (CLEARED_94%2F100). If the scanner is re-run with updated rules or its scoring model changes, the displayed score becomes stale and misleading. Consider a dynamic Shields.io endpoint driven by the tool's own API/badge URL if one is available, or at minimum document that the score is as-of a specific date.

Prompt To Fix With AI
This is a comment left during a code review.
Path: README.md
Line: 8

Comment:
The badge label bakes in a point-in-time score (`CLEARED_94%2F100`). If the scanner is re-run with updated rules or its scoring model changes, the displayed score becomes stale and misleading. Consider a dynamic Shields.io endpoint driven by the tool's own API/badge URL if one is available, or at minimum document that the score is as-of a specific date.

How can I resolve this? If you propose a fix, please make it concise.

Note: If this suggestion doesn't match your team's coding style, reply to this and let me know. I'll remember it for next time!

Copy link
Copy Markdown
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good point — right now mcp-customs is CLI-only with no live registry, so badges are necessarily a point-in-time snapshot. A dynamic Shields.io endpoint is exactly the kind of thing I'd want once there's a hosted lookup service behind it. For now I'll note the scan date if that's useful — happy to add "(scanned 2026-06-19)" to the badge text if you'd prefer that over a bare score.

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That context makes sense — a point-in-time score with an explicit date is a fair and transparent approach. Adding (scanned 2026-06-19) would address the staleness concern by making it clear the score reflects a specific snapshot rather than a continuously updated status.

Something like:

Suggested change
[![mcp-customs](https://img.shields.io/badge/mcp--customs-CLEARED_94%2F100-brightgreen)](https://github.com/mcpcustoms/mcp-customs)
[![mcp-customs](https://img.shields.io/badge/mcp--customs-CLEARED_94%2F100_scanned_2026--06--19-brightgreen)](https://github.com/mcpcustoms/mcp-customs)

That said, this is ultimately the repo owner's call — if they're comfortable with the bare score as-is, that's a valid choice too.

Tip: You can customize Greptile's behavior for this repo with .greptile/rules.md and .greptile/config.json.

Updated the mcp-customs badge link to point to the new URL.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant