PyPI · pypi.org

couchbase-mcp-server

Remote Payload: matched "curl "

Why PkgRadar flagged 0.8.0

Severity	Signal	Evidence
medium	Remote Payload	matched "curl " · couchbase_mcp_server-0.8.0/.github/workflows/test.yml
medium	Remote Payload	matched "curl " · couchbase_mcp_server-0.8.0/.github/workflows/update-mcp-registry.yml
medium	Obfuscation Density	high encoded/escaped-token density · couchbase_mcp_server-0.8.0/website/package-lock.json

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`0.8.1rc2`	Low risk	0	2026-06-08
`0.8.1rc1`	Low risk	0	2026-06-08
`0.8.0`	Review	29	2026-05-27

Block this in CI

PkgRadar gates couchbase-mcp-server (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi couchbase-mcp-server==0.8.0