ToolTrust
C37/100
Smithery

sincetomorrow-cultural-intelligence

mcpsmithery

@Smithery

The cultural GPS for AI commerce. 504,472 aesthetic worlds mapped across 193 dimensions — from dark academia to k-beauty to quiet luxury. 3,154 autonomous agents update intelligence every 48 hours. 9 tools: product recommendations with affiliate links, brand cultural position, trend intelligence, commerce gap predictions, world comparisons, and live cultural signals. Free. Open source. MIT licensed. 14 AI companies already consume our data at 33,000+ requests/hour. Open Source Commerce For All.

By Smithery | 60 findings | Scanned 5/21/2026 | tooltrust-scanner/v0.3.12

4 High10 Medium13 Low33 Info

Risk Summary

Needs Approval

Dep Visibility plus Excessive Permissions raises enough risk that this tool should not be auto-trusted.

Potential impact: This finding indicates the tool should be reviewed before it is trusted.

Recommended action: Keep this tool behind manual approval and avoid unattended runs until the risky capabilities are narrowed or removed.

Suggested policy: keep this tool behind manual approval, do not allow unattended runs, and re-scan after narrowing risky permissions.

Security Findings (60)

  • HighAS-002

    ⚠️Excessive Permissions ×4

    tool declares network permission

    shop_worldcompound_querydcr_query

    tool declares exec permission

    cultural_profile

    Fix: Tool requests broad permissions (exec/fs/network). Validate input parameters using Enums where possible, and restrict file system operations to explicit allowed directories.

  • MediumAS-002

    ⚠️Excessive Permissions ×10

    tool declares fs permission

    cultural_profiledecodeexpandbrand_positioncompound_query

    tool declares db permission

    decoderecommendemergingcompound_querydcr_query

    Fix: Tool requests broad permissions (exec/fs/network). Validate input parameters using Enums where possible, and restrict file system operations to explicit allowed directories.

  • LowAS-011

    ℹ️Missing Rate-Limit / Timeout ×7

    tool performs network or execution operations but declares no rate-limit, timeout, or retry configuration

    shop_worldcultural_profileneighborspositionaudience_segmentcompound_querydcr_query

    Fix: Declare explicit rate-limit, timeout, and retry configuration for all network and execution tools. Implement exponential back-off and surface resource state to the calling agent.

  • LowAS-002

    ⚠️Excessive Permissions ×6

    tool declares http permission

    cultural_profileneighborspositionaudience_segmentcompound_query

    input schema exposes 11 properties (threshold: 10)

    compound_query

    Fix: Tool requests broad permissions (exec/fs/network). Validate input parameters using Enums where possible, and restrict file system operations to explicit allowed directories.

  • InfoAS-014

    ℹ️Dependency Inventory Unavailable ×33

    Tool did not expose metadata.dependencies or repo_url, so supply-chain coverage is limited.

    shop_worldresolve_vibeasklookup_creatorget_product_linkget_forecastdetect_anomaliescultural_profileresolvedecodeneighborspulseexpandpositionsignalgapbridgetrajectorycomparerecommendvelocitybrand_positionconstructsimulateemergingcreator_matchcreator_deployaudience_segmentad_creative_briefmedia_pyramidcompound_querydcr_queryget_trend_momentum

    Fix: Review and remediate the identified issue.

Scan this tool yourself

Reproduce this audit locally, integrate into CI, or let your agent audit its own tools.

Install once, then scan any MCP server:

$ curl -sfL https://raw.githubusercontent.com/AgentSafe-AI/tooltrust-scanner/main/install.sh | bash
$ tooltrust-scanner scan --server "npx -y sincetomorrow-cultural-intelligence"

Adjust the package name if your npm registry name differs from the tool ID. View source

Add badge to your README

Copy this Markdown to show your ToolTrust grade on GitHub.

[![ToolTrust Grade C](https://raw.githubusercontent.com/AgentSafe-AI/tooltrust-directory/main/docs/badges/grade-c.svg)](https://github.com/AgentSafe-AI/tooltrust-directory)