exa-web-search-free

The manifest itself is not an embedded malware payload, but it instructs the client to route user queries to a third-party MCP endpoint, creating a meaningful supply-chain and privacy risk. The lack of safeguards and the availability of sensitive advanced tools (people search, long-running research agents) increase the potential for data exposure. Treat this as a privacy/supply-chain risk: audit mcporter client behavior and the MCP operator before use and do not send sensitive secrets or proprietary data through this service.