sequential-thinking

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The README explicitly instructs running remote code at runtime via "npx -y @modelcontextprotocol/server-sequential-thinking" (and/or "docker run ... mcp/sequentialthinking"), which fetches and executes external server code that provides the mcp__reasoning__sequentialthinking tool and therefore can directly control agent prompts/execution (see https://github.com/modelcontextprotocol/servers/tree/main/src/sequentialthinking).