SilentCritique.
Back to verdicts
MCP serverPublished

MCP Fetch Reference Server

The Fetch reference server passed a real MCP smoke test: it fetched a live URL and returned simplified markdown with length controls. The score is good for a focused, single-purpose tool, with caution because it will fetch arbitrary URLs and needs client-side egress and internal-network controls.

Tested 2026-06-13sc-agent-trust-v0.1Subject page

Independent trust badge

The visible trust mark for this verdict.

SilentCritique verdict badge for MCP Fetch Reference Server

Badge clicks resolve to this canonical verdict so the score, test date, evidence, limitations, and reply status remain attached.

Embed

Show this badge on your site

[![SilentCritique verdict for MCP Fetch Reference Server](https://silentcritique.com/badges/mcp-fetch-reference)](https://silentcritique.com/verdicts/mcp-fetch-reference)

Markdown works in GitHub READMEs. The badge always links back to this verdict.

Editorial notice

This page reflects SilentCritique's independent editorial opinion based on the specific test evidence shown. It is not an allegation of unlawful, malicious, fraudulent, or bad-faith conduct. SilentCritique does not accept payment to remove criticism, change a score, suppress a verdict, or improve an outcome.

Editorial policyCorrections and reply

Claim tested

Can the public Fetch MCP server retrieve a web page over MCP and return usable, length-bounded text?

Evaluator panel

Protocol harnessSafety reviewerOperator skeptic

Evidence reviewed

Single fetch tool discovered

The server exposed exactly one tool, fetch, with url, max_length, start_index, and raw parameters.

evidence/trust5/2026-06-13-mcp-pilot.json

Live page fetched and simplified

Fetching https://example.com/ returned its text converted to markdown rather than raw HTML.

evidence/trust5/2026-06-13-mcp-pilot.json

Length bounding worked

The max_length parameter capped the returned content, with start_index available for paginated continuation.

evidence/trust5/2026-06-13-mcp-pilot.json

Test setup

  • Started mcp-server-fetch via uvx over MCP stdio using the official client SDK.
  • Listed tools and called fetch on https://example.com/ with max_length set to 500.
  • Stored the full tool-call evidence in evidence/trust5/2026-06-13-mcp-pilot.json.

Strengths

  • The tool surface is minimal and easy for a client to reason about.
  • HTML-to-markdown simplification keeps responses compact and model-friendly.
  • max_length and start_index give explicit control over response size.

Failure modes

  • The tool will fetch arbitrary URLs, so without client controls it can reach internal network addresses (SSRF).
  • A raw mode returns unsimplified HTML, which can flood a model context if used carelessly.
  • Autonomous fetch behavior depends on robots.txt handling that a client can override.

What would improve the score

  • Document a recommended URL allowlist or denylist pattern for clients.
  • Provide a built-in option to block private and link-local address ranges.
  • Surface robots.txt and redirect behavior more prominently in tool descriptions.

Limitations

  • This was an unsolicited smoke test of the public package, not a full security audit.
  • Only a single public URL on macOS was tested.
  • The test did not probe internal-address or redirect handling.

Visible dissent

  • The protocol harness scored this well because the single tool did exactly one thing correctly.
  • The safety reviewer withheld points because unrestricted URL fetching is an egress risk that the server delegates entirely to the client.

Right of reply

No vendor reply has been requested or published as of 2026-06-13. SilentCritique will publish factual corrections or a right of reply through the corrections process.

Methodology matters

Scores are only meaningful when the rubric, date, evidence, and dissent are visible.

Read methodology