Add MseeP.ai badge

[mseep-ai]

Hi there,

This pull request shares a security update on off-grid-mobile-ai.

We also have an entry for off-grid-mobile-ai in our directory, MseeP.ai, where we provide regular security and trust updates on your app.

We invite you to add our badge for your MCP server to your README to help your users learn from a third party that provides ongoing validation of off-grid-mobile-ai.

You can easily take control over your listing for free: visit it at https://mseep.ai/app/alichherawalla-off-grid-mobile-ai.

Thanks,

The MseeP Team
MCP servers you can trust

---

Here are our latest evaluation results of off-grid-mobile-ai

Security Scan Results

Security Score: 78/100

Risk Level: moderate

Scan Date: 2026-05-07

Score starts at 100, deducts points for security issues, and adds points for security best practices

Detected Vulnerabilities

High Severity

• fast-xml-parser

  • [{'source': 1113567, 'name': 'fast-xml-parser', 'dependency': 'fast-xml-parser', 'title': 'fast-xml-parser has an entity encoding bypass via regex injection in DOCTYPE entity names', 'url': 'https://github.com/advisories/GHSA-m7jm-9gc2-mpf2', 'severity': 'critical', 'cwe': ['CWE-185'], 'cvss': {'score': 9.3, 'vectorString': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:N'}, 'range': '>=4.1.3 <4.5.4'}, {'source': 1113570, 'name': 'fast-xml-parser', 'dependency': 'fast-xml-parser', 'title': 'fast-xml-parser affected by DoS through entity expansion in DOCTYPE (no expansion limit)', 'url': 'https://github.com/advisories/GHSA-jmr7-xgp7-cmfj', 'severity': 'high', 'cwe': ['CWE-776'], 'cvss': {'score': 7.5, 'vectorString': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}, 'range': '>=4.1.3 <4.5.4'}, {'source': 1114149, 'name': 'fast-xml-parser', 'dependency': 'fast-xml-parser', 'title': 'fast-xml-parser has stack overflow in XMLBuilder with preserveOrder', 'url': 'https://github.com/advisories/GHSA-fj3w-jwp8-x2g3', 'severity': 'low', 'cwe': ['CWE-120'], 'cvss': {'score': 0, 'vectorString': None}, 'range': '>=4.0.0-beta.0 <4.5.4'}, {'source': 1115338, 'name': 'fast-xml-parser', 'dependency': 'fast-xml-parser', 'title': 'fast-xml-parser affected by numeric entity expansion bypassing all entity expansion limits (incomplete fix for CVE-2026-26278)', 'url': 'https://github.com/advisories/GHSA-8gc5-j5rx-235r', 'severity': 'high', 'cwe': ['CWE-776'], 'cvss': {'score': 7.5, 'vectorString': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}, 'range': '>=4.0.0-beta.3 <4.5.5'}, {'source': 1116308, 'name': 'fast-xml-parser', 'dependency': 'fast-xml-parser', 'title': 'Entity Expansion Limits Bypassed When Set to Zero Due to JavaScript Falsy Evaluation in fast-xml-parser', 'url': 'https://github.com/advisories/GHSA-jp2q-39xq-3w4g', 'severity': 'moderate', 'cwe': ['CWE-1284'], 'cvss': {'score': 5.9, 'vectorString': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H'}, 'range': '>=4.0.0-beta.3 <4.5.5'}, {'source': 1116957, 'name': 'fast-xml-parser', 'dependency': 'fast-xml-parser', 'title': 'fast-xml-parser XMLBuilder: XML Comment and CDATA Injection via Unescaped Delimiters', 'url': 'https://github.com/advisories/GHSA-gh4j-gqv2-49f6', 'severity': 'moderate', 'cwe': ['CWE-91'], 'cvss': {'score': 6.1, 'vectorString': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N'}, 'range': '<5.7.0'}]
  • Fixed in version: unknown

• xmldom

  • [{'source': 1091573, 'name': 'xmldom', 'dependency': 'xmldom', 'title': 'xmldom allows multiple root nodes in a DOM', 'url': 'https://github.com/advisories/GHSA-crh6-fp67-6883', 'severity': 'critical', 'cwe': ['CWE-20', 'CWE-1288'], 'cvss': {'score': 9.8, 'vectorString': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}, 'range': '<=0.6.0'}, {'source': 1096547, 'name': 'xmldom', 'dependency': 'xmldom', 'title': 'Misinterpretation of malicious XML input', 'url': 'https://github.com/advisories/GHSA-5fg8-2547-mr8q', 'severity': 'moderate', 'cwe': ['CWE-116'], 'cvss': {'score': 6.5, 'vectorString': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N'}, 'range': '<=0.6.0'}, {'source': 1116958, 'name': 'xmldom', 'dependency': 'xmldom', 'title': 'xmldom: Uncontrolled recursion in XML serialization leads to DoS', 'url': 'https://github.com/advisories/GHSA-2v35-w6hq-6mfw', 'severity': 'high', 'cwe': ['CWE-674'], 'cvss': {'score': 0, 'vectorString': None}, 'range': '<=0.6.0'}, {'source': 1116961, 'name': 'xmldom', 'dependency': 'xmldom', 'title': 'xmldom has XML injection through unvalidated DocumentType serialization', 'url': 'https://github.com/advisories/GHSA-f6ww-3ggp-fr8h', 'severity': 'high', 'cwe': ['CWE-91'], 'cvss': {'score': 0, 'vectorString': None}, 'range': '<=0.6.0'}, {'source': 1116964, 'name': 'xmldom', 'dependency': 'xmldom', 'title': 'xmldom has XML node injection through unvalidated processing instruction serialization', 'url': 'https://github.com/advisories/GHSA-x6wf-f3px-wcqx', 'severity': 'high', 'cwe': ['CWE-91'], 'cvss': {'score': 0, 'vectorString': None}, 'range': '<=0.6.0'}, {'source': 1116967, 'name': 'xmldom', 'dependency': 'xmldom', 'title': 'xmldom has XML node injection through unvalidated comment serialization', 'url': 'https://github.com/advisories/GHSA-j759-j44w-7fr8', 'severity': 'high', 'cwe': ['CWE-91'], 'cvss': {'score': 0, 'vectorString': None}, 'range': '<=0.6.0'}, {'source': 1117098, 'name': 'xmldom', 'dependency': 'xmldom', 'title': 'xmldom: XML injection via unsafe CDATA serialization allows attacker-controlled markup insertion', 'url': 'https://github.com/advisories/GHSA-wh4c-j3r5-mjhp', 'severity': 'high', 'cwe': ['CWE-91'], 'cvss': {'score': 7.5, 'vectorString': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N'}, 'range': '<=0.6.0'}]
  • Fixed in version: unknown

Medium Severity

• @expo/config-plugins

  • ['@expo/plist', 'xml2js']
  • Fixed in version: unknown

• @expo/plist

  • ['xmldom']
  • Fixed in version: unknown

• @react-native-voice/voice

  • ['@expo/config-plugins']
  • Fixed in version: unknown

• ... and 12 more medium severity vulnerabilities

This security assessment was conducted by MseeP.ai, an independent security validation service for MCP servers. Visit our website to learn more about our security reviews.

[greptile-apps]

Your free trial has ended. If you'd like to continue receiving code reviews, you can add a payment method here.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[gemini-code-assist]

Code Review

This pull request adds a security assessment badge to the README.md. Feedback suggests addressing critical vulnerabilities in dependencies identified by the security report and improving the visual consistency of the badge placement by moving it into the centered header block.

[gemini-code-assist]

The security report linked by this badge identifies critical vulnerabilities in fast-xml-parser and xmldom. While adding the badge improves transparency, it is highly recommended to prioritize updating these dependencies to address the underlying security risks, especially since the PR is described as a 'security update'.

[gemini-code-assist]

The security badge is placed at the very top of the file, outside of the centered header block. This results in a left-aligned badge appearing above the centered logo and title, which is visually inconsistent with the rest of the document's style. Consider moving this badge into the <div align="center"> block or grouping it with the other status badges (lines 13-19) to maintain a cohesive layout.