MCP Security Index

Is Postman safe to install?

Postman · Dev tools · Streamable HTTP

Access Postman workspaces, collections, and environments to automate API workflows.

unrated exposureSource
unrated
Grade
Blast radius
Tools
Capabilities

Scan

AxioRank has not graded Postman yet

AxioRank could not enumerate Postman's surface (live handshake failed (HTTP 401 Unauthorized from https://mcp.postman.com/minimal); no usable well-known card (HTTP 404 fetching https://mcp.postman.com/.well-known/mcp.json)). Many remote servers gate even a read-only handshake behind OAuth. This listing stays factual and updates when a scan succeeds.

View the source

Install

Add Postman to your client

Drop this into your MCP client config (Claude Desktop, Cursor, and others).

mcp.json
{
  "mcpServers": {
    "postman": {
      "url": "https://mcp.postman.com/minimal"
    }
  }
}

Embed

Show the grade in your README

Links back to this page and updates when the grade changes.AxioRank grade for Postman
[![AxioRank MCP Security Index grade for Postman](https://axiorank.com/api/badge/mcp/postman.svg)](https://axiorank.com/mcp-index/postman)

How it works

About this grade

The grade reflects the blast radius of what Postman declares it can do, read-only, not whether it is secure or trustworthy, and not a judgment of the vendor. Maintain this server? Claim this listing or request a re-scan. See the methodology.

Email me this scorecard

Get the Postman grade in your inbox.

Let your agents use Postman safely

Route this server through AxioRank to allowlist its tools, hold risky calls for approval, and keep a signed audit trail of every action.

Start free