registry  /  @aborruso/italianparliament-mcp  /  0.14.0

@aborruso/italianparliament-mcp@0.14.0

CLI and MCP server for querying Italian Parliament SPARQL endpoints (Camera dei Deputati and Senato della Repubblica)

AI Security Review

scanned 4d ago · by lpm-firewall-ai

No confirmed malicious attack surface. Runtime behavior is a CLI/MCP server for querying Italian Parliament SPARQL/HTML/PDF sources; the only file writes and subprocesses are user-invoked bill text conversion paths.

Static reason
One or more suspicious static signals were detected.
Trigger
User runs CLI commands, starts the MCP server, or deploys/uses the Worker endpoint.
Impact
Network access to parliament data sources; optional local markdown output when user passes --out.
Mechanism
Public-data SPARQL/HTML/PDF retrieval and formatting
Rationale
The suspicious primitives are package-aligned: public parliament network queries, bundled validation/parser code, and an explicit local CLI conversion command. There is no install-time execution, credential collection, persistence, foreign agent control-surface mutation, or remote payload execution.
Evidence
package.jsondist/index.jsdist/cli.jsdist/worker.jsREADME.mdtemporary files under os.tmpdir()/billtext-*user-specified path via bill-text fetch --out
Network endpoints5
dati.camera.it/sparqldati.senato.it/sparqlwww.camera.itwww.senato.itdocumenti.camera.it/apps/emendamenti/

Decision evidence

public snapshot
AI called this Clean at 93.0% confidence as Benign with low false-positive risk.
Evidence for block
    Evidence against
    • package.json has only prepublishOnly build; no preinstall/install/postinstall hooks.
    • dist/index.js starts MCP stdio server and registers parliament-query tools; no fs/child_process imports found there.
    • dist/cli.js network calls target Italian Parliament endpoints and documented public sites.
    • dist/cli.js child_process/fs use is limited to explicit bill-text fetch CLI: agent-browser/lit, temp PDF, optional --out file.
    • dist/worker.js is Cloudflare Worker HTTP MCP wrapper with bundled dependencies; scanner eval/secret hits are AJV/codegen and vote field names.
    • No credential/env harvesting, persistence, AI-agent config mutation, or exfiltration endpoints found.
    Behavioral surface
    Source
    ChildProcessEvalFilesystemNetworkShell
    Supply chain
    HighEntropyStringsMinifiedObfuscatedUrlStrings
    ManifestNo manifest risk signals triggered.
    scanned 3 file(s), 1.67 MB of source, external domains: aic.camera.it, dati.camera.it, dati.senato.it, documenti.camera.it, github.com, json-schema.org, lod.xdams.org, mathiasbynens.be, purl.org, raw.githubusercontent.com, www.camera.it, www.senato.it, www.w3.org, xmlns.com

    Source & flagged code

    4 flagged · loading source
    dist/worker.jsView file
    622patternName = generic_password severity = medium line = 622 matchedText = )`,enabl...,`\r
    Medium
    Secret Pattern

    Package contains a possible secret pattern.

    dist/worker.jsView on unpkg · L622
    4|| (${a} === "string" && ${o} && ${o} == +${o} && !(${o} % 1))`).assign(s,(0,V._)`+${o}`);return;case"boolean":n.elseIf((0,V._)`${o} === "false" || ${o} === 0 || ${o} === null`).as... L5: || ${a} === "boolean" || ${o} === null`).assign(s,(0,V._)`[${o}]`)}}}function GI({gen:e,parentData:t,parentDataProperty:r},n){e.if((0,V._)`${t} !== undefined`,()=>e.assign((0,V._)`... L6: missingProperty: ${n},
    Low
    Eval

    Package source references a known benign dynamic code generation pattern.

    dist/worker.jsView on unpkg · L4
    dist/index.jsView file
    7596patternName = generic_password severity = medium line = 7596 matchedText = password...d]",
    Medium
    Secret Pattern

    Hardcoded password in dist/index.js

    dist/index.jsView on unpkg · L7596
    dist/cli.jsView file
    7442patternName = generic_password severity = medium line = 7442 matchedText = password...d]",
    Medium
    Secret Pattern

    Hardcoded password in dist/cli.js

    dist/cli.jsView on unpkg · L7442

    Findings

    5 Medium7 Low
    MediumSecret Patterndist/worker.js
    MediumNetwork
    MediumStructural Risk Force Deep Review
    MediumSecret Patterndist/index.js
    MediumSecret Patterndist/cli.js
    LowNon Install Lifecycle Scripts
    LowScripts Present
    LowEvaldist/worker.js
    LowFilesystem
    LowObfuscated
    LowHigh Entropy Strings
    LowUrl Strings