registry  /  @aborruso/italianparliament-mcp  /  0.14.1

@aborruso/italianparliament-mcp@0.14.1

CLI and MCP server for querying Italian Parliament SPARQL endpoints (Camera dei Deputati and Senato della Repubblica)

AI Security Review

scanned 4d ago · by lpm-firewall-ai

No confirmed malicious attack surface. Runtime behavior queries Italian Parliament open-data endpoints through MCP/CLI tools; the only shell execution is an explicit user-invoked CLI workflow for Senato bill text conversion.

Static reason
One or more suspicious static signals were detected.
Trigger
User runs italianparliament-mcp MCP server, Cloudflare Worker, or italianparliament CLI commands.
Impact
Package can make network requests to parliament-related endpoints and, for one CLI subcommand, write a requested markdown output file.
Mechanism
SPARQL/HTTP data retrieval and optional user-invoked PDF conversion
Rationale
Static inspection shows a legitimate MCP/CLI package for Italian Parliament data with package-aligned networking and no install-time execution or covert collection/exfiltration. Suspicious primitives are user-invoked and documented, not an unconsented attack chain.
Evidence
package.jsondist/index.jsdist/cli.jsdist/worker.jsREADME.md
Network endpoints6
dati.camera.it/sparqldati.senato.it/sparqlwww.camera.itwww.senato.itdocumenti.camera.it/apps/emendamenti/italianparliament-mcp.andy-pr.workers.dev/mcp

Decision evidence

public snapshot
AI called this Clean at 91.0% confidence as Benign with low false-positive risk.
Evidence for block
  • dist/cli.js has explicit bill-text fetch using execFile for agent-browser and lit plus writeFile to user --out.
  • dist/worker.js exposes a Cloudflare Worker MCP HTTP endpoint with permissive CORS for /mcp.
Evidence against
  • package.json has no install/preinstall/postinstall hooks; only prepublishOnly build.
  • dist/index.js starts an MCP stdio server and registers parliament query tools only when invoked.
  • Network use is package-aligned SPARQL/Italian Parliament/document endpoints: dati.camera.it, dati.senato.it, camera.it, senato.it, documenti.camera.it.
  • No credential/env harvesting, persistence, destructive behavior, broad agent config mutation, or remote payload download/execute found.
  • dist/cli.js child_process usage is confined to explicit local CLI bill-text fetch command for browser/PDF conversion prerequisites.
Behavioral surface
Source
ChildProcessEvalFilesystemNetworkShell
Supply chain
HighEntropyStringsMinifiedObfuscatedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 3 file(s), 1.67 MB of source, external domains: aic.camera.it, dati.camera.it, dati.senato.it, documenti.camera.it, github.com, json-schema.org, lod.xdams.org, mathiasbynens.be, purl.org, raw.githubusercontent.com, www.camera.it, www.senato.it, www.w3.org, xmlns.com

Source & flagged code

4 flagged · loading source
dist/worker.jsView file
622patternName = generic_password severity = medium line = 622 matchedText = )`,enabl...,`\r
Medium
Secret Pattern

Package contains a possible secret pattern.

dist/worker.jsView on unpkg · L622
4|| (${a} === "string" && ${o} && ${o} == +${o} && !(${o} % 1))`).assign(s,(0,V._)`+${o}`);return;case"boolean":n.elseIf((0,V._)`${o} === "false" || ${o} === 0 || ${o} === null`).as... L5: || ${a} === "boolean" || ${o} === null`).assign(s,(0,V._)`[${o}]`)}}}function GI({gen:e,parentData:t,parentDataProperty:r},n){e.if((0,V._)`${t} !== undefined`,()=>e.assign((0,V._)`... L6: missingProperty: ${n},
Low
Eval

Package source references a known benign dynamic code generation pattern.

dist/worker.jsView on unpkg · L4
dist/index.jsView file
7596patternName = generic_password severity = medium line = 7596 matchedText = password...d]",
Medium
Secret Pattern

Hardcoded password in dist/index.js

dist/index.jsView on unpkg · L7596
dist/cli.jsView file
7442patternName = generic_password severity = medium line = 7442 matchedText = password...d]",
Medium
Secret Pattern

Hardcoded password in dist/cli.js

dist/cli.jsView on unpkg · L7442

Findings

5 Medium7 Low
MediumSecret Patterndist/worker.js
MediumNetwork
MediumStructural Risk Force Deep Review
MediumSecret Patterndist/index.js
MediumSecret Patterndist/cli.js
LowNon Install Lifecycle Scripts
LowScripts Present
LowEvaldist/worker.js
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings