registry  /  @aborruso/italianparliament-mcp  /  0.16.0

@aborruso/italianparliament-mcp@0.16.0

CLI and MCP server for querying Italian Parliament SPARQL endpoints (Camera dei Deputati and Senato della Repubblica)

AI Security Review

scanned 4d ago · by lpm-firewall-ai

No confirmed malicious attack surface. Runtime behavior is an MCP server/CLI that queries Italian Parliament data and, for one explicit CLI command, downloads and converts Senato bill PDFs.

Static reason
One or more suspicious static signals were detected.
Trigger
User runs italianparliament-mcp, italianparliament commands, or explicit italianparliament bill-text fetch
Impact
Network access to public parliament data sources; optional user-requested local markdown/PDF output only
Mechanism
package-aligned SPARQL/HTML/PDF fetching and MCP tool registration
Rationale
Static source inspection shows suspicious primitives are tied to documented, user-invoked parliament data retrieval and PDF conversion features, not stealthy install/import behavior. No exfiltration, credential access, persistence, destructive action, or agent control-surface mutation was found.
Evidence
package.jsondist/index.jsdist/cli.jsdist/worker.jsREADME.md
Network endpoints5
dati.camera.it/sparqldati.senato.it/sparqldocumenti.camera.it/apps/emendamenti/www.senato.it/leggi-e-documenti/disegni-di-legge/scheda-ddlwww.senato.it/leg/

Decision evidence

public snapshot
AI called this Clean at 93.0% confidence as Benign with low false-positive risk.
Evidence for block
  • dist/cli.js uses user-invoked execFile for agent-browser and lit in bill-text fetch
  • dist/cli.js can write downloaded PDF to a temp dir and markdown to --out during bill-text fetch
  • dist/cli.js and dist/index.js perform network requests for parliament data queries
Evidence against
  • package.json has no preinstall/install/postinstall hooks; only prepublishOnly build
  • dist/index.js starts an MCP stdio server and registers parliament-query tools; no install-time execution
  • Network hosts are package-aligned Italian Parliament/open-data endpoints
  • No process.env, home directory, credential harvesting, persistence, or AI-agent config mutation found
  • dist/cli.js child_process and file writes are behind explicit CLI subcommand bill-text fetch
Behavioral surface
Source
ChildProcessEvalFilesystemNetworkShell
Supply chain
HighEntropyStringsMinifiedObfuscatedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 3 file(s), 1.69 MB of source, external domains: aic.camera.it, dati.camera.it, dati.senato.it, documenti.camera.it, github.com, json-schema.org, lod.xdams.org, mathiasbynens.be, purl.org, raw.githubusercontent.com, www.camera.it, www.senato.it, www.w3.org, xmlns.com

Source & flagged code

4 flagged · loading source
dist/worker.jsView file
653patternName = generic_password severity = medium line = 653 matchedText = )`,enabl...,`\r
Medium
Secret Pattern

Package contains a possible secret pattern.

dist/worker.jsView on unpkg · L653
4|| (${a} === "string" && ${o} && ${o} == +${o} && !(${o} % 1))`).assign(s,(0,Y._)`+${o}`);return;case"boolean":n.elseIf((0,Y._)`${o} === "false" || ${o} === 0 || ${o} === null`).as... L5: || ${a} === "boolean" || ${o} === null`).assign(s,(0,Y._)`[${o}]`)}}}function YI({gen:e,parentData:t,parentDataProperty:r},n){e.if((0,Y._)`${t} !== undefined`,()=>e.assign((0,Y._)`... L6: missingProperty: ${n},
Low
Eval

Package source references a known benign dynamic code generation pattern.

dist/worker.jsView on unpkg · L4
dist/index.jsView file
7733patternName = generic_password severity = medium line = 7733 matchedText = password...d]",
Medium
Secret Pattern

Hardcoded password in dist/index.js

dist/index.jsView on unpkg · L7733
dist/cli.jsView file
7497patternName = generic_password severity = medium line = 7497 matchedText = password...d]",
Medium
Secret Pattern

Hardcoded password in dist/cli.js

dist/cli.jsView on unpkg · L7497

Findings

5 Medium7 Low
MediumSecret Patterndist/worker.js
MediumNetwork
MediumStructural Risk Force Deep Review
MediumSecret Patterndist/index.js
MediumSecret Patterndist/cli.js
LowNon Install Lifecycle Scripts
LowScripts Present
LowEvaldist/worker.js
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings