AI Security Review
scanned 4d ago · by lpm-firewall-aiNo confirmed malicious attack surface. Runtime behavior is an MCP server/CLI that queries Italian Parliament data and, for one explicit CLI command, downloads and converts Senato bill PDFs.
Static reason
One or more suspicious static signals were detected.
Trigger
User runs italianparliament-mcp, italianparliament commands, or explicit italianparliament bill-text fetch
Impact
Network access to public parliament data sources; optional user-requested local markdown/PDF output only
Mechanism
package-aligned SPARQL/HTML/PDF fetching and MCP tool registration
Rationale
Static source inspection shows suspicious primitives are tied to documented, user-invoked parliament data retrieval and PDF conversion features, not stealthy install/import behavior. No exfiltration, credential access, persistence, destructive action, or agent control-surface mutation was found.
Evidence
package.jsondist/index.jsdist/cli.jsdist/worker.jsREADME.md
Network endpoints5
dati.camera.it/sparqldati.senato.it/sparqldocumenti.camera.it/apps/emendamenti/www.senato.it/leggi-e-documenti/disegni-di-legge/scheda-ddlwww.senato.it/leg/
Decision evidence
public snapshotAI called this Clean at 93.0% confidence as Benign with low false-positive risk.
Evidence for block
- dist/cli.js uses user-invoked execFile for agent-browser and lit in bill-text fetch
- dist/cli.js can write downloaded PDF to a temp dir and markdown to --out during bill-text fetch
- dist/cli.js and dist/index.js perform network requests for parliament data queries
Evidence against
- package.json has no preinstall/install/postinstall hooks; only prepublishOnly build
- dist/index.js starts an MCP stdio server and registers parliament-query tools; no install-time execution
- Network hosts are package-aligned Italian Parliament/open-data endpoints
- No process.env, home directory, credential harvesting, persistence, or AI-agent config mutation found
- dist/cli.js child_process and file writes are behind explicit CLI subcommand bill-text fetch
Behavioral surface
ChildProcessEvalFilesystemNetworkShell
HighEntropyStringsMinifiedObfuscatedUrlStrings
Source & flagged code
4 flagged · loading sourcedist/worker.jsView file
653patternName = generic_password
severity = medium
line = 653
matchedText = )`,enabl...,`\r
Medium
4|| (${a} === "string" && ${o} && ${o} == +${o} && !(${o} % 1))`).assign(s,(0,Y._)`+${o}`);return;case"boolean":n.elseIf((0,Y._)`${o} === "false" || ${o} === 0 || ${o} === null`).as...
L5: || ${a} === "boolean" || ${o} === null`).assign(s,(0,Y._)`[${o}]`)}}}function YI({gen:e,parentData:t,parentDataProperty:r},n){e.if((0,Y._)`${t} !== undefined`,()=>e.assign((0,Y._)`...
L6: missingProperty: ${n},
Low
Eval
Package source references a known benign dynamic code generation pattern.
dist/worker.jsView on unpkg · L4dist/index.jsView file
7733patternName = generic_password
severity = medium
line = 7733
matchedText = password...d]",
Medium
dist/cli.jsView file
7497patternName = generic_password
severity = medium
line = 7497
matchedText = password...d]",
Medium
Findings
5 Medium7 Low
MediumSecret Patterndist/worker.js
MediumNetwork
MediumStructural Risk Force Deep Review
MediumSecret Patterndist/index.js
MediumSecret Patterndist/cli.js
LowNon Install Lifecycle Scripts
LowScripts Present
LowEvaldist/worker.js
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings