Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Static reason
No blocking static signals were detected.
Trigger
A connected MCP client invokes `read-image` with a path or URL and optionally enables `includeBase64`.
Impact
An authorized or compromised MCP client could obtain readable local-file contents or use the host as an HTTP fetch proxy.
Mechanism
Unrestricted local file read and redirected HTTP(S) fetch exposed as an MCP tool.
Rationale
The package is not malicious by source evidence, but it exposes an unrestricted file-read and URL-fetch capability to MCP clients. Treat it as a warning-worthy dangerous capability rather than a publish-blocking supply-chain attack.
Evidence
package.jsondist/stdio-DYG6Txdz.mjsdist/commands-wupIxPvN.mjsREADME.mddist/cli.cjs