registry  /  @agimon-ai/mcp-proxy  /  0.21.1

@agimon-ai/mcp-proxy@0.21.1

MCP proxy server package

Static Scan Results

scanned 2h ago · by rust-scanner

Static analysis flagged 9 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
EnvironmentVarsNetwork
Supply chain
HighEntropyStringsMinifiedUrlStrings
Manifest
CopyleftLicense
scanned 6 file(s), 275 KB of source, external domains: example.com

Source & flagged code

3 flagged · loading source
dist/cli.mjsView file
1#!/usr/bin/env node L2: import{C as e,D as t,T as n,b as r,d as i,f as a,m as o,n as s,o as c,p as l,r as u,t as d,u as f,v as p,w as m}from"./src-Zg4U9-G-.mjs";import{constants as h,existsSync as g,readF... L3: Found tools: ... L45: # - Only HTTPS URLs are allowed (set security.enforceHttps: false to allow HTTP) L46: # - Private IPs and localhost are blocked (set security.allowPrivateIPs: true for internal networks) L47: # - Blocked ranges: 127.0.0.0/8, 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, 169.254.0.0/16
Low
Weak Crypto

Package source references weak cryptographic algorithms.

dist/cli.mjsView on unpkg · L1
dist/src-BI8DAOwP.cjsView file
1var e=Object.create,t=Object.defineProperty,n=Object.getOwnPropertyDescriptor,r=Object.getOwnPropertyNames,i=Object.getPrototypeOf,a=Object.prototype.hasOwnProperty,o=(e,i,o,s)=>{i... L2: ---`,3);if(n===-1)return{frontMatter:null,content:e};let r=t.slice(4,n).trim();if(!r)return{frontMatter:null,content:e};let i={},a=r.split(`
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

dist/src-BI8DAOwP.cjsView on unpkg · L1
1var e=Object.create,t=Object.defineProperty,n=Object.getOwnPropertyDescriptor,r=Object.getOwnPropertyNames,i=Object.getPrototypeOf,a=Object.prototype.hasOwnProperty,o=(e,i,o,s)=>{i... L2: ---`,3);if(n===-1)return{frontMatter:null,content:e};let r=t.slice(4,n).trim();if(!r)return{frontMatter:null,content:e};let i={},a=r.split(` ... L4: `).trimEnd():c===`folded`?i[o]=s.join(` `).trim():i[o]=s.join(``).trim()),o=null,s=[],c=null,l=0};for(let e=0;e<a.length;e++){let t=a[e],n=t.trim(),r=t.indexOf(`:`);if(r!==-1&&!t.s... L5: `)||``);return n?{promptName:t.name,skill:n.skill,autoDetected:!0}:null}catch(n){return this.logger.warn(`${D} Failed to fetch prompt '${t.name}' from ${e.serverName}: ${j(n)}`),nu... L6: <instruction>
High
Command Output Exfiltration

Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.

dist/src-BI8DAOwP.cjsView on unpkg · L1

Findings

2 High2 Medium5 Low
HighSame File Env Network Executiondist/src-BI8DAOwP.cjs
HighCommand Output Exfiltrationdist/src-BI8DAOwP.cjs
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowWeak Cryptodist/cli.mjs
LowHigh Entropy Strings
LowUrl Strings
LowCopyleft License