registry  /  @augno/sdk-mcp  /  0.11.0

@augno/sdk-mcp@0.11.0

The official MCP Server for the Augno API

Static Scan Results

scanned 5d ago · by rust-scanner

Static analysis flagged 8 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessDynamicRequireEnvironmentVarsFilesystemNetworkShell
Supply chain
UrlStrings
ManifestNo manifest risk signals triggered.
scanned 44 file(s), 324 KB of source, external domains: deno.land

Source & flagged code

3 flagged · loading source
instructions.jsView file
7exports.getInstructions = getInstructions; L8: const promises_1 = __importDefault(require("fs/promises")); L9: const logger_1 = require("./logger.js");
Medium
Dynamic Require

Package source references dynamic require/import behavior.

instructions.jsView on unpkg · L7
package.jsonView file
scripts registry_only=start
Critical
Manifest Confusion

Tarball package.json differs from the npm registry version manifest for scripts or dependency sets.

package.jsonView on unpkg
Remote tarball dependency specs: jq-web@https://github.com/stainless-api/jq-web/releases/download/v0.8.8/jq-web.tar.gz
Medium
Remote Tarball Dependency

Package manifest contains a dependency pinned to a remote tarball URL.

package.jsonView on unpkg

Findings

1 Critical4 Medium3 Low
CriticalManifest Confusionpackage.json
MediumDynamic Requireinstructions.js
MediumNetwork
MediumEnvironment Vars
MediumRemote Tarball Dependencypackage.json
LowScripts Present
LowFilesystem
LowUrl Strings