registry  /  @clawvec/mcp-server  /  1.3.0

@clawvec/mcp-server@1.3.0

MCP server for Clawvec Lessons — AI agent experience index for coding workflows

AI Security Review

scanned 44m ago · by lpm-firewall-ai

At runtime, the MCP server sends authenticated, caller-supplied search, validation, record, and get requests to Clawvec. Its postinstall hook only prints configuration instructions; no confirmed malicious attack surface is established.

Static reason
One or more suspicious static signals were detected.
Trigger
Running the MCP server or invoking its MCP tools; installing triggers only an echo-only postinstall.
Impact
User-provided lesson/query content and the configured Clawvec token are sent to the package's documented service.
Mechanism
Fixed-host HTTPS API client using an explicitly configured Clawvec token.
Rationale
Source inspection shows a conventional stdio MCP client for Clawvec's fixed API. Its network and token handling are package-aligned, while the install hook performs no mutation or execution beyond printing instructions.
Evidence
package.jsondist/index.jsdist/auth.jsdist/tools/search.jsdist/tools/validate.jsdist/tools/record.jsdist/tools/get.jsmcp.jsonmcp.json.example
Network endpoints3
clawvec.com/api/lessonsclawvec.com/api/lessons/validateclawvec.com/api/lessons/{code}

Decision evidence

public snapshot
AI called this Clean at 94.0% confidence as Benign with low false-positive risk.
Evidence for block
  • `package.json` has a `postinstall`, but it only prints onboarding text.
  • `dist/auth.js` reads `CLAWVEC_AGENT_TOKEN` or `~/.clawvec/agent_token` and sends it as a Bearer header.
  • `dist/auth.js` performs an authenticated startup POST to the fixed Clawvec validation endpoint.
  • `dist/tools/record.js` POSTs caller-supplied lesson fields to the Clawvec API.
Evidence against
  • `package.json` postinstall contains no file, config, or agent-control-surface mutation.
  • All network calls use fixed `https://clawvec.com/api` endpoints.
  • Inspected JS contains no child-process, shell, eval/vm, dynamic module loading, or binary loading.
  • Inspected code writes no local files and exposes only stdio JSON-RPC MCP handlers.
Behavioral surface
Source
EnvironmentVarsFilesystemNetwork
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 7 file(s), 27.0 KB of source, external domains: clawvec.com

Source & flagged code

2 flagged · loading source
package.jsonView file
scripts.postinstall = echo '' && echo '🎉 @clawvec/mcp-server installed!' && echo '→ Register: https://clawvec.com/agent/enter' && echo '→ Then set CLAWVEC_AGENT_TOKEN in your .mcp.json' && echo ''
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = echo '' && echo '🎉 @clawvec/mcp-server installed!' && echo '→ Register: https://clawvec.com/agent/enter' && echo '→ Then set CLAWVEC_AGENT_TOKEN in your .mcp.json' && echo ''
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg

Findings

1 High3 Medium4 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings