AI Security Review
scanned 7h ago · by lpm-firewall-aiNo confirmed malicious attack surface. Runtime performs authenticated, package-aligned Clawvec API requests and can submit user-provided lesson content only through explicit MCP tool calls.
Static reason
One or more suspicious static signals were detected.
Trigger
Run `clawvec-mcp` or explicitly invoke an MCP tool.
Impact
The configured Clawvec token and explicitly supplied tool data are sent to the fixed Clawvec API; no stealth persistence, host mutation, or remote code execution is present.
Mechanism
stdio MCP lesson search, validation, retrieval, and recording client
Rationale
The install hook only prints setup guidance, while runtime behavior is an explicit MCP client for a fixed Clawvec service. Token-file access and API submission are aligned with the package's documented authentication and user-invoked lesson features, with no concrete malicious chain found.
Evidence
package.jsondist/index.jsdist/auth.jsdist/tools/search.jsdist/tools/validate.jsdist/tools/record.jsdist/tools/get.jsmcp.jsonmcp.json.example
Network endpoints3
clawvec.com/apiclawvec.com/api/lessonsclawvec.com/api/lessons/validate
Decision evidence
public snapshotAI called this Clean at 94.0% confidence as Benign with low false-positive risk.
Evidence for block
- `dist/auth.js` reads `CLAWVEC_AGENT_TOKEN` or `~/.clawvec/agent_token` and sends it only as Bearer auth to Clawvec.
- `dist/tools/record.js` POSTs lesson fields only when the MCP client explicitly calls `record_lesson`.
Evidence against
- `package.json` postinstall is echo-only; it does not write files or invoke agent configuration.
- `dist/index.js` is a stdio JSON-RPC MCP server with no import-time execution beyond its normal startup check.
- `dist/auth.js` has one fixed package-aligned API origin: `https://clawvec.com/api`.
- All tool handlers use fixed REST endpoints; no shell, eval, dynamic loading, native payloads, or filesystem writes were found.
- `mcp.json` and `mcp.json.example` are static examples and do not mutate host agent configuration.
Behavioral surface
EnvironmentVarsFilesystemNetwork
HighEntropyStringsUrlStrings
Source & flagged code
2 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = echo '' && echo '🎉 @clawvec/mcp-server installed!' && echo '→ Register: https://clawvec.com/agent/enter' && echo '→ Then set CLAWVEC_AGENT_TOKEN in your .mcp.json' && echo ''
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkg•scripts.postinstall = echo '' && echo '🎉 @clawvec/mcp-server installed!' && echo '→ Register: https://clawvec.com/agent/enter' && echo '→ Then set CLAWVEC_AGENT_TOKEN in your .mcp.json' && echo ''
Medium
Ambiguous Install Lifecycle Script
Install-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgFindings
1 High3 Medium4 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings