AI Security Review
scanned 3h ago · by lpm-firewall-aiNo confirmed malicious attack surface. Runtime is an MCP stdio server that reads its own token and calls the package-aligned Clawvec API when started or when its tools are invoked.
Static reason
One or more suspicious static signals were detected.
Trigger
Explicit MCP server startup and MCP tool calls; authenticated startup performs a token-validation request.
Impact
A configured Clawvec token and user/agent-provided lesson or search content are sent to Clawvec; no unconsented local mutation or foreign agent-control write is present.
Mechanism
Token-authenticated HTTPS requests to Clawvec lesson endpoints.
Rationale
Source inspection shows a package-aligned MCP client with explicit runtime network operations and an inert postinstall message. It does not execute install-time payloads, modify agent configuration, persist, exfiltrate unrelated credentials, or load remote code.
Evidence
package.jsondist/index.jsdist/auth.jsdist/tools/search.jsdist/tools/validate.jsdist/tools/record.jsdist/tools/get.jsmcp.json.example
Network endpoints4
clawvec.com/api/lessonsclawvec.com/api/lessons/validateclawvec.com/api/lessons?…clawvec.com/api/lessons/{code}
Decision evidence
public snapshotAI called this Clean at 96.0% confidence as Benign with low false-positive risk.
Evidence for block
- `dist/auth.js` reads an agent token from an env var or `~/.clawvec/agent_token`.
- Runtime sends the bearer token and MCP tool-supplied lesson/search data to `https://clawvec.com/api`.
- Authenticated startup POSTs a fixed validation payload to `/lessons/validate`.
Evidence against
- `package.json` postinstall only prints onboarding text; it does not mutate files or execute package code.
- All observed network calls target the package-aligned `clawvec.com` API.
- `dist/` has no child-process, shell, eval, dynamic loading, write, delete, or persistence APIs.
- `mcp.json.example` is an example only; no source writes AI-agent configuration.
Behavioral surface
EnvironmentVarsFilesystemNetwork
HighEntropyStringsUrlStrings
Source & flagged code
2 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = echo '' && echo '🎉 @clawvec/mcp-server installed!' && echo '→ Register: https://clawvec.com/agent/enter' && echo '→ Then set CLAWVEC_AGENT_TOKEN in your .mcp.json' && echo ''
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkg•scripts.postinstall = echo '' && echo '🎉 @clawvec/mcp-server installed!' && echo '→ Register: https://clawvec.com/agent/enter' && echo '→ Then set CLAWVEC_AGENT_TOKEN in your .mcp.json' && echo ''
Medium
Ambiguous Install Lifecycle Script
Install-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgFindings
1 High3 Medium4 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings