registry  /  @coldiq/mcp  /  0.3.33

@coldiq/mcp@0.3.33

⚠ Under review

An [MCP (Model Context Protocol)](https://modelcontextprotocol.io) server that exposes ColdIQ's B2B data marketplace to AI assistants. Connect it to Claude or any MCP-compatible client to search companies, find and enrich contacts, verify emails, track sa

Static Scan Results

scanned 2h ago · by rust-scanner

Static analysis flagged 9 finding(s) at 86.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
High-risk behavior combination matched malicious policy.

Decision evidence

public snapshot
Behavioral surface
Source
EnvironmentVarsFilesystemNetwork
Supply chain
HighEntropyStringsUrlStrings
Manifest
NoLicense
scanned 173 file(s), 1.11 MB of source, external domains: agfundernews.com, api.coldiq.com, api.companyenrich.com, api.peopledatalabs.com, apiv2.leadsfactory.io, app.fullenrich.com, apple.com, coldiq.com, example.com, fintech.global, images.trysignalbase.com, linkedin.com, maps.google.com, microsoft.com, mistral.ai, raw.example, raw.githubusercontent.com, reddit.com, schemas.agentskills.io, sumble.com, techcrunch.com, test-api.local, twitter.com, wework.com, www.coldiq.com, www.google.com, www.linkedin.com, www.reddit.com

Source & flagged code

1 flagged · loading source
tests/skills.test.ts#virtual:normalized:round1View file
44afterEach(() => { L45: globalThis.fetch = originalFetch L46: vi.restoreAllMocks() ... L49: it('listSkills returns name + description from the index', async () => { L50: globalThis.fetch = mockFetch({ L51: 'https://raw.githubusercontent.com/Cold-IQ/coldiq-marketplace-skills/main/.well-known/agent-skills/index.json': { L52: body: JSON.stringify(INDEX), L53: },
Critical
Builtin Api Tampering Exfiltration

Source mutates builtin networking, serialization, module-loading, or filesystem APIs while forwarding data to an external endpoint.

tests/skills.test.ts#virtual:normalized:round1View on unpkg · L44

Findings

1 Critical2 Medium6 Low
CriticalBuiltin Api Tampering Exfiltrationtests/skills.test.ts#virtual:normalized:round1
MediumNetwork
MediumEnvironment Vars
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License