AI Security Review
scanned 7d ago · by lpm-firewall-aiNo confirmed malicious attack surface. The package is a user-run MCP server that exposes ColdIQ API-backed tools and optional user-invoked skill loading.
Static reason
High-risk behavior combination matched malicious policy.
Trigger
Running the coldiq-mcp bin and invoking MCP tools with COLDIQ_API_KEY set.
Impact
User-requested prospecting/search/enrichment requests are sent to ColdIQ; no install-time execution or persistence found.
Mechanism
MCP stdio server making authenticated API/tool requests
Rationale
Source inspection shows package-aligned MCP/network behavior activated by running the server or invoking tools, not install-time hijacking, exfiltration, persistence, or unauthorized agent control-surface writes. Scanner concerns about network/env usage are explained by the documented ColdIQ API client and optional skill loader.
Evidence
package.jsondist/index.jssrc/index.tssrc/client.tssrc/verb-client.tssrc/skills.tssrc/tools/load-skill.tssrc/tools/list-skills.ts
Network endpoints2
api.coldiq.comraw.githubusercontent.com/Cold-IQ/coldiq-marketplace-skills/main/.well-known/agent-skills/index.json
Decision evidence
public snapshotAI called this Clean at 93.0% confidence as Benign with low false-positive risk.
Evidence for block
Evidence against
- package.json has no install/postinstall/prepare hook; only prepublishOnly build script.
- dist/index.js registers MCP tools and connects stdio only when the bin is run.
- src/client.ts requires COLDIQ_API_KEY and sends it as Bearer only to COLDIQ_API_URL defaulting to https://api.coldiq.com.
- src/verb-client.ts wraps user-invoked tool inputs into POST requests to ColdIQ /v1 endpoints.
- src/skills.ts fetches package-aligned skill catalog/body from Cold-IQ GitHub raw only via list_skills/load_skill tools, with optional user env override.
- rg found no production fs writes, child_process, eval, native/binary loading, or AI-agent config/control-surface mutation.
Behavioral surface
EnvironmentVarsFilesystemNetwork
HighEntropyStringsUrlStrings
NoLicense
Source & flagged code
1 flagged · loading sourcetests/skills.test.ts#virtual:normalized:round1View file
44afterEach(() => {
L45: globalThis.fetch = originalFetch
L46: vi.restoreAllMocks()
...
L49: it('listSkills returns name + description from the index', async () => {
L50: globalThis.fetch = mockFetch({
L51: 'https://raw.githubusercontent.com/Cold-IQ/coldiq-marketplace-skills/main/.well-known/agent-skills/index.json': {
L52: body: JSON.stringify(INDEX),
L53: },
Critical
Builtin Api Tampering Exfiltration
Source mutates builtin networking, serialization, module-loading, or filesystem APIs while forwarding data to an external endpoint.
tests/skills.test.ts#virtual:normalized:round1View on unpkg · L44Findings
1 Critical2 Medium6 Low
CriticalBuiltin Api Tampering Exfiltrationtests/skills.test.ts#virtual:normalized:round1
MediumNetwork
MediumEnvironment Vars
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License