registry  /  @coldiq/mcp  /  0.3.22

@coldiq/mcp@0.3.22

An [MCP (Model Context Protocol)](https://modelcontextprotocol.io) server that exposes ColdIQ's B2B data marketplace to AI assistants. Connect it to Claude or any MCP-compatible client to search companies, find and enrich contacts, verify emails, track sa

AI Security Review

scanned 7d ago · by lpm-firewall-ai

No confirmed malicious attack surface. The package is a user-run MCP server that exposes ColdIQ API-backed tools and optional user-invoked skill loading.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
Running the coldiq-mcp bin and invoking MCP tools with COLDIQ_API_KEY set.
Impact
User-requested prospecting/search/enrichment requests are sent to ColdIQ; no install-time execution or persistence found.
Mechanism
MCP stdio server making authenticated API/tool requests
Rationale
Source inspection shows package-aligned MCP/network behavior activated by running the server or invoking tools, not install-time hijacking, exfiltration, persistence, or unauthorized agent control-surface writes. Scanner concerns about network/env usage are explained by the documented ColdIQ API client and optional skill loader.
Evidence
package.jsondist/index.jssrc/index.tssrc/client.tssrc/verb-client.tssrc/skills.tssrc/tools/load-skill.tssrc/tools/list-skills.ts
Network endpoints2
api.coldiq.comraw.githubusercontent.com/Cold-IQ/coldiq-marketplace-skills/main/.well-known/agent-skills/index.json

Decision evidence

public snapshot
AI called this Clean at 93.0% confidence as Benign with low false-positive risk.
Evidence for block
    Evidence against
    • package.json has no install/postinstall/prepare hook; only prepublishOnly build script.
    • dist/index.js registers MCP tools and connects stdio only when the bin is run.
    • src/client.ts requires COLDIQ_API_KEY and sends it as Bearer only to COLDIQ_API_URL defaulting to https://api.coldiq.com.
    • src/verb-client.ts wraps user-invoked tool inputs into POST requests to ColdIQ /v1 endpoints.
    • src/skills.ts fetches package-aligned skill catalog/body from Cold-IQ GitHub raw only via list_skills/load_skill tools, with optional user env override.
    • rg found no production fs writes, child_process, eval, native/binary loading, or AI-agent config/control-surface mutation.
    Behavioral surface
    Source
    EnvironmentVarsFilesystemNetwork
    Supply chain
    HighEntropyStringsUrlStrings
    Manifest
    NoLicense
    scanned 158 file(s), 1.07 MB of source, external domains: agfundernews.com, api.coldiq.com, api.companyenrich.com, api.peopledatalabs.com, apiv2.leadsfactory.io, app.fullenrich.com, apple.com, coldiq.com, example.com, fintech.global, images.trysignalbase.com, linkedin.com, maps.google.com, microsoft.com, mistral.ai, raw.example, raw.githubusercontent.com, reddit.com, schemas.agentskills.io, sumble.com, techcrunch.com, test-api.local, twitter.com, wework.com, www.coldiq.com, www.google.com, www.linkedin.com, www.reddit.com

    Source & flagged code

    1 flagged · loading source
    tests/skills.test.ts#virtual:normalized:round1View file
    44afterEach(() => { L45: globalThis.fetch = originalFetch L46: vi.restoreAllMocks() ... L49: it('listSkills returns name + description from the index', async () => { L50: globalThis.fetch = mockFetch({ L51: 'https://raw.githubusercontent.com/Cold-IQ/coldiq-marketplace-skills/main/.well-known/agent-skills/index.json': { L52: body: JSON.stringify(INDEX), L53: },
    Critical
    Builtin Api Tampering Exfiltration

    Source mutates builtin networking, serialization, module-loading, or filesystem APIs while forwarding data to an external endpoint.

    tests/skills.test.ts#virtual:normalized:round1View on unpkg · L44

    Findings

    1 Critical2 Medium6 Low
    CriticalBuiltin Api Tampering Exfiltrationtests/skills.test.ts#virtual:normalized:round1
    MediumNetwork
    MediumEnvironment Vars
    LowNon Install Lifecycle Scripts
    LowScripts Present
    LowFilesystem
    LowHigh Entropy Strings
    LowUrl Strings
    LowNo License