AI Security Review
scanned 5d ago · by lpm-firewall-aiNo confirmed malicious attack surface. Runtime network use is the advertised MCP/API function and requires a user-provided ColdIQ API key.
Static reason
High-risk behavior combination matched malicious policy.
Trigger
User starts the MCP server and invokes its tools.
Impact
Expected B2B data lookup and skill guide retrieval; no unauthorized persistence, exfiltration, or install-time mutation found.
Mechanism
MCP tool server forwarding user inputs to ColdIQ API and optional skills catalog fetch.
Rationale
Static inspection shows an advertised ColdIQ MCP server with user-invoked API calls and optional first-party skill loading, not install-time mutation or covert data theft. The scanner's critical finding comes from test mock fetch mutation, not runtime exfiltration behavior.
Evidence
package.jsonsrc/index.tssrc/client.tssrc/skills.tssrc/tools/call-endpoint.tssrc/tools/load-skill.tssrc/tools/list-skills.tstests/skills.test.tsREADME.md
Network endpoints2
api.coldiq.comraw.githubusercontent.com/Cold-IQ/coldiq-marketplace-skills/main/.well-known/agent-skills/index.json
Decision evidence
public snapshotAI called this Clean at 91.0% confidence as Benign with low false-positive risk.
Evidence for block
Evidence against
- package.json has only prepublishOnly build script; no preinstall/install/postinstall hook.
- src/index.ts registers MCP tools and connects stdio; no file writes or agent config mutation.
- src/client.ts requires COLDIQ_API_KEY and sends user-invoked tool requests to package-aligned https://api.coldiq.com/v1 paths.
- src/skills.ts fetches a first-party GitHub raw skills index/body only when list_skills/load_skill are invoked.
- tests/skills.test.ts mutates globalThis.fetch only inside Vitest mocks; scanner tampering hint is test-only.
- rg found no child_process, eval/vm/Function, native binary loading, persistence, or credential/file harvesting in src/dist.
Behavioral surface
EnvironmentVarsFilesystemNetwork
HighEntropyStringsUrlStrings
NoLicense
Source & flagged code
1 flagged · loading sourcetests/skills.test.ts#virtual:normalized:round1View file
44afterEach(() => {
L45: globalThis.fetch = originalFetch
L46: vi.restoreAllMocks()
...
L49: it('listSkills returns name + description from the index', async () => {
L50: globalThis.fetch = mockFetch({
L51: 'https://raw.githubusercontent.com/Cold-IQ/coldiq-marketplace-skills/main/.well-known/agent-skills/index.json': {
L52: body: JSON.stringify(INDEX),
L53: },
Critical
Builtin Api Tampering Exfiltration
Source mutates builtin networking, serialization, module-loading, or filesystem APIs while forwarding data to an external endpoint.
tests/skills.test.ts#virtual:normalized:round1View on unpkg · L44Findings
1 Critical2 Medium6 Low
CriticalBuiltin Api Tampering Exfiltrationtests/skills.test.ts#virtual:normalized:round1
MediumNetwork
MediumEnvironment Vars
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License