registry  /  @contextium/mcp-server  /  1.9.1

@contextium/mcp-server@1.9.1

MCP server for Contextium — pipe team SOPs, coding standards, and AI context directly into Claude, Cursor, and other AI coding assistants

AI Security Review

scanned 3h ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. Explicit setup can configure Contextium as an MCP server and allow-list its Claude Code tools. This is package-aligned agent extension setup, not unconsented install-time hijack.

Static reason
No blocking static signals were detected.
Trigger
User runs contextium-mcp-server setup, setup --remote, or logout/revoke
Impact
Adds/removes Contextium MCP entries and may reduce per-tool prompts for contextium tools; no exfiltration or remote payload execution found.
Mechanism
explicit MCP configuration and Claude Code permission allow-listing
Rationale
Source inspection shows explicit, package-aligned MCP setup and network access, with no install-time execution, exfiltration, obfuscation, shell execution, or payload staging. Because setup can write AI-agent control-surface config and permissions, warn rather than block.
Evidence
package.jsondist/index.jsdist/cli/setup.jsdist/cli/config-manager.jsdist/cli/credentials.jsdist/api-client.jsdist/server.jsREADME.md~/.contextium/credentials.json~/Library/Application Support/Claude/claude_desktop_config.json%APPDATA%/Claude/claude_desktop_config.json~/.config/Claude/claude_desktop_config.json.mcp.json~/.claude/settings.json
Network endpoints3
api.contextium.io/api/v1mcp.contextium.io/sseapp.contextium.io

Decision evidence

public snapshot
AI called this Suspicious at 88.0% confidence as Unknown with medium false-positive risk.
Evidence for warning
  • dist/cli/setup.js user-invoked setup can auto-update Claude Desktop or project MCP config.
  • dist/cli/config-manager.js writes ~/.claude/settings.json permission allow rule mcp__contextium__*.
  • dist/cli/config-manager.js writes .mcp.json with npx -y @contextium/mcp-server@latest.
  • dist/cli/config-manager.js writes Claude Desktop mcpServers contextium entries.
Evidence against
  • package.json has no install/preinstall/postinstall hook; only prepublishOnly build.
  • Network calls are aligned to Contextium API/MCP endpoints.
  • No child_process, eval, native binary, or staged payload behavior found.
  • Credentials are stored locally under ~/.contextium/credentials.json with 0600 mode.
  • Agent config mutation occurs via explicit setup/logout commands, not install-time execution.
Behavioral surface
Source
EnvironmentVarsFilesystemNetwork
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 91 file(s), 491 KB of source, external domains: api.contextium.io, app.contextium.io, mcp.contextium.io

Source & flagged code

4 flagged · loading source
dist/cli/setup.jsView file
Published source reference
Medium
Ai Review Evidence

dist/cli/setup.js user-invoked setup can auto-update Claude Desktop or project MCP config.

dist/cli/setup.jsView on unpkg
dist/cli/config-manager.jsView file
Published source reference
Medium
Ai Review Evidence

dist/cli/config-manager.js writes ~/.claude/settings.json permission allow rule mcp__contextium__*.

dist/cli/config-manager.jsView on unpkg
Published source reference
Medium
Ai Review Evidence

dist/cli/config-manager.js writes .mcp.json with npx -y @contextium/mcp-server@latest.

dist/cli/config-manager.jsView on unpkg
Published source reference
Medium
Ai Review Evidence

dist/cli/config-manager.js writes Claude Desktop mcpServers contextium entries.

dist/cli/config-manager.jsView on unpkg

Findings

6 Medium5 Low
MediumNetwork
MediumEnvironment Vars
MediumAi Review Evidencedist/cli/setup.js
MediumAi Review Evidencedist/cli/config-manager.js
MediumAi Review Evidencedist/cli/config-manager.js
MediumAi Review Evidencedist/cli/config-manager.js
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings