registry  /  @engrym/mcp-server  /  1.4.0

@engrym/mcp-server@1.4.0

Engrym MCP server — Model Context Protocol launch-wedge surface. Ten launch tools per white paper §11.1; tool-registry pattern per build-doc §26.3; EMPTY-ENV wire-runtime over @engrym/sdk-ts (Slice-67.6); `engrym-mcp init` interactive setup per build-doc

AI Security Review

scanned 2h ago · by lpm-firewall-ai

Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.

Static reason
No blocking static signals were detected.
Trigger
User runs engrym-mcp init or a setup integration path; default start runs after config exists.
Impact
Can add Engrym MCP registrations and managed instruction blocks when invoked; no confirmed malicious impact.
Mechanism
explicit MCP server setup and package-aligned API client
Rationale
Static inspection shows explicit user-command AI-agent setup and repo instruction writes, but no lifecycle hook abuse, stealth persistence, credential exfiltration, or non-package-aligned network behavior. Per policy this is warning-level agent integration lifecycle risk rather than a publish block.
Evidence
package.jsonbin/engrym-mcp.jsdist/internal/server-entry.jsdist/init/mcp-init.jsdist/init/mcp-setup.jsdist/init/product-config.jsdist/init/claude-code-cli.jsdist/init/tool-targets.jsdist/init/engrym-md-adapter.jsdist/init/backfill.jsdist/transport/server.js~/.engrym/config.yaml~/.claude.json~/Library/Application Support/Claude/claude_desktop_config.json~/.config/Claude/claude_desktop_config.json~/.cursor/mcp.json~/.gemini/settings.json~/.codex/config.tomlCLAUDE.mdAGENTS.mdGEMINI.md.cursor/rules/engrym.mdENGRYM.md
Network endpoints2
api.engrym.comengrym.com

Decision evidence

public snapshot
AI called this Suspicious at 86.0% confidence as Unknown with medium false-positive risk.
Evidence for warning
  • dist/init/mcp-init.js writes product config then registers Claude Code on explicit init
  • dist/init/mcp-setup.js supports non-interactive setup for Claude/Cursor/Gemini/Codex configs
  • dist/init/engrym-md-adapter.js can write managed blocks into CLAUDE.md, AGENTS.md, GEMINI.md, and .cursor/rules/engrym.md when opted in
  • dist/init/backfill.js can zip user-selected local notes and send them through imports.create
Evidence against
  • package.json has no preinstall/install/postinstall lifecycle hooks
  • bin/engrym-mcp.js only imports local dist bundle or compiled entry and dispatches argv
  • agent/tool config mutation is under explicit init/setup paths, not install-time
  • target MCP registrations use npx @engrym/mcp-server@latest with empty env and do not place API keys in agent configs
  • dist/init/product-config.js writes the API key only to ~/.engrym/config.yaml with mode 0600 and logs path/project metadata only
  • runtime network is package-aligned REST API via configured apiUrl, default https://api.engrym.com
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 51 file(s), 630 KB of source, external domains: api.engrym.com, cursor.com, developers.openai.com, docs.anthropic.com, github.com, modelcontextprotocol.io
Oversized source lightweight scan
dist/engrym-mcp.bundle.mjs4.64 MB file, sampled 256 KB
HighEntropyStrings

Source & flagged code

2 flagged · loading source
bin/engrym-mcp.jsView file
62try { L63: mod = await import(pathToFileURL(entry).href); L64: } catch (importErr) {
Medium
Dynamic Require

Package source references dynamic require/import behavior.

bin/engrym-mcp.jsView on unpkg · L62
dist/engrym-mcp.bundle.mjsView file
path = dist/engrym-mcp.bundle.mjs kind = oversized_source_file sizeBytes = 4866046 magicHex = [redacted]
High
Oversized Source File

Package contains source files above the static scanner size ceiling.

dist/engrym-mcp.bundle.mjsView on unpkg

Findings

1 High3 Medium4 Low
HighOversized Source Filedist/engrym-mcp.bundle.mjs
MediumDynamic Requirebin/engrym-mcp.js
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings