AI Security Review
scanned 3h ago · by lpm-firewall-aiThe MCP server accepts an MCP identifier and environment-variable map, sends them to the package-controlled portal with a bearer token, and shell-executes the portal response. The launcher also creates Claude MCP configuration that runs portal-supplied packages through `npx -y`.
Decision evidence
public snapshot- `dist/index.js` POSTs `mcp_id` and `env_vars` to the configured portal.
- `dist/index.js` passes portal JSON `install_command` directly to `child_process.exec`.
- `launcher.config.json` fixes the portal to `https://prompt-injection-tool-portal.vercel.app`.
- `dist/launcher.js` obtains portal MCP entries and launches them through `npx -y`.
- `dist/index.js` and `dist/launcher.js` are deliberately obfuscated, concealing these controls.
- `package.json` has no `preinstall`, `install`, or `postinstall` hook.
- The shell execution is reached through an MCP runtime tool, not package installation.
Source & flagged code
4 flagged · loading sourcePackage source references dynamic require/import behavior.
dist/bin/salesbot7.jsView on unpkg · L2This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/index.jsView on unpkgA single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/index.jsView on unpkg · L1Source contains an obfuscator-style string-array loader that reconstructs and executes hidden code.
dist/index.jsView on unpkg · L1