AI Security Review
scanned 3h ago · by lpm-firewall-aiNo confirmed malicious attack surface. The package is a runtime MCP bridge for App Store Connect using user-provided credentials and user-invoked MCP tool calls.
Static reason
One or more suspicious static signals were detected.
Trigger
User runs appstore-connect-mcp and invokes MCP tools
Impact
User-authorized App Store Connect API reads/writes/deletes depending on credential permissions and selected operation
Mechanism
JWT-authenticated App Store Connect API proxy
Rationale
Static inspection shows expected MCP/API behavior aligned with the package purpose, with no install-time execution or hidden exfiltration. Dangerous API methods are user-invoked App Store Connect capabilities rather than a concrete malicious chain.
Evidence
package.jsondist/index.jsdist/auth.jsdist/client.jsdist/server.jsdist/transport.jsdist/tools.jsdist/version.jsREADME.mddist/tools.jsonuser-specified APP_STORE_CONNECT_P8_FILE path
Network endpoints1
api.appstoreconnect.apple.com
Decision evidence
public snapshotAI called this Clean at 93.0% confidence as Benign with low false-positive risk.
Evidence for block
- README.md documents optional curl|bash installer from GitHub, but no installer script is packaged
- MCP call_api can perform user-requested POST/PATCH/DELETE against App Store Connect
Evidence against
- package.json has no preinstall/install/postinstall; only prepublishOnly build hook
- dist/index.js runs only as CLI/bin, loads App Store credentials from env/flags or user-specified p8 path
- dist/auth.js signs local JWTs; scanner secret hit is auth terminology/code, not embedded credential
- dist/client.js network target is fixed to https://api.appstoreconnect.apple.com
- dist/server.js exposes search/details/call/list MCP tools and delegates only named App Store operations
- No child_process, eval/vm/Function, package-time config mutation, persistence, or exfiltration endpoints found
Behavioral surface
CryptoEnvironmentVarsFilesystemNetwork
HighEntropyStringsUrlStrings
Source & flagged code
5 flagged · loading sourcedist/auth.jsView file
46patternName = private_key_rsa
severity = critical
line = 46
matchedText = if (trim...)) {
Critical
46patternName = private_key_rsa
severity = critical
line = 46
matchedText = if (trim...)) {
Critical
55patternName = private_key_rsa
severity = critical
line = 55
matchedText = return `...--`;
Critical
README.mdView file
130patternName = private_key_rsa
severity = critical
line = 130
matchedText = > "APP_S...---"
Critical
203patternName = private_key_rsa
severity = critical
line = 203
matchedText = -e APP_S...-" \
Critical
Findings
5 Critical2 Medium5 Low
CriticalCritical Secretdist/auth.js
CriticalSecret Patterndist/auth.js
CriticalSecret Patterndist/auth.js
CriticalSecret PatternREADME.md
CriticalSecret PatternREADME.md
MediumNetwork
MediumEnvironment Vars
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings