registry  /  @ggaiteam/appstore-connect-mcp  /  1.0.4

@ggaiteam/appstore-connect-mcp@1.0.4

MCP server for the Apple App Store Connect API — exposes all 1200+ operations as MCP tools. Supports local (stdio) and remote (HTTP) deployment.

AI Security Review

scanned 3h ago · by lpm-firewall-ai

No confirmed malicious attack surface. The package is a runtime MCP bridge for App Store Connect using user-provided credentials and user-invoked MCP tool calls.

Static reason
One or more suspicious static signals were detected.
Trigger
User runs appstore-connect-mcp and invokes MCP tools
Impact
User-authorized App Store Connect API reads/writes/deletes depending on credential permissions and selected operation
Mechanism
JWT-authenticated App Store Connect API proxy
Rationale
Static inspection shows expected MCP/API behavior aligned with the package purpose, with no install-time execution or hidden exfiltration. Dangerous API methods are user-invoked App Store Connect capabilities rather than a concrete malicious chain.
Evidence
package.jsondist/index.jsdist/auth.jsdist/client.jsdist/server.jsdist/transport.jsdist/tools.jsdist/version.jsREADME.mddist/tools.jsonuser-specified APP_STORE_CONNECT_P8_FILE path
Network endpoints1
api.appstoreconnect.apple.com

Decision evidence

public snapshot
AI called this Clean at 93.0% confidence as Benign with low false-positive risk.
Evidence for block
  • README.md documents optional curl|bash installer from GitHub, but no installer script is packaged
  • MCP call_api can perform user-requested POST/PATCH/DELETE against App Store Connect
Evidence against
  • package.json has no preinstall/install/postinstall; only prepublishOnly build hook
  • dist/index.js runs only as CLI/bin, loads App Store credentials from env/flags or user-specified p8 path
  • dist/auth.js signs local JWTs; scanner secret hit is auth terminology/code, not embedded credential
  • dist/client.js network target is fixed to https://api.appstoreconnect.apple.com
  • dist/server.js exposes search/details/call/list MCP tools and delegates only named App Store operations
  • No child_process, eval/vm/Function, package-time config mutation, persistence, or exfiltration endpoints found
Behavioral surface
Source
CryptoEnvironmentVarsFilesystemNetwork
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 8 file(s), 30.2 KB of source, external domains: api.appstoreconnect.apple.com, github.com

Source & flagged code

5 flagged · loading source
dist/auth.jsView file
46patternName = private_key_rsa severity = critical line = 46 matchedText = if (trim...)) {
Critical
Critical Secret

Package contains a critical-looking secret pattern.

dist/auth.jsView on unpkg · L46
46patternName = private_key_rsa severity = critical line = 46 matchedText = if (trim...)) {
Critical
Secret Pattern

RSA private key in dist/auth.js

dist/auth.jsView on unpkg · L46
55patternName = private_key_rsa severity = critical line = 55 matchedText = return `...--`;
Critical
Secret Pattern

RSA private key in dist/auth.js

dist/auth.jsView on unpkg · L55
README.mdView file
130patternName = private_key_rsa severity = critical line = 130 matchedText = > "APP_S...---"
Critical
Secret Pattern

RSA private key in README.md

README.mdView on unpkg · L130
203patternName = private_key_rsa severity = critical line = 203 matchedText = -e APP_S...-" \
Critical
Secret Pattern

RSA private key in README.md

README.mdView on unpkg · L203

Findings

5 Critical2 Medium5 Low
CriticalCritical Secretdist/auth.js
CriticalSecret Patterndist/auth.js
CriticalSecret Patterndist/auth.js
CriticalSecret PatternREADME.md
CriticalSecret PatternREADME.md
MediumNetwork
MediumEnvironment Vars
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings