registry  /  @glidermcp/scout  /  0.2.0

@glidermcp/scout@0.2.0

Universal read-only code-intelligence MCP server: fuzzy and strict lexical search over any repository, any language.

Static Scan Results

scanned 8h ago · by rust-scanner

Static analysis flagged 6 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessEnvironmentVars
Supply chain
HighEntropyStrings
Manifest
NoLicense
scanned 1 file(s), 2.79 KB of source

Source & flagged code

2 flagged · loading source
bin/scout.jsView file
9L10: const { spawn } = require('child_process'); L11:
High
Child Process

Package source references child process execution.

bin/scout.jsView on unpkg · L9
49'(the npm optional-dependencies pitfall). Remove node_modules and the ' + L50: 'lockfile, reinstall, or run npx with a fresh cache. ' + L51: 'Set SCOUT_BINARY_PATH to a locally built scout binary to override.', ... L55: L56: const child = spawn(resolveBinary(), process.argv.slice(2), { L57: stdio: 'inherit',
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

bin/scout.jsView on unpkg · L49

Findings

2 High2 Medium2 Low
HighChild Processbin/scout.js
HighRuntime Package Installbin/scout.js
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowHigh Entropy Strings
LowNo License