registry  /  @groundnuty/macf-channel-server  /  0.2.47

@groundnuty/macf-channel-server@0.2.47

MCP channel server for the Multi-Agent Coordination Framework. HTTPS + mTLS endpoint agents connect to for inter-agent messaging (notify), CI-completion routing, and /sign certificate issuance. Invoked by Claude Code's plugin via `npx -y @groundnuty/macf-

Static Scan Results

scanned 4d ago · by rust-scanner

Static analysis flagged 8 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 32 file(s), 323 KB of source, external domains: github.com

Source & flagged code

1 flagged · loading source
dist/otel.jsView file
120package = @groundnuty/macf-channel-server; repositoryIdentity = macf; dependency = @opentelemetry/api L120: import('@opentelemetry/exporter-metrics-otlp-proto'), L121: import('@opentelemetry/api'), L122: import('@opentelemetry/resources'),
High
Copied Package Dependency Bridge

Package metadata claims a different repository identity while copied source loads a runtime dependency bridge.

dist/otel.jsView on unpkg · L120

Findings

1 High3 Medium4 Low
HighCopied Package Dependency Bridgedist/otel.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings