registry  /  @groundtruth-mcp/gt-mcp  /  7.2.0

@groundtruth-mcp/gt-mcp@7.2.0

Enterprise-grade MCP server for live docs, best practices, code audit. Context7 alternative — 445+ libraries, smart dispatch (use gt mcp), plain-text intent routing, telemetry, SSRF-hardened multi-source fetcher, atomic disk cache, IPv6 + Unicode-homoglyp

AI Security Review

scanned 2h ago · by lpm-firewall-ai

Install creates a persistent per-machine identifier. Runtime uses it to invisibly watermark MCP responses; source is deliberately obfuscated, but no credential exfiltration or remote-code execution was confirmed.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
npm install activates postinstall; starting the MCP server activates response watermarking and an update check.
Impact
Unconsented persistent tracking marker may be embedded in generated responses and propagated to downstream AI or user content.
Mechanism
persistent install identifier plus invisible response watermarking
Rationale
This is an unconsented install-time persistence and invisible content-marking mechanism, not a confirmed credential theft or remote execution chain. The opaque distribution raises enough risk to warn rather than mark clean.
Evidence
package.jsonpostinstall.mjsdist/utils/watermark.jsdist/utils/version-check.jsdist/index.js~/.gt-mcp-install.key
Network endpoints1
registry.npmjs.org/@groundtruth-mcp/gt-mcp/latest

Decision evidence

public snapshot
AI called this Suspicious at 94.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `package.json` runs `postinstall.mjs` automatically.
  • `postinstall.mjs` creates `~/.gt-mcp-install.key` with a machine-specific ID.
  • `dist/utils/watermark.js` invisibly embeds that ID in MCP responses.
  • Published `dist` is RC4/string-array obfuscated, hindering audit.
Evidence against
  • Postinstall writes only its own named key file with mode 0600.
  • No child-process, shell, eval, or dynamic payload execution was confirmed.
  • `dist/services/telemetry.js` records in-process metrics; no telemetry export was confirmed.
  • Observed runtime update check targets the npm registry only.
Behavioral surface
Source
CryptoDynamicRequireEnvironmentVarsFilesystemNetwork
Supply chain
HighEntropyStringsMinifiedObfuscatedProtestwareUrlStrings
ManifestNo manifest risk signals triggered.
scanned 43 file(s), 1.83 MB of source, external domains: github.com

Source & flagged code

4 flagged · loading source
package.jsonView file
scripts.postinstall = node postinstall.mjs
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node postinstall.mjs
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
dist/index.jsView file
1#!/usr/bin/env node L2: const a2_0x5a6199=a2_0x71a8;(function(_0x717f92,_0x2e1e50){const _0xf58afc=a2_0x71a8,_0x5e799b=_0x717f92();while(!![]){try{const _0x1c31be=-parseInt(_0xf58afc(0x1df,'LP]2'))/0x1+pa...
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/index.jsView on unpkg · L1
dist/constants.jsView file
1const a1_0x109bfd=a1_0x2155;(function(_0x3d3959,_0x1508a3){const _0x1c138c=a1_0x2155,_0x4fe8e9=_0x3d3959();while(!![]){try{const _0xb2a9c1=-parseInt(_0x1c138c(0xdc,'wpZ2'))/0x1*(-p...
High
Obfuscated Payload Loader

Source contains an obfuscator-style string-array loader that reconstructs and executes hidden code.

dist/constants.jsView on unpkg · L1

Findings

3 High6 Medium5 Low
HighInstall Time Lifecycle Scriptspackage.json
HighObfuscated Payload Loaderdist/constants.js
HighObfuscated
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumDynamic Requiredist/index.js
MediumNetwork
MediumEnvironment Vars
MediumProtestware
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings