registry  /  @hover-dev/mcp  /  0.35.0

@hover-dev/mcp@0.35.0

Hover MCP server — grounded browser actuation + crystallize a Playwright suite, for your own coding agent

AI Security Review

scanned 4h ago · by lpm-firewall-ai

Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.

Static reason
No blocking static signals were detected.
Trigger
User runs `hover-hook install` or starts `hover-mcp` and invokes its MCP tools
Impact
Adds Hover hooks to `.claude/settings.json`; MCP tools may write `.hover` and `__vibe_tests__` project artifacts and call Hover Cloud when configured
Mechanism
explicit agent hook setup plus package-aligned MCP browser/test automation
Rationale
Static inspection found an explicit Claude hook installer and MCP server with network/file capabilities aligned to Hover browser testing workflows, but no unconsented install-time mutation or concrete malicious chain. Per policy this explicit user-command agent config mutation is a warn-level lifecycle/capability risk, not a publish block.
Evidence
package.jsondist/hook.jsdist/mcp.js.claude/settings.json.hover/.env.hover/hover-map.md.hover/memory/__vibe_tests__/.hover/cache/optimized/
Network endpoints3
cloud.gethover.devlocalhost:5173localhost:${HOVER_CDP_PORT|9222}

Decision evidence

public snapshot
AI called this Suspicious at 86.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • dist/hook.js explicit `hover-hook install` writes `.claude/settings.json` hook commands
  • dist/hook.js session hooks can run on Claude Code SessionStart/UserPromptSubmit/Stop after user install
  • dist/mcp.js reads Hover cloud credentials via dependency and calls cloud APIs when cloud tools/hooks are invoked
Evidence against
  • package.json has no preinstall/install/postinstall lifecycle scripts
  • package.json bin entries are explicit CLIs: `hover-mcp` and `hover-hook`
  • dist/mcp.js MCP server actions are user/tool invoked and package-aligned for browser testing/spec generation
  • dist/mcp.js redacts password field values into env refs when crystallizing specs
  • dist/hook.js hook install is explicit command, not install-time mutation
  • No evidence of credential exfiltration, remote payload execution, destructive behavior, or stealth persistence
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemNetwork
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 2 file(s), 74.2 KB of source, external domains: cloud.gethover.dev

Source & flagged code

3 flagged · loading source
dist/hook.jsView file
Published source reference
Medium
Ai Review Evidence

dist/hook.js explicit `hover-hook install` writes `.claude/settings.json` hook commands

dist/hook.jsView on unpkg
Published source reference
Medium
Ai Review Evidence

dist/hook.js session hooks can run on Claude Code SessionStart/UserPromptSubmit/Stop after user install

dist/hook.jsView on unpkg
dist/mcp.jsView file
Published source reference
Medium
Suspicious Dependency Evidence

dist/mcp.js reads Hover cloud credentials via dependency and calls cloud APIs when cloud tools/hooks are invoked

dist/mcp.jsView on unpkg

Findings

5 Medium4 Low
MediumNetwork
MediumEnvironment Vars
MediumAi Review Evidencedist/hook.js
MediumAi Review Evidencedist/hook.js
MediumSuspicious Dependency Evidencedist/mcp.js
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings