registry  /  @keyvaluesystems/agent-opfor-mcp  /  0.10.0

@keyvaluesystems/agent-opfor-mcp@0.10.0

Opfor MCP server — expose red team tools to any MCP-compatible AI agent

Static Scan Results

scanned 4h ago · by rust-scanner

Static analysis flagged 13 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessEnvironmentVarsEvalFilesystemNetwork
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 0 file(s), 256 KB of source, external domains: cloud.langfuse.com
Oversized source lightweight scan
dist/index.js2.98 MB file, sampled 256 KB
FilesystemNetworkChildProcessEnvironmentVarsEvalHighEntropyStringsUrlStringscloud.langfuse.com

Source & flagged code

4 flagged · loading source
evaluators/mcp/disclosure/secret-exposure.yamlView file
63patternName = private_key_rsa severity = critical line = 63 matchedText = - Privat...----
Critical
Critical Secret

Package contains a critical-looking secret pattern.

evaluators/mcp/disclosure/secret-exposure.yamlView on unpkg · L63
63patternName = private_key_rsa severity = critical line = 63 matchedText = - Privat...----
Critical
Secret Pattern

RSA private key in evaluators/mcp/disclosure/secret-exposure.yaml

evaluators/mcp/disclosure/secret-exposure.yamlView on unpkg · L63
dist/index.jsView file
path = dist/index.js kind = oversized_source_file sizeBytes = 3121420 magicHex = [redacted]
High
Oversized Source File

Package contains source files above the static scanner size ceiling.

dist/index.jsView on unpkg
path = dist/index.js kind = oversized_cli_entrypoint sizeBytes = 3121420 magicHex = [redacted]
Medium
Oversized Cli Entrypoint

Package contains an oversized executable-looking CLI entrypoint.

dist/index.jsView on unpkg

Findings

2 Critical1 High4 Medium6 Low
CriticalCritical Secretevaluators/mcp/disclosure/secret-exposure.yaml
CriticalSecret Patternevaluators/mcp/disclosure/secret-exposure.yaml
HighOversized Source Filedist/index.js
MediumNetwork
MediumEnvironment Vars
MediumOversized Cli Entrypointdist/index.js
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowEval
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings