registry  /  @letoribo/mcpgql  /  1.0.2

@letoribo/mcpgql@1.0.2

CLI tool for MCP GraphQL Enhanced

AI Security Review

scanned 1h ago · by lpm-firewall-ai

No confirmed malicious attack surface is established. The package is an explicit interactive CLI wrapper that launches a local or installed GraphQL service, optionally through the MCP Inspector.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User invokes `mcpgql` and selects a mode.
Impact
Executes the selected local or dependency-provided service process in the user's working directory; no source-confirmed exfiltration or persistence.
Mechanism
interactive child-process launcher for GraphQL service and MCP Inspector
Rationale
Static hints reflect explicit CLI process launching and `npx` usage, not a concrete malicious chain. Direct inspection found no install-time execution, harvesting, exfiltration, persistence, or destructive behavior.
Evidence
package.jsonindex.jscore.tsmcp-graphql-enhanced/dist/index.jsnode_modules/@letoribo/mcp-graphql-enhanced/dist/index.js

Decision evidence

public snapshot
AI called this Clean at 90.0% confidence as Benign with medium false-positive risk.
Evidence for block
  • `index.js` runs `npx tsx core.ts` through a shell when the CLI is invoked.
  • `core.ts` can launch `npx -y @modelcontextprotocol/inspector` after the user selects Inspector mode.
  • `core.ts` searches ancestor directories for a local `mcp-graphql-enhanced/dist/index.js` and executes it.
Evidence against
  • `package.json` has no preinstall, install, postinstall, or prepare lifecycle hook.
  • All process execution is behind explicit `mcpgql` invocation and interactive mode selection.
  • Source contains no credential harvesting, HTTP client, network endpoint, file writes, persistence, or destructive action.
  • The spawned commands are package-aligned launch paths for its GraphQL/MCP CLI purpose.
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemShell
Supply chainNo supply-chain packaging signals triggered.
Manifest
WildcardDependency
scanned 2 file(s), 2.33 KB of source

Source & flagged code

3 flagged · loading source
index.jsView file
1#!/usr/bin/env node L2: const { spawnSync } = require('child_process'); L3: const path = require('path');
High
Child Process

Package source references child process execution.

index.jsView on unpkg · L1
5const pathToCore = path.join(__dirname, 'core.ts'); L6: spawnSync('npx', ['tsx', pathToCore], { L7: stdio: 'inherit',
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

index.jsView on unpkg · L5
core.tsView file
matchType = previous_version_dangerous_delta matchedPackage = @letoribo/mcpgql@1.0.1 matchedIdentity = npm:QGxldG9yaWJvL21jcGdxbA:1.0.1 similarity = 1.000 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

core.tsView on unpkg

Findings

1 Critical3 High2 Medium2 Low
CriticalPrevious Version Dangerous Deltacore.ts
HighChild Processindex.js
HighShell
HighRuntime Package Installindex.js
MediumEnvironment Vars
MediumWildcard Dependency
LowScripts Present
LowFilesystem