AI Security Review
scanned 2h ago · by lpm-firewall-aiNo confirmed malicious attack surface is established. The package is an explicit interactive CLI wrapper that launches a local or installed GraphQL service, optionally through the MCP Inspector.
Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User invokes `mcpgql` and selects a mode.
Impact
Executes the selected local or dependency-provided service process in the user's working directory; no source-confirmed exfiltration or persistence.
Mechanism
interactive child-process launcher for GraphQL service and MCP Inspector
Rationale
Static hints reflect explicit CLI process launching and `npx` usage, not a concrete malicious chain. Direct inspection found no install-time execution, harvesting, exfiltration, persistence, or destructive behavior.
Evidence
package.jsonindex.jscore.tsmcp-graphql-enhanced/dist/index.jsnode_modules/@letoribo/mcp-graphql-enhanced/dist/index.js
Decision evidence
public snapshotAI called this Clean at 90.0% confidence as Benign with medium false-positive risk.
Evidence for block
- `index.js` runs `npx tsx core.ts` through a shell when the CLI is invoked.
- `core.ts` can launch `npx -y @modelcontextprotocol/inspector` after the user selects Inspector mode.
- `core.ts` searches ancestor directories for a local `mcp-graphql-enhanced/dist/index.js` and executes it.
Evidence against
- `package.json` has no preinstall, install, postinstall, or prepare lifecycle hook.
- All process execution is behind explicit `mcpgql` invocation and interactive mode selection.
- Source contains no credential harvesting, HTTP client, network endpoint, file writes, persistence, or destructive action.
- The spawned commands are package-aligned launch paths for its GraphQL/MCP CLI purpose.
Behavioral surface
ChildProcessEnvironmentVarsFilesystemShell
WildcardDependency
Source & flagged code
3 flagged · loading sourceindex.jsView file
1#!/usr/bin/env node
L2: const { spawnSync } = require('child_process');
L3: const path = require('path');
High
5const pathToCore = path.join(__dirname, 'core.ts');
L6: spawnSync('npx', ['tsx', pathToCore], {
L7: stdio: 'inherit',
High
Runtime Package Install
Package source invokes a package manager install command at runtime.
index.jsView on unpkg · L5core.tsView file
•matchType = previous_version_dangerous_delta
matchedPackage = @letoribo/mcpgql@1.0.1
matchedIdentity = npm:QGxldG9yaWJvL21jcGdxbA:1.0.1
similarity = 1.000
summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta
This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
core.tsView on unpkgFindings
1 Critical3 High2 Medium2 Low
CriticalPrevious Version Dangerous Deltacore.ts
HighChild Processindex.js
HighShell
HighRuntime Package Installindex.js
MediumEnvironment Vars
MediumWildcard Dependency
LowScripts Present
LowFilesystem