registry  /  @mgsoftwarebv/mg-dashboard-mcp  /  7.4.5

@mgsoftwarebv/mg-dashboard-mcp@7.4.5

MCP Server for MG Dashboard - SSH, SFTP, Docker, domains, DNS, and environment config tools for Cursor

AI Security Review

scanned 1d ago · by lpm-firewall-ai

No confirmed malicious attack surface is established. The runtime is an explicitly invoked MCP administration server with SSH, SFTP, Docker, database, and proxy capabilities.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
User runs the mg-dashboard-mcp CLI with required credentials and invokes MCP tools or --proxy-url mode.
Impact
Authorized users can operate configured remote infrastructure; no stealth execution, harvesting, or unconsented persistence was found.
Mechanism
User-configured MCP administration and authenticated proxy bridge.
Rationale
The scanner's credential-exfiltration signal corresponds to explicit proxy authentication using user-provided credentials and an SSH signature, not hidden collection. Source inspection found no install-time execution, foreign AI-agent configuration mutation, stealth persistence, or unsolicited exfiltration.
Evidence
package.jsondist/index.js
Network endpoints3
dashboard.mgsoftware.nlapi.github.commijn.host/api/v2

Decision evidence

public snapshot
AI called this Clean at 95.0% confidence as Benign with medium false-positive risk.
Evidence for block
    Evidence against
    • package.json has no preinstall, install, or postinstall hook.
    • dist/index.js only starts from the declared CLI entrypoint.
    • Proxy authentication sends the supplied API key and SSH public-key signature only to the user-supplied proxy URL.
    • SSH key reads, tunnels, SFTP, Docker, and database operations are explicit MCP/admin capabilities.
    • dist/index.js applies tool/module authorization checks before dispatch.
    Behavioral surface
    Source
    ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
    Supply chain
    HighEntropyStringsUrlStrings
    ManifestNo manifest risk signals triggered.
    scanned 1 file(s), 548 KB of source, external domains: dashboard.mgsoftware.nl

    Source & flagged code

    3 flagged · loading source
    dist/index.jsView file
    1#!/usr/bin/env node L2: import { spawn } from 'child_process'; L3: import { existsSync, statSync, createReadStream, readFileSync } from 'fs'; ... L9: import { ListToolsRequestSchema, CallToolRequestSchema, isInitializeRequest, ListPromptsRequestSchema, GetPromptRequestSchema, ListResourcesRequestSchema, ReadResourceRequestSchema... L10: import { createServer as createServer$1 } from 'net'; L11: import { Client } from 'ssh2'; L12: import crypto, { randomUUID, createHash, randomBytes, createCipheriv, createDecipheriv } from 'crypto'; L13: import { readFile, mkdtemp, writeFile, rm } from 'fs/promises'; ... L20: import { once } from 'events'; L21: import { lookup } from 'dns/promises'; L22: import { connect } from 'tls'; ... L45: if (!path.startsWith("~")) return path;
    Critical
    Credential Exfiltration

    Source appears to send environment or credential material to an external endpoint.

    dist/index.jsView on unpkg · L1
    1Trigger-reachable chain: manifest.main -> dist/index.js L1: #!/usr/bin/env node L2: import { spawn } from 'child_process'; L3: import { existsSync, statSync, createReadStream, readFileSync } from 'fs'; ... L9: import { ListToolsRequestSchema, CallToolRequestSchema, isInitializeRequest, ListPromptsRequestSchema, GetPromptRequestSchema, ListResourcesRequestSchema, ReadResourceRequestSchema... L10: import { createServer as createServer$1 } from 'net'; L11: import { Client } from 'ssh2'; L12: import crypto, { randomUUID, createHash, randomBytes, createCipheriv, createDecipheriv } from 'crypto'; L13: import { readFile, mkdtemp, writeFile, rm } from 'fs/promises'; ... L20: import { once } from 'events'; L21: import { lookup } from 'dns/promises'; L22: import { connect } from 'tls'; ... L45: if (!path.startsWith("~")) return path;
    Critical
    Trigger Reachable Dangerous Capability

    A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.

    dist/index.jsView on unpkg · L1
    9971patternName = generic_password severity = medium line = 9971 matchedText = mysql --...ord"
    Medium
    Secret Pattern

    Package contains a possible secret pattern.

    dist/index.jsView on unpkg · L9971

    Findings

    2 Critical4 Medium5 Low
    CriticalCredential Exfiltrationdist/index.js
    CriticalTrigger Reachable Dangerous Capabilitydist/index.js
    MediumSecret Patterndist/index.js
    MediumNetwork
    MediumEnvironment Vars
    MediumStructural Risk Force Deep Review
    LowNon Install Lifecycle Scripts
    LowScripts Present
    LowFilesystem
    LowHigh Entropy Strings
    LowUrl Strings