registry  /  @minicor/mcp-server  /  3.9.0

@minicor/mcp-server@3.9.0

Desktop and browser RPA automation, workflow management, and AI-powered debugging for the Minicor platform. Formerly Laminar.

AI Security Review

scanned 3h ago · by lpm-firewall-ai

The runtime MCP server provides authenticated remote VM automation, including execution of caller-supplied Python. An explicit setup command can register this package as a Cursor MCP server; no install-time control-surface mutation was found.

Static reason
No blocking static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs the setup CLI or invokes VM tools through a configured MCP client with valid workspace credentials.
Impact
A connected AI client can cause arbitrary script execution on VMs authorized for the configured Minicor workspace.
Mechanism
Authenticated remote VM script execution and explicit Cursor MCP configuration.
Rationale
Source inspection found a real, high-impact remote-execution capability, but it is explicit, authenticated, and aligned with the declared RPA/VM product. The package is not concretely malicious, though its capability warrants a warning classification.
Evidence
package.jsondist/setup.jsdist/tools/vm.jsdist/seed-skills.jsdist/paths.jsdist/disk-token-store.js
Network endpoints3
api.laminar.runca.api.laminar.runlam-vm-service-ernfuwetfa-uc.a.run.app

Decision evidence

public snapshot
AI called this Suspicious at 86.0% confidence as Dangerous Capability with high false-positive risk.
Evidence for warning
  • `dist/tools/vm.js` exposes `vm_execute_script` to run supplied Python on authenticated VMs.
  • `dist/tools/vm.js` can request remote `/run-script` actions, including desktop-service installation.
  • `dist/setup.js` writes a Cursor MCP entry when the user runs its setup command.
  • `dist/seed-skills.js` uploads bundled skills using stored auth and an explicit admin key.
Evidence against
  • `package.json` has only `prepare: npm run build`; no preinstall/install/postinstall hook.
  • MCP config mutation is confined to the explicit `minicor-mcp-setup` command.
  • Network calls target Minicor/Laminar API and VM-service endpoints consistent with the package purpose.
  • No inspected source showed credential harvesting, stealth persistence, obfuscated payloads, or foreign-agent mutation during install.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 48 file(s), 496 KB of source, external domains: 127.0.0.1, api.example.com, api.laminar.run, ca.api.laminar.run, docs.laminar.run, fonts.googleapis.com, fonts.gstatic.com, lam-vm-service-ernfuwetfa-uc.a.run.app, middleware-service-489511347341.northamerica-northeast1.run.app, middleware-service-ca-ernfuwetfa-nn.a.run.app, tfa-otp.minicor.com, www.minicor.com, www.w3.org, xxxx-yyyy.trycloudflare.com

Source & flagged code

1 flagged · loading source
dist/setup.jsView file
matchType = previous_version_dangerous_delta matchedPackage = @minicor/mcp-server@3.6.0 matchedIdentity = npm:QG1pbmljb3IvbWNwLXNlcnZlcg:3.6.0 similarity = 0.756 summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/setup.jsView on unpkg

Findings

1 High2 Medium5 Low
HighPrevious Version Dangerous Deltadist/setup.js
MediumNetwork
MediumEnvironment Vars
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings