registry  /  @minicor/mcp-server  /  4.0.0

@minicor/mcp-server@4.0.0

Desktop and browser RPA automation, workflow management, and AI-powered debugging for the Minicor platform. Formerly Laminar.

AI Security Review

scanned 3h ago · by lpm-firewall-ai

Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.

Static reason
No blocking static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs `minicor-bootstrap` or invokes exposed MCP VM/code-mode tools.
Impact
Can grant Minicor MCP permissions in a workspace and execute installation/startup scripts on authorized managed VMs.
Mechanism
explicit agent-config mutation and authenticated remote script execution
Rationale
No concrete malicious chain or unconsented install-time mutation was found. The explicit agent configuration and VM execution capabilities warrant a warning rather than a block.
Evidence
package.jsondist/bootstrap.jsdist/tools/vm.jsdist/codemode.jsdist/setup.jsdist/paths.jsCLAUDE.md.claude/settings.local.json.cursor/rules/workspace.mdc.minicor/system-prompt.md
Network endpoints4
api.laminar.runca.api.laminar.runlam-vm-service-ernfuwetfa-uc.a.run.appwww.minicor.com/installs/desktop-service/ps1

Decision evidence

public snapshot
AI called this Suspicious at 93.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `dist/bootstrap.js` explicitly writes `CLAUDE.md`, `.claude/settings.local.json`, and Cursor rules.
  • Bootstrap adds a broad allowlist of `mcp__minicor__*` tools, including VM script execution.
  • `dist/tools/vm.js` downloads a PowerShell installer and submits scripts to authenticated VM `run-script` endpoints.
  • `dist/codemode.js` evaluates user-supplied code in a Node VM worker.
Evidence against
  • `package.json` has only `prepare`; no `preinstall`, `install`, or `postinstall` hook.
  • Bootstrap requires an explicit `minicor-bootstrap <target>` invocation and a local `minicor.json` workspace.
  • Observed network calls are authenticated Minicor/Laminar API and VM-service operations; no unrelated exfiltration endpoint found.
  • No automatic foreign AI-agent configuration mutation occurs during installation or import.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 50 file(s), 548 KB of source, external domains: 127.0.0.1, api.example.com, api.laminar.run, ca.api.laminar.run, docs.laminar.run, fonts.googleapis.com, fonts.gstatic.com, lam-vm-service-ernfuwetfa-uc.a.run.app, middleware-service-489511347341.northamerica-northeast1.run.app, middleware-service-ca-ernfuwetfa-nn.a.run.app, tfa-otp.minicor.com, www.minicor.com, www.w3.org, xxxx-yyyy.trycloudflare.com

Source & flagged code

1 flagged · loading source
dist/setup.jsView file
matchType = previous_version_dangerous_delta matchedPackage = @minicor/mcp-server@3.9.0 matchedIdentity = npm:QG1pbmljb3IvbWNwLXNlcnZlcg:3.9.0 similarity = 0.830 summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/setup.jsView on unpkg

Findings

1 High2 Medium5 Low
HighPrevious Version Dangerous Deltadist/setup.js
MediumNetwork
MediumEnvironment Vars
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings