registry  /  @peekdev/mcp  /  0.1.0-alpha.24

@peekdev/mcp@0.1.0-alpha.24

local-first browser-session forensics + repro for AI coding agents. peek's native messaging host + stdio MCP server — owns ~/.peek/sessions.db (better-sqlite3) and bridges the browser extension, CLI, and AI tools to one local source of truth.

Static Scan Results

scanned 2h ago · by rust-scanner

Static analysis flagged 8 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 39 file(s), 279 KB of source, external domains: app.example.com, example.com

Source & flagged code

2 flagged · loading source
package.jsonView file
scripts.postinstall = node ./scripts/postinstall-guard.mjs
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts/postinstall-guard.mjsView file
17try { L18: await import(pathToFileURL(postinstall).href); L19: } catch (err) {
Medium
Dynamic Require

Package source references dynamic require/import behavior.

scripts/postinstall-guard.mjsView on unpkg · L17

Findings

1 High3 Medium4 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumDynamic Requirescripts/postinstall-guard.mjs
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings