registry  /  @rvry/mcp  /  1.0.0

@rvry/mcp@1.0.0

RVRY reasoning depth enforcement (RDE) engine client.

Static Scan Results

scanned 2d ago · by rust-scanner

Static analysis flagged 11 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
Manifest
WildcardDependency
scanned 5 file(s), 103 KB of source, external domains: docs.anthropic.com, engine.rvry.ai, rvry.ai

Source & flagged code

2 flagged · loading source
dist/setup.jsView file
15import { createInterface } from 'readline'; L16: import { execSync } from 'child_process'; L17: import { platform } from 'os';
High
Child Process

Package source references child process execution.

dist/setup.jsView on unpkg · L15
6* L7: * Usage: npx --yes --package @rvry/mcp@latest rvry-mcp setup L8: * npx --yes --package @rvry/mcp@latest rvry-mcp setup --token <value> ... L15: import { createInterface } from 'readline'; L16: import { execSync } from 'child_process'; L17: import { platform } from 'os';
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

dist/setup.jsView on unpkg · L6

Findings

3 High4 Medium4 Low
HighChild Processdist/setup.js
HighShell
HighRuntime Package Installdist/setup.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
MediumWildcard Dependency
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings