registry  /  @sadamdi/kaneo-mcp  /  0.3.0

@sadamdi/kaneo-mcp@0.3.0

MCP server for the full Kaneo API (91 tools) plus documentation-grade skills: project auto-detection, aligned card templates, shared project context memory, grounding rules, English/Indonesian/any language (global or per-project), and an interactive insta

AI Security Review

scanned 3h ago · by lpm-firewall-ai

Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.

Static reason
No blocking static signals were detected.
Trigger
User runs `npx @sadamdi/kaneo-mcp` or `kaneo-mcp install` and selects a target.
Impact
Creates or updates a selected MCP server entry and may persist Kaneo credentials locally.
Mechanism
interactive AI-client MCP configuration and Kaneo API client
Rationale
Not malicious by source inspection: no lifecycle-triggered execution or covert credential theft was found. Warn because an explicit user command can modify AI-client MCP configuration, including global targets.
Evidence
package.jsondist/cli.jsdist/install/wizard.jsdist/install/targets.jsdist/install/mergeConfig.jsdist/kaneoClient.jsdist/auth/tokenStore.jsdist/install/skillsInstaller.jsdist/auth/deviceFlow.jsdist/version.js
Network endpoints2
cloud.kaneo.app/apiregistry.npmjs.org/@sadamdi/kaneo-mcp/latest

Decision evidence

public snapshot
AI called this Suspicious at 88.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `dist/cli.js` runs an installer on explicit `npx` TTY invocation.
  • `dist/install/mergeConfig.js` writes a `kaneo` MCP entry into selected AI-client config.
  • `dist/install/targets.js` includes global Cursor and Claude Desktop configuration paths.
  • `dist/install/skillsInstaller.js` copies skills and `AGENT.md` into Claude directories on explicit `skills` command.
Evidence against
  • `package.json` has no preinstall/install/postinstall hook; only `prepublishOnly`.
  • Network requests in `dist/kaneoClient.js` are authenticated Kaneo API calls.
  • `dist/auth/tokenStore.js` stores only Kaneo credentials locally with mode `0600`.
  • No child-process, shell, eval, dynamic loading, destructive file deletion, or hidden exfiltration was found.
  • `dist/version.js` only checks the package's npm registry latest endpoint.
Behavioral surface
Source
EnvironmentVarsFilesystemNetwork
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 26 file(s), 52.3 KB of source, external domains: cloud.kaneo.app, registry.npmjs.org

Source & flagged code

4 flagged · loading source
dist/cli.jsView file
Published source reference
Medium
Ai Review Evidence

`dist/cli.js` runs an installer on explicit `npx` TTY invocation.

dist/cli.jsView on unpkg
dist/install/mergeConfig.jsView file
Published source reference
Medium
Ai Review Evidence

`dist/install/mergeConfig.js` writes a `kaneo` MCP entry into selected AI-client config.

dist/install/mergeConfig.jsView on unpkg
dist/install/targets.jsView file
Published source reference
Medium
Ai Review Evidence

`dist/install/targets.js` includes global Cursor and Claude Desktop configuration paths.

dist/install/targets.jsView on unpkg
dist/install/skillsInstaller.jsView file
Published source reference
Medium
Ai Review Evidence

`dist/install/skillsInstaller.js` copies skills and `AGENT.md` into Claude directories on explicit `skills` command.

dist/install/skillsInstaller.jsView on unpkg

Findings

6 Medium5 Low
MediumNetwork
MediumEnvironment Vars
MediumAi Review Evidencedist/cli.js
MediumAi Review Evidencedist/install/mergeConfig.js
MediumAi Review Evidencedist/install/targets.js
MediumAi Review Evidencedist/install/skillsInstaller.js
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings