registry  /  @sellable/admin-mcp  /  0.1.6

@sellable/admin-mcp@0.1.6

Sellable Admin MCP - cross-workspace operations and fulfillment tools

AI Security Review

scanned 5d ago · by lpm-firewall-ai

No confirmed malicious attack surface was found. Runtime capabilities are admin MCP tools that use user-provided Sellable, Slack, database, and browser/publisher configuration when invoked.

Static reason
No blocking static signals were detected.
Trigger
User runs sellable-admin-mcp and invokes MCP tools
Impact
Legitimate package-aligned operations can read or mutate configured Sellable/Slack/admin state; no unconsented install-time mutation or exfiltration was identified.
Mechanism
authenticated admin API/database/Slack/Notion operations
Rationale
Source inspection shows an MCP admin package with explicit runtime tools and package-aligned network use, not install-time compromise or hidden payload execution. Potentially powerful operations require configured credentials and explicit tool invocation, with no evidence of credential harvesting beyond intended local config reads.
Evidence
package.jsondist/index.jsdist/server.jsdist/auth.jsdist/api.jsdist/db.jsdist/tools/sellable.jsdist/tools/workspace.jsdist/tools/slackLists.jsdist/tools/dashboard.jsdist/tools/notionPublisher.jsskills/hermes-vps-desktop-setup/SKILL.mdsettings.jsonconfig-state.json~/.sellable-admin/settings.json~/.sellable-admin/config-state.json~/.claude/sellable-admin.json~/.sellable-admin/logs/notion-publish
Network endpoints2
app.sellable.devslack.com/api/

Decision evidence

public snapshot
AI called this Clean at 90.0% confidence as Benign with low false-positive risk.
Evidence for block
    Evidence against
    • package.json has no preinstall/install/postinstall hooks; bin only starts dist/index.js
    • dist/server.js registers MCP tools and waits on stdio; no import-time network or filesystem mutation found
    • dist/auth.js reads user-selected Sellable config from settings.json/env paths; it does not exfiltrate secrets outside tool requests
    • dist/api.js and dist/tools/sellable.js call configured Sellable API with bearer token for admin operations
    • dist/tools/slackLists.js and dist/tools/dashboard.js call Slack API using configured Slack token for workspace/canvas operations
    • dist/tools/notionPublisher.js uses spawnSync only in explicit MCP tool handlers for local Notion publishing/doctor commands
    Behavioral surface
    Source
    ChildProcessEnvironmentVarsFilesystemNetworkShell
    Supply chain
    HighEntropyStringsUrlStrings
    ManifestNo manifest risk signals triggered.
    scanned 21 file(s), 191 KB of source, external domains: 127.0.0.1, app.sellable.dev, slack.com, www.googleapis.com

    Source & flagged code

    0 flagged
    No flagged code excerpts are attached to this scan.

    Findings

    2 Medium4 Low
    MediumNetwork
    MediumEnvironment Vars
    LowScripts Present
    LowFilesystem
    LowHigh Entropy Strings
    LowUrl Strings