registry  /  @signaliz/sdk  /  1.0.23

@signaliz/sdk@1.0.23

Signaliz SDK for Find Email, Verify Email, Company Signal Enrichment, and Signal to Copy AI.

AI Security Review

scanned 2d ago · by lpm-firewall-ai

Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.

Static reason
No blocking static signals were detected.
Trigger
User invokes the `signaliz-mcp` bin without `test` or `tools`.
Impact
Future Claude Desktop, Cursor, or generic MCP-client startup may download and execute `@signaliz/mcp-server@latest`.
Mechanism
Explicit MCP configuration write with unpinned npx server registration.
Rationale
The package is not malicious by source inspection, but its explicit setup command modifies AI-agent configuration and delegates future execution to an unpinned external package. Per policy, this warrants a warning rather than a block.
Evidence
package.jsondist/index.jsdist/mcp-config.jsREADME.md~/Library/Application Support/Claude/claude_desktop_config.json./.cursor/mcp.json./.mcp/config.json
Network endpoints2
api.signaliz.com/functions/v1api.signaliz.com/token

Decision evidence

public snapshot
AI called this Suspicious at 93.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `dist/mcp-config.js` runs an explicit CLI setup that writes MCP agent configuration.
  • Setup targets Claude Desktop, Cursor, or `./.mcp/config.json` and registers a server using `npx -y @signaliz/mcp-server@latest`.
  • The registered server is unpinned and would fetch/execute that separate package when the configured client starts.
Evidence against
  • `package.json` has no preinstall/install/postinstall hook; `prepublishOnly` is publish-time only.
  • SDK network requests are limited to package-aligned `api.signaliz.com` endpoints and use caller-provided credentials.
  • No shell/process spawning, eval, credential harvesting, or import-time filesystem mutation appears in the shipped SDK entrypoint.
  • Config mutation occurs only after the user explicitly invokes the package bin.
Behavioral surface
Source
EnvironmentVarsFilesystemNetwork
Supply chain
UrlStrings
ManifestNo manifest risk signals triggered.
scanned 5 file(s), 76.8 KB of source, external domains: api.signaliz.com

Source & flagged code

2 flagged · loading source
dist/mcp-config.jsView file
Published source reference
Medium
Ai Review Evidence

`dist/mcp-config.js` runs an explicit CLI setup that writes MCP agent configuration.

dist/mcp-config.jsView on unpkg
mcp/config.jsonView file
Published source reference
Medium
Ai Review Evidence

Setup targets Claude Desktop, Cursor, or `./.mcp/config.json` and registers a server using `npx -y @signaliz/mcp-server@latest`.

mcp/config.jsonView on unpkg

Findings

5 Medium4 Low
MediumNetwork
MediumEnvironment Vars
MediumAi Review Evidencedist/mcp-config.js
MediumAi Review Evidencemcp/config.json
MediumAi Review Evidence
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowUrl Strings