registry  /  @smart-coder-labs/nexusmind-mcp  /  0.4.5

@smart-coder-labs/nexusmind-mcp@0.4.5

NexusMind MCP server for Claude Code and Cursor — team memory that persists across sessions

AI Security Review

scanned 2h ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. No install-time malicious behavior is established. The real risk is explicit user-command AI agent setup that mutates Claude Code/Cursor configuration and registers a first-party Claude plugin marketplace.

Static reason
No blocking static signals were detected.
Trigger
User runs nexusmind-setup, nexusmind setup, or nexusmind sync-agents.
Impact
MCP server registration, first-party Claude plugin enablement, shell env additions, and optional project agent metadata writes.
Mechanism
explicit MCP/agent configuration and NexusMind API client
Rationale
Source inspection found explicit, documented agent configuration writes but no npm lifecycle execution, credential harvesting beyond the configured API key, or concrete exfiltration/remote payload chain. Per policy this should warn for first-party/explicit agent extension setup rather than block.
Evidence
package.jsondist/index.jsdist/client.jsdist/setup.jsdist/sync-agents.jsREADME.md~/.claude.json~/.claude/settings.json~/.cursor/mcp.json.cursor/mcp.json~/.zshrc~/.bashrc.nexusmind-agents.jsonCLAUDE.md
Network endpoints3
${NEXUSMIND_BASE_URL}localhost:8080github.com/smart-coder-labs/nexusmind-claude-plugin

Decision evidence

public snapshot
AI called this Suspicious at 86.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • dist/setup.js registers a Claude Code plugin marketplace entry for smart-coder-labs/nexusmind-claude-plugin during explicit setup.
  • dist/setup.js writes Claude/Cursor config and shell env vars when setup is invoked.
  • dist/sync-agents.js can update CLAUDE.md and write .nexusmind-agents.json from API data on explicit sync-agents command.
Evidence against
  • package.json has no preinstall/install/postinstall lifecycle scripts.
  • dist/client.js uses NEXUSMIND_BASE_URL and NEXUSMIND_API_KEY for package-aligned API calls.
  • No child_process, eval/vm/Function, native binary loading, or hidden remote code execution found.
  • Config writes are documented and bounded to NexusMind MCP/agent setup.
Behavioral surface
Source
EnvironmentVarsFilesystemNetwork
Supply chain
HighEntropyStrings
Manifest
NoLicense
scanned 4 file(s), 173 KB of source

Source & flagged code

1 flagged · loading source
dist/setup.jsView file
13import * as readline from 'node:readline/promises'; L14: import { stdin as input, stdout as output } from 'node:process'; L15: // ── Paths ───────────────────────────────────────────────────────────────────── L16: const HOME = homedir(); L17: const CLAUDE_JSON_PATH = join(HOME, '.claude.json'); ... L43: try { L44: return JSON.parse(readFileSync(path, 'utf8')); L45: } ... L64: function writeShellEnv(apiKey, baseUrl) { L65: for (const rc of [join(HOME, '.zshrc'), join(HOME, '.bashrc')]) { L66: if (!existsSync(rc)) ... L156: // API key + URL
Medium
Install Persistence

Source writes installer persistence such as shell profile or service configuration.

dist/setup.jsView on unpkg · L13

Findings

3 Medium4 Low
MediumNetwork
MediumEnvironment Vars
MediumInstall Persistencedist/setup.js
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowNo License