registry  /  @stackwright-pro/mcp  /  0.2.0-alpha.107

@stackwright-pro/mcp@0.2.0-alpha.107

MCP tools for Stackwright Pro - Data Explorer, Security, ISR, and Dashboard generation

Static Scan Results

scanned 4d ago · by rust-scanner

Static analysis flagged 10 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsEvalFilesystemShell
Supply chain
HighEntropyStringsUrlStrings
Manifest
NoLicense
scanned 8 file(s), 633 KB of source, external domains: api.example.mil, ocsp.disa.mil

Source & flagged code

3 flagged · loading source
dist/server.jsView file
38try { L39: return JSON.parse(v); L40: } catch { ... L126: ...excludePatterns !== void 0 && { excludePatterns }, L127: projectRoot: projectRoot ?? process.cwd() L128: }); ... L252: } L253: if (!specPath.startsWith("http://") && !specPath.startsWith("https://")) { L254: if (import_fs.default.existsSync(specPath)) { ... L867: var import_fs2 = require("fs"); L868: var import_child_process = require("child_process"); L869: var import_path2 = __toESM(require("path"));
High
Obfuscated Payload Loader

Source contains an obfuscator-style string-array loader that reconstructs and executes hidden code.

dist/server.jsView on unpkg · L38
3734{ pattern: /\brequire\s*\(/, label: "require() call" }, L3735: { pattern: /\beval\s*\(/, label: "eval() call" }, L3736: { pattern: /^#!/m, label: "shebang" },
Low
Eval

Package source references a known benign dynamic code generation pattern.

dist/server.jsView on unpkg · L3734
dist/tools/type-schemas.jsView file
26module.exports = __toCommonJS(type_schemas_exports); L27: var import_zod = require("zod"); L28: function buildTypeSchemaSummary() {
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/tools/type-schemas.jsView on unpkg · L26

Findings

1 High3 Medium6 Low
HighObfuscated Payload Loaderdist/server.js
MediumDynamic Requiredist/tools/type-schemas.js
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowEvaldist/server.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License