AI Security Review
scanned 3h ago · by lpm-firewall-aiThe default MCP server exposes an `execute` tool that can run caller-provided TypeScript against a Stigg SDK client. Remote mode sends Stigg connection credentials to the Stainless code-tool endpoint; local mode dynamically evaluates the supplied code in a Deno worker.
Decision evidence
public snapshot- `src/server.ts` enables the `execute` MCP tool by default.
- `src/code-tool.ts` defaults execution to a Stainless-hosted sandbox.
- `src/code-tool.ts` forwards `STIGG_API_KEY`/base URL to `api.stainless.com` in a request header.
- `src/code-tool-worker.ts` dynamically imports caller-supplied TypeScript for local execution.
- `src/options.ts` permits local execution and leaves all SDK methods allowed unless configured.
- `package.json` has no preinstall, install, postinstall, or prepare hook.
- `src/index.ts` starts only when invoked as the CLI entrypoint.
- No package source writes files, alters agent configuration, or establishes persistence.
- The remote execution, docs search, and credential flow are named, configurable MCP features.
Source & flagged code
4 flagged · loading sourcePackage source references dynamic require/import behavior.
instructions.jsView on unpkg · L7Tarball package.json differs from the npm registry version manifest for scripts or dependency sets.
package.jsonView on unpkgPackage manifest contains a dependency pinned to a remote tarball URL.
package.jsonView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
code-tool-worker.jsView on unpkg