registry  /  @tmail/mcp  /  1.0.10

@tmail/mcp@1.0.10

⚠ Under review

TMail MCP Server — Model Context Protocol server for TMail agent mail API

Static Scan Results

scanned 5h ago · by rust-scanner

Static analysis flagged 13 finding(s) at 93.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
High-risk behavior combination matched malicious policy.; previous stored version diff introduced dangerous source

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsEvalFilesystemNetwork
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 2 file(s), 1.74 MB of source, external domains: caniuse.com, datatracker.ietf.org, github.com, issues.chromium.org, json-schema.org, nvlpubs.nist.gov, opencode.ai, raw.githubusercontent.com

Source & flagged code

5 flagged · loading source
dist/index.jsView file
3688try { L3689: new Function(""); L3690: return true;
High
Eval

Package source references dynamic code evaluation.

dist/index.jsView on unpkg · L3688
13850ref: validation_error_1.default, L13851: code: (0, codegen_1._)`require("ajv/dist/runtime/validation_error").default` L13852: });
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/index.jsView on unpkg · L13850
dist/cli.jsView file
5import { stripVTControlCharacters } from "node:util"; L6: import y, { stdin, stdout } from "node:process"; L7: import "node:readline"; ... L11: import * as nc from "node:crypto"; L12: import { createCipheriv, createDecipheriv, pbkdf2Sync, randomBytes, randomUUID } from "node:crypto"; L13: import { ZodOptional, z } from "zod"; L14: import { Http2ServerRequest, constants } from "http2"; L15: import { Readable } from "stream"; ... L460: } L461: globalThis.process.platform.startsWith("win"); L462: const S = Symbol("clack:cancel"); ... L519: terminal: !0
Critical
Credential Exfiltration

Source appears to send environment or credential material to an external endpoint.

dist/cli.jsView on unpkg · L5
5Trigger-reachable chain: manifest.bin -> dist/cli.js L5: import { stripVTControlCharacters } from "node:util"; L6: import y, { stdin, stdout } from "node:process"; L7: import "node:readline"; ... L11: import * as nc from "node:crypto"; L12: import { createCipheriv, createDecipheriv, pbkdf2Sync, randomBytes, randomUUID } from "node:crypto"; L13: import { ZodOptional, z } from "zod"; L14: import { Http2ServerRequest, constants } from "http2"; L15: import { Readable } from "stream"; ... L460: } L461: globalThis.process.platform.startsWith("win"); L462: const S = Symbol("clack:cancel"); ... L519: terminal: !0
Critical
Trigger Reachable Dangerous Capability

A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.

dist/cli.jsView on unpkg · L5
matchType = previous_version_dangerous_delta matchedPackage = @tmail/mcp@1.0.9 matchedIdentity = npm:QHRtYWlsL21jcA:1.0.9 similarity = 0.500 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/cli.jsView on unpkg

Findings

3 Critical1 High4 Medium5 Low
CriticalCredential Exfiltrationdist/cli.js
CriticalTrigger Reachable Dangerous Capabilitydist/cli.js
CriticalPrevious Version Dangerous Deltadist/cli.js
HighEvaldist/index.js
MediumDynamic Requiredist/index.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings