registry  /  @togglhq/mcp  /  1.5.20

@togglhq/mcp@1.5.20

⚠ Under review

Toggl Focus MCP server for Claude Code, Claude Desktop, and other MCP clients.

Static Scan Results

scanned 11d ago · by rust-scanner

Static analysis flagged 16 finding(s) at 86.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
High-risk behavior combination matched malicious policy.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsEvalFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
Manifest
NoLicense
scanned 1 file(s), 1.64 MB of source, external domains: accounts.toggl.com, datatracker.ietf.org, dotenvx.com, empty.invalid, example.com, focus.toggl.com, fonts.googleapis.com, fonts.gstatic.com, github.com, json-schema.org, raw.githubusercontent.com, react.dev, www.w3.org

Source & flagged code

8 flagged · loading source
build/index.jsView file
11import { createInterface } from "node:readline/promises"; L12: import { exec } from "node:child_process"; L13: import * as http from "node:http"; L14: import "date-fns"; ... L70: //#endregion L71: //#region ../../node_modules/.pnpm/@dotenvx+dotenvx@1.59.1/node_modules/@dotenvx/dotenvx/package.json L72: var require_package = /* @__PURE__ */ __commonJSMin$1(((exports, module) => { ... L165: INVALID_CONVENTION: "https://github.com/dotenvx/dotenvx/issues/761", L166: INVALID_PRIVATE_KEY: "https://github.com/dotenvx/dotenvx/issues/465", L167: INVALID_PUBLIC_KEY: "https://github.com/dotenvx/dotenvx/issues/756", L168: MALFORMED_ENCRYPTED_DATA: "https://github.com/dotenvx/dotenvx/issues/467", L169: MISPAIRED_PRIVATE_KEY: "https://github.com/dotenvx/dotenvx/issues/752",
Critical
Remote Asset Decode Execute

Source fetches a remote non-code asset, decodes its contents, and dynamically executes the decoded payload.

build/index.jsView on unpkg · L11
31764Trigger-reachable chain: manifest.exports -> build/index.js L31764: const cmd = process.platform === "darwin" ? "open" : process.platform === "win32" ? "start \"\"" : "xdg-open"; L31765: exec(`${cmd} "${url}"`, (err) => { L31766: if (err) process.stderr.write(`Could not open browser (${cmd}): ${err.message}\n`); L31767: }); ... L31773: function togglOAuthLocalRedirectUri(port = TOGGL_OAUTH_CALLBACK_PORT) { L31774: return `http://localhost:${port}/callback`; L31775: }
Critical
Trigger Reachable Dangerous Capability

A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.

build/index.jsView on unpkg · L31764
11import { createInterface } from "node:readline/promises"; L12: import { exec } from "node:child_process"; L13: import * as http from "node:http";
High
Child Process

Package source references child process execution.

build/index.jsView on unpkg · L11
112"eciesjs": "^0.4.10", L113: "execa": "^5.1.1", L114: "fdir": "^6.2.0",
High
Shell

Package source references shell execution.

build/index.jsView on unpkg · L112
9680} L9681: eval(key, value) { L9682: return evalKeyValue(key, value, this.processEnv, this.runningParsed);
High
Eval

Package source references dynamic code evaluation.

build/index.jsView on unpkg · L9680
31764const cmd = process.platform === "darwin" ? "open" : process.platform === "win32" ? "start \"\"" : "xdg-open"; L31765: exec(`${cmd} "${url}"`, (err) => { L31766: if (err) process.stderr.write(`Could not open browser (${cmd}): ${err.message}\n`); L31767: }); ... L31773: function togglOAuthLocalRedirectUri(port = TOGGL_OAUTH_CALLBACK_PORT) { L31774: return `http://localhost:${port}/callback`; L31775: }
High
Command Output Exfiltration

Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.

build/index.jsView on unpkg · L31764
11import { createInterface } from "node:readline/promises"; L12: import { exec } from "node:child_process"; L13: import * as http from "node:http"; L14: import "date-fns"; ... L70: //#endregion L71: //#region ../../node_modules/.pnpm/@dotenvx+dotenvx@1.59.1/node_modules/@dotenvx/dotenvx/package.json L72: var require_package = /* @__PURE__ */ __commonJSMin$1(((exports, module) => { ... L165: INVALID_CONVENTION: "https://github.com/dotenvx/dotenvx/issues/761", L166: INVALID_PRIVATE_KEY: "https://github.com/dotenvx/dotenvx/issues/465", L167: INVALID_PUBLIC_KEY: "https://github.com/dotenvx/dotenvx/issues/756", L168: MALFORMED_ENCRYPTED_DATA: "https://github.com/dotenvx/dotenvx/issues/467", L169: MISPAIRED_PRIVATE_KEY: "https://github.com/dotenvx/dotenvx/issues/752",
High
Obfuscated Payload Loader

Source contains an obfuscator-style string-array loader that reconstructs and executes hidden code.

build/index.jsView on unpkg · L11
68}) : target, mod)); L69: var __require = /* @__PURE__ */ createRequire(import.meta.url); L70: //#endregion
Medium
Dynamic Require

Package source references dynamic require/import behavior.

build/index.jsView on unpkg · L68

Findings

2 Critical5 High4 Medium5 Low
CriticalRemote Asset Decode Executebuild/index.js
CriticalTrigger Reachable Dangerous Capabilitybuild/index.js
HighChild Processbuild/index.js
HighShellbuild/index.js
HighEvalbuild/index.js
HighCommand Output Exfiltrationbuild/index.js
HighObfuscated Payload Loaderbuild/index.js
MediumDynamic Requirebuild/index.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License