registry  /  @webability/mcp  /  1.3.0

@webability/mcp@1.3.0

WebAbility MCP server — WCAG 2.2 / ADA / EAA accessibility scanning with three-tier confidence output (issues + incomplete + summary), framework-aware AI fix suggestions, and brand-palette contrast checks. For Cursor, Claude Code, and other IDEs.

Static Scan Results

scanned 2h ago · by rust-scanner

Static analysis flagged 9 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessEnvironmentVarsNetwork
Supply chain
HighEntropyStringsMinifiedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 3 file(s), 36.0 KB of source, external domains: api.webability.io, example.com, webability.io

Source & flagged code

3 flagged · loading source
dist/chunk-GELK2BL6.jsView file
1import{Server as ke}from"@[redacted].js";import{CallToolRequestSchema as Ce,ListToolsRequestSchema as Re}from"@modelcontextprotocol/sdk/types.js";import{... L2: `),he(r)}catch{}}function V(o=20,n){try{let r=C(L(),"index.jsonl");if(!G(r))return[];let s=H(r,"utf8").trim().split(`
High
Child Process

Package source references child process execution.

dist/chunk-GELK2BL6.jsView on unpkg · L1
1import{Server as ke}from"@[redacted].js";import{CallToolRequestSchema as Ce,ListToolsRequestSchema as Re}from"@modelcontextprotocol/sdk/types.js";import{... L2: `),he(r)}catch{}}function V(o=20,n){try{let r=C(L(),"index.jsonl");if(!G(r))return[];let s=H(r,"utf8").trim().split(` L3: `),e=[];for(let t=s.length-1;t>=0&&e.length<o;t--)try{let a=JSON.parse(s[t]);if(n&&!`${a.target} ${a.tool}`.toLowerCase().includes(n.toLowerCase()))continue;e.push(a)}catch{}return... L4:
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

dist/chunk-GELK2BL6.jsView on unpkg · L1
1import{Server as ke}from"@[redacted].js";import{CallToolRequestSchema as Ce,ListToolsRequestSchema as Re}from"@modelcontextprotocol/sdk/types.js";import{... L2: `),he(r)}catch{}}function V(o=20,n){try{let r=C(L(),"index.jsonl");if(!G(r))return[];let s=H(r,"utf8").trim().split(` L3: `),e=[];for(let t=s.length-1;t>=0&&e.length<o;t--)try{let a=JSON.parse(s[t]);if(n&&!`${a.target} ${a.tool}`.toLowerCase().includes(n.toLowerCase()))continue;e.push(a)}catch{}return... L4: ... L86: L87: ${v||"No visual issues detected."}`}]}}catch(l){return{content:[{type:"text",text:`Visual audit error: ${l.message}`}]}}}if(r==="find_source"){let e=s?.selector;if(!e)return{conten... L88: `).filter(Boolean).forEach(p=>h.add(p))}catch{}if(h.size===0)return{content:[{type:"text",text:`No source files matched tokens: ${a.join(", ")}`}]};let y=Array.from(h).slice(0,10)....
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

dist/chunk-GELK2BL6.jsView on unpkg · L1

Findings

3 High3 Medium3 Low
HighChild Processdist/chunk-GELK2BL6.js
HighSame File Env Network Executiondist/chunk-GELK2BL6.js
HighSandbox Evasion Gated Capabilitydist/chunk-GELK2BL6.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowHigh Entropy Strings
LowUrl Strings