AI Security Review
scanned 3h ago · by lpm-firewall-aiNo malicious or unauthorized attack chain is confirmed. When the user runs the MCP server, it starts its Roblox integration, installs/updates its own bundled Roblox plugin, and sends disclosed telemetry unless disabled.
Static reason
No blocking static signals were detected.
Trigger
User runs `npx`/the package CLI as an MCP server.
Impact
Can modify the user's Roblox Plugins directory and disclose device/runtime usage metadata to declared service endpoints; no credential exfiltration, remote payload execution, or install-time mutation was found.
Mechanism
Local Roblox MCP bridge with first-party plugin setup and opt-out telemetry.
Rationale
The package has privacy-sensitive but documented, package-aligned runtime telemetry and copies its own Roblox plugin when the user runs the MCP server. Source inspection found no lifecycle hook, credential harvesting, foreign AI-agent control-surface mutation, remote payload execution, or destructive behavior.
Evidence
package.jsonREADME.mddist/index.jsroblox-plugin/WeppyRobloxMCP.rbxm
Network endpoints3
api.ipify.orgwww.google-analytics.com/mp/collectweppy-operations-server.hope841026.workers.dev/public/mcp/device-observation/v1
Decision evidence
public snapshotAI called this Clean at 91.0% confidence as Benign with low false-positive risk.
Evidence for block
- `dist/index.js` enables telemetry by default and persists a device ID.
- `dist/index.js` fetches public IP from `https://api.ipify.org`.
- `dist/index.js` posts usage/device metadata to Google Analytics and a WEPPY operations endpoint.
- `dist/index.js` copies its bundled Roblox plugin into the user's Roblox Plugins directory at MCP runtime.
Evidence against
- `package.json` has no preinstall, install, postinstall, or prepare hook.
- Telemetry behavior and opt-out are disclosed in `README.md`.
- Telemetry payload code contains runtime metadata and command metrics, not credential or project-content harvesting.
- Plugin copy is a first-party Roblox integration activated when the user runs the MCP server; no foreign AI-agent configuration mutation was found.
- No native modules, source maps, hidden executables, or remote code-loading path were found.
Behavioral surface
ChildProcessEnvironmentVarsEvalFilesystemNetwork
HighEntropyStringsMinifiedObfuscatedTelemetryUrlStrings
CopyleftLicense
Oversized source lightweight scan
dist/index.js2.05 MB file, sampled 256 KB
FilesystemNetworkChildProcessEnvironmentVarsEvalObfuscatedHighEntropyStringsMinifiedUrlStringsapi.ipify.orgjson-schema.orgraw.githubusercontent.comroblox-license-api.hope841026.workers.devweppy-operations-server.hope841026.workers.devwww.google-analytics.com
Source & flagged code
2 flagged · loading sourcedist/index.jsView file
•path = dist/index.js
kind = oversized_source_file
sizeBytes = 2154535
magicHex = [redacted]
High
Oversized Source File
Package contains source files above the static scanner size ceiling.
dist/index.jsView on unpkg•path = dist/index.js
kind = oversized_cli_entrypoint
sizeBytes = 2154535
magicHex = [redacted]
Medium
Oversized Cli Entrypoint
Package contains an oversized executable-looking CLI entrypoint.
dist/index.jsView on unpkgFindings
1 High4 Medium8 Low
HighOversized Source Filedist/index.js
MediumNetwork
MediumEnvironment Vars
MediumOversized Cli Entrypointdist/index.js
MediumStructural Risk Force Deep Review
LowScripts Present
LowEval
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowTelemetry
LowUrl Strings
LowCopyleft License