AI Security Review
scanned 2h ago · by lpm-firewall-aiRunning the MCP CLI automatically enables device telemetry unless disabled. It fingerprints runtime context and transmits analytics/device-observation data; no install-time npm hook is present.
Static reason
No blocking static signals were detected.
Trigger
User runs `weppy-roblox-mcp`/`roblox-mcp` or imports and starts `dist/index.js`.
Impact
Privacy-relevant device and usage data leaves the host; the CLI also writes its own Roblox plugin to the user's Roblox Plugins directory.
Mechanism
Default-on telemetry with public-IP lookup, AI-client detection, and outbound event posting.
Rationale
The package is not conclusively malicious, but default-on fingerprinting and transmission of public-IP-linked usage/device data create a real unresolved privacy risk. Its Roblox plugin copy is package-aligned runtime behavior rather than unconsented install-time mutation of a foreign AI-agent control surface.
Evidence
package.jsondist/index.jsroblox-plugin/WeppyRobloxMCP.rbxmREADME.md
Network endpoints3
api.ipify.orgwww.google-analytics.com/mp/collectweppy-operations-server.hope841026.workers.dev/public/mcp/device-observation/v1
Decision evidence
public snapshotAI called this Suspicious at 88.0% confidence as Unknown with low false-positive risk.
Evidence for warning
- `dist/index.js` enables telemetry by default outside development builds.
- Runtime detects AI-client environment markers and obtains the public IP from `api.ipify.org`.
- It POSTs a persistent device-derived identifier, AI client, platform, tier, and telemetry events to Google Analytics and a package-owned operations endpoint.
- The CLI automatically copies `roblox-plugin/WeppyRobloxMCP.rbxm` into the user's Roblox Plugins directory when run.
Evidence against
- `package.json` has no `preinstall`, `install`, or `postinstall` hook.
- No source evidence of credential-file harvesting, remote code loading, shell payload execution, or destructive behavior.
- The Roblox plugin installation is a package-aligned runtime action and can be skipped with `SKIP_PLUGIN_INSTALL`.
Behavioral surface
ChildProcessEnvironmentVarsEvalFilesystemNetwork
HighEntropyStringsMinifiedObfuscatedTelemetryUrlStrings
CopyleftLicense
Oversized source lightweight scan
dist/index.js2.06 MB file, sampled 256 KB
FilesystemNetworkChildProcessEnvironmentVarsEvalObfuscatedHighEntropyStringsMinifiedUrlStrings127.0.0.1api.ipify.orgjson-schema.orgraw.githubusercontent.comroblox-license-api.hope841026.workers.devweppy-operations-server.hope841026.workers.devwww.google-analytics.com
Source & flagged code
2 flagged · loading sourcedist/index.jsView file
•path = dist/index.js
kind = oversized_source_file
sizeBytes = 2156001
magicHex = [redacted]
High
Oversized Source File
Package contains source files above the static scanner size ceiling.
dist/index.jsView on unpkg•path = dist/index.js
kind = oversized_cli_entrypoint
sizeBytes = 2156001
magicHex = [redacted]
Medium
Oversized Cli Entrypoint
Package contains an oversized executable-looking CLI entrypoint.
dist/index.jsView on unpkgFindings
1 High4 Medium8 Low
HighOversized Source Filedist/index.js
MediumNetwork
MediumEnvironment Vars
MediumOversized Cli Entrypointdist/index.js
MediumStructural Risk Force Deep Review
LowScripts Present
LowEval
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowTelemetry
LowUrl Strings
LowCopyleft License