registry  /  @wisflux/docmost-local-mcp  /  0.9.0

@wisflux/docmost-local-mcp@0.9.0

Docmost MCP server for local IDE integrations

AI Security Review

scanned 2h ago · by lpm-firewall-ai

Install-time code retrieves an opaque native executable, which the CLI later runs. The JavaScript wrapper does not expose a confirmed malicious action, but the downloaded payload is not source-inspectable or integrity-verified.

Static reason
One or more suspicious static signals were detected.
Trigger
`npm install` downloads the binary; invoking `docmost-local-mcp` executes it.
Impact
A compromised or substituted release asset could execute with the installing or invoking user's privileges and inherited environment.
Mechanism
remote native-binary download and execution
Rationale
No concrete malicious behavior is present in the inspected JavaScript, and the binary-download design is documented. However, install-time retrieval of an unverified opaque executable leaves a real supply-chain execution risk.
Evidence
package.jsonpostinstall.jscli.jsREADME.mdbin/docmost-local-mcpbin/docmost-local-mcp.exe
Network endpoints1
github.com/wisflux/docmost-local-mcp/releases/download/v0.9.0/docmost-local-mcp-${platform}

Decision evidence

public snapshot
AI called this Suspicious at 90.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `package.json` runs `node postinstall.js` during installation.
  • `postinstall.js` downloads a platform executable from GitHub Releases without checksum or signature verification.
  • `postinstall.js` follows up to five redirects and writes the response to `bin/docmost-local-mcp*`.
  • `cli.js` executes the downloaded binary and forwards its inherited environment.
Evidence against
  • The release URL is deterministic and derived from the package's own pinned version.
  • The package source contains no JS credential harvesting, destructive action, eval, or hidden persistence.
  • The README explicitly discloses the install-time binary download and runtime MCP behavior.
  • The CLI executes only the package-local downloaded binary after explicit user invocation.
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemNetworkShell
Supply chain
UrlStrings
ManifestNo manifest risk signals triggered.
scanned 2 file(s), 3.56 KB of source, external domains: github.com

Source & flagged code

2 flagged · loading source
package.jsonView file
scripts.postinstall = node postinstall.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node postinstall.js
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg

Findings

1 High3 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowUrl Strings