registry  /  @yawlabs/mcp  /  0.68.0

@yawlabs/mcp@0.68.0

⚠ Under review

Yaw MCP -- MCP servers, managed. Free to run locally; Yaw Team adds cross-machine sync.

Static Scan Results

scanned 5h ago · by rust-scanner

Static analysis flagged 16 finding(s) at 86.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
High-risk behavior combination matched malicious policy.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
Manifest
NoLicense
scanned 3 file(s), 536 KB of source, external domains: docs.astral.sh, example.com, github.com, registry.npmjs.org, yaw.sh

Source & flagged code

7 flagged · loading source
dist/index.jsView file
1586// src/compliance-cmd.ts L1587: import { spawn } from "child_process"; L1588: import { request as request2 } from "undici"; L1589: var COMPLIANCE_USAGE = '\n Usage: yaw-mcp compliance <target> [extraArgs...] [--publish]\n\n Examples:\n yaw-mcp compliance "npx -y @modelcontextprotocol/server-filesystem /tm... ... L1591: if (argv.includes("--help") || argv.includes("-h")) { L1592: process.stdout.write(COMPLIANCE_USAGE); L1593: return 0;
Critical
Command Output Exfiltration

Source executes local commands and sends command output to an external endpoint.

dist/index.jsView on unpkg · L1586
1586Trigger-reachable chain: manifest.bin -> dist/index.js L1586: // src/compliance-cmd.ts L1587: import { spawn } from "child_process"; L1588: import { request as request2 } from "undici"; L1589: var COMPLIANCE_USAGE = '\n Usage: yaw-mcp compliance <target> [extraArgs...] [--publish]\n\n Examples:\n yaw-mcp compliance "npx -y @modelcontextprotocol/server-filesystem /tm... ... L1591: if (argv.includes("--help") || argv.includes("-h")) { L1592: process.stdout.write(COMPLIANCE_USAGE); L1593: return 0;
Critical
Trigger Reachable Dangerous Capability

A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.

dist/index.jsView on unpkg · L1586
1586// src/compliance-cmd.ts L1587: import { spawn } from "child_process"; L1588: import { request as request2 } from "undici";
High
Child Process

Package source references child process execution.

dist/index.jsView on unpkg · L1586
1288// src/completion-cmd.ts L1289: var COMPLETION_USAGE = `Usage: yaw-mcp completion <bash|zsh|fish|powershell> L1290:
High
Shell

Package source references shell execution.

dist/index.jsView on unpkg · L1288
1586// src/compliance-cmd.ts L1587: import { spawn } from "child_process"; L1588: import { request as request2 } from "undici"; L1589: var COMPLIANCE_USAGE = '\n Usage: yaw-mcp compliance <target> [extraArgs...] [--publish]\n\n Examples:\n yaw-mcp compliance "npx -y @modelcontextprotocol/server-filesystem /tm... ... L1600: } L1601: const apiUrl5 = process.env.YAW_MCP_URL ?? "https://yaw.sh/mcp"; L1602: const report = await runTest(args);
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

dist/index.jsView on unpkg · L1586
118function parseJsonc(src) { L119: const debommed = src.charCodeAt(0) === 65279 ? src.slice(1) : src; L120: const stripped = stripTrailingCommas(stripJsoncComments(debommed)); ... L150: var GRADE_LETTERS = /* @__PURE__ */ new Set(["A", "B", "C", "D", "F"]); L151: function gradesCachePath(home = homedir()) { L152: return join(home, CONFIG_DIRNAME, GRADES_FILENAME); ... L420: `, "utf8", 384); L421: if (process.platform !== "win32") { L422: try { ... L547: async function runAudit(opts = {}) { L548: const write = opts.out ?? ((s) => process.stdout.write(s)); L549: const writeErr = opts.err ?? ((s) => process.stderr.write(s));
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

dist/index.jsView on unpkg · L118
118function parseJsonc(src) { L119: const debommed = src.charCodeAt(0) === 65279 ? src.slice(1) : src; L120: const stripped = stripTrailingCommas(stripJsoncComments(debommed)); ... L150: var GRADE_LETTERS = /* @__PURE__ */ new Set(["A", "B", "C", "D", "F"]); L151: function gradesCachePath(home = homedir()) { L152: return join(home, CONFIG_DIRNAME, GRADES_FILENAME); ... L420: `, "utf8", 384); L421: if (process.platform !== "win32") { L422: try { ... L547: async function runAudit(opts = {}) { L548: const write = opts.out ?? ((s) => process.stdout.write(s)); L549: const writeErr = opts.err ?? ((s) => process.stderr.write(s));
Medium
Install Persistence

Source writes installer persistence such as shell profile or service configuration.

dist/index.jsView on unpkg · L118

Findings

2 Critical4 High4 Medium6 Low
CriticalCommand Output Exfiltrationdist/index.js
CriticalTrigger Reachable Dangerous Capabilitydist/index.js
HighChild Processdist/index.js
HighShelldist/index.js
HighSame File Env Network Executiondist/index.js
HighSandbox Evasion Gated Capabilitydist/index.js
MediumNetwork
MediumEnvironment Vars
MediumInstall Persistencedist/index.js
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License