registry  /  agent-security-scanner-mcp  /  4.4.12

agent-security-scanner-mcp@4.4.12

⚠ Under review

npm audit for AI agents and MCP servers. Scan code, MCP tools, prompts, and hallucinated packages for Claude Code, Cursor, Windsurf, Cline, OpenClaw, and CI.

Static Scan Results

scanned 3h ago · by rust-scanner

Static analysis flagged 25 finding(s) at 93.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsEvalFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 121 file(s), 935 KB of source, external domains: api.osv.dev, clawhub.ai, github.com, nodejs.org, openclaw.ai, osv.dev, python.org, raw.githubusercontent.com, www.w3.org, yourdomain.com

Source & flagged code

18 flagged · loading source
package.jsonView file
scripts.postinstall = node scripts/postinstall.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node scripts/postinstall.js
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
README.mdView file
- Prompt Injection (15 patterns): "ignore previous instructions", role manipulation
High
Ai Reviewer Manipulation

Package text addresses the security reviewer or scanner and tries to influence the review outcome.

README.mdView on unpkg
rules/generic.secrets.yamlView file
198patternName = private_key_rsa severity = critical line = 198 matchedText = - "-----...---"
Critical
Critical Secret

Package contains a critical-looking secret pattern.

rules/generic.secrets.yamlView on unpkg · L198
198patternName = private_key_rsa severity = critical line = 198 matchedText = - "-----...---"
Critical
Secret Pattern

RSA private key in rules/generic.secrets.yaml

rules/generic.secrets.yamlView on unpkg · L198
199patternName = private_key_rsa severity = critical line = 199 matchedText = - "-----...---"
Critical
Secret Pattern

RSA private key in rules/generic.secrets.yaml

rules/generic.secrets.yamlView on unpkg · L199
200patternName = private_key_ec severity = critical line = 200 matchedText = - "-----...---"
Critical
Secret Pattern

EC private key in rules/generic.secrets.yaml

rules/generic.secrets.yamlView on unpkg · L200
202patternName = private_key_openssh severity = critical line = 202 matchedText = - "-----...---"
Critical
Secret Pattern

OpenSSH private key in rules/generic.secrets.yaml

rules/generic.secrets.yamlView on unpkg · L202
index.jsView file
matchType = previous_version_dangerous_delta matchedPackage = agent-security-scanner-mcp@4.4.10 matchedIdentity = npm:[redacted]:4.4.10 similarity = 0.992 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

index.jsView on unpkg
5import { z } from "zod"; L6: import { execSync, execFileSync, spawn as spawnProcess } from "child_process"; L7: import { readFileSync, existsSync, writeFileSync, copyFileSync, mkdirSync, createReadStream, unlinkSync } from "fs";
High
Child Process

Package source references child process execution.

index.jsView on unpkg · L5
src/utils/npm-download.jsView file
22L23: const execAsync = promisify(exec); L24:
High
Shell

Package source references shell execution.

src/utils/npm-download.jsView on unpkg · L22
code-review-agent/dist/src/analyzer/intent.jsView file
11- An auth API that writes arbitrary files to disk is UNEXPECTED — an auth service has no reason to do that L12: - An e-commerce app that calls eval() on user input is UNEXPECTED — a product catalog has no reason to eval L13:
Low
Eval

Package source references a known benign dynamic code generation pattern.

code-review-agent/dist/src/analyzer/intent.jsView on unpkg · L11
code-review-agent/tests/fixtures/vuln-ecommerce/checkout.jsView file
1const express = require('express'); L2: const app = express();
Medium
Dynamic Require

Package source references dynamic require/import behavior.

code-review-agent/tests/fixtures/vuln-ecommerce/checkout.jsView on unpkg · L1
scripts/postinstall.jsView file
51try { L52: execFileSync(pythonCmd, ["-m", "pip", "install", "-r", requirementsPath, "--user", "--quiet"], { L53: timeout: 120000, ... L61: " To enable AST analysis later, run: python3 -m pip install -r requirements.txt\n" + L62: " Or run: npx agent-security-scanner-mcp doctor --fix" L63: );
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

scripts/postinstall.jsView on unpkg · L51
ast_parser.pyView file
path = ast_parser.py kind = build_helper sizeBytes = 9001 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

ast_parser.pyView on unpkg
code-review-agent/tests/fixtures/guarded-agent/tools/guard.pyView file
path = code-review-agent/tests/fixtures/guarded-agent/tools/guard.py kind = payload_in_excluded_dir sizeBytes = 156 magicHex = [redacted]
High
Payload In Excluded Dir

Package hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.

code-review-agent/tests/fixtures/guarded-agent/tools/guard.pyView on unpkg
pattern_matcher.pyView file
520patternName = generic_password severity = medium line = 520 matchedText = password...123"
Medium
Secret Pattern

Hardcoded password in pattern_matcher.py

pattern_matcher.pyView on unpkg · L520
rules/generic/secrets/security/detected-private-key.yamlView file
12patternName = private_key_rsa severity = critical line = 12 matchedText = -----BEG...----
Critical
Secret Pattern

RSA private key in rules/generic/secrets/security/detected-private-key.yaml

rules/generic/secrets/security/detected-private-key.yamlView on unpkg · L12

Findings

7 Critical6 High7 Medium5 Low
CriticalCritical Secretrules/generic.secrets.yaml
CriticalPrevious Version Dangerous Deltaindex.js
CriticalSecret Patternrules/generic.secrets.yaml
CriticalSecret Patternrules/generic.secrets.yaml
CriticalSecret Patternrules/generic.secrets.yaml
CriticalSecret Patternrules/generic.secrets.yaml
CriticalSecret Patternrules/generic/secrets/security/detected-private-key.yaml
HighInstall Time Lifecycle Scriptspackage.json
HighAi Reviewer ManipulationREADME.md
HighChild Processindex.js
HighShellsrc/utils/npm-download.js
HighRuntime Package Installscripts/postinstall.js
HighPayload In Excluded Dircode-review-agent/tests/fixtures/guarded-agent/tools/guard.py
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumDynamic Requirecode-review-agent/tests/fixtures/vuln-ecommerce/checkout.js
MediumNetwork
MediumEnvironment Vars
MediumShips Build Helperast_parser.py
MediumStructural Risk Force Deep Review
MediumSecret Patternpattern_matcher.py
LowScripts Present
LowEvalcode-review-agent/dist/src/analyzer/intent.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings