AI Security Review
scanned 2h ago · by lpm-firewall-aiThe package is an MCP server that can control Docker-backed test resources. In explicit HTTP mode it listens on a network interface and leaves authentication optional, so a remotely reachable deployment could expose those user-project operations.
Decision evidence
public snapshot- `dist/index.js` enables HTTP mode via CLI or `MCP_MODE` and defaults host to `0.0.0.0`.
- `dist/transports/http-transport.js` exposes MCP requests without authentication unless an API key is supplied.
- `dist/tools/setup.js` runs Docker commands and starts configured containers after MCP tool invocation.
- `dist/tools/status.js` invokes Docker inspection; `dist/tools/run.js` passes process environment to test execution.
- `package.json` has no preinstall, install, postinstall, or other lifecycle hook.
- Entrypoint execution is user-invoked CLI/MCP server startup, not install-time or import-time payload execution.
- Observed network URLs are localhost service/mock endpoints; no external collection or exfiltration endpoint appears in inspected code.
- Docker subprocess calls use `execFile` argument arrays, with an explicit comment avoiding shell injection.
- No `eval`, VM, credential harvesting, agent-config mutation, persistence, or destructive host-file behavior was found in inspected files.
Source & flagged code
4 flagged · loading source`dist/index.js` enables HTTP mode via CLI or `MCP_MODE` and defaults host to `0.0.0.0`.
dist/index.jsView on unpkg`dist/transports/http-transport.js` exposes MCP requests without authentication unless an API key is supplied.
dist/transports/http-transport.jsView on unpkg`dist/tools/setup.js` runs Docker commands and starts configured containers after MCP tool invocation.
dist/tools/setup.jsView on unpkg`dist/tools/status.js` invokes Docker inspection; `dist/tools/run.js` passes process environment to test execution.
dist/tools/status.jsView on unpkg