registry  /  brilliant-directories-mcp  /  6.55.77

brilliant-directories-mcp@6.55.77

⚠ Under review

Official MCP server for Brilliant Directories — manage members, posts, leads, reviews, and more.

Static Scan Results

scanned 8d ago · by rust-scanner

Static analysis flagged 9 finding(s) at 86.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
High-risk behavior combination matched malicious policy.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemNetwork
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 1 file(s), 324 KB of source, external domains: fonts.googleapis.com, github.com, mysite.com, your-site.com

Source & flagged code

2 flagged · loading source
index.jsView file
3964contains invisible/control Unicode U+200B (zero width space) if (/[\s­<U+200B>-<U+200F><U+2060>-⁤<U+FEFF>]/.test(slug)) {
Critical
Trojan Source Unicode

Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.

index.jsView on unpkg · L3964
Trigger-reachable chain: manifest.main -> index.js Reachable file contains a blocking source-risk pattern.
Critical
Trigger Reachable Dangerous Capability

A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.

index.jsView on unpkg

Findings

2 Critical3 Medium4 Low
CriticalTrojan Source Unicodeindex.js
CriticalTrigger Reachable Dangerous Capabilityindex.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings