registry  /  clawql-mcp  /  7.0.0

clawql-mcp@7.0.0

MCP server: search + execute OpenAPI/Discovery APIs (internal GraphQL projection), optional native GraphQL HTTP and gRPC unary sources

AI Security Review

scanned 3h ago · by lpm-firewall-ai

Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs `clawql codex`, `clawql cursor`, `clawql claude`, `clawql opencode`, or `clawql mcp-config --write ...`.
Impact
Adds this package as an enabled MCP capability in a chosen agent client.
Mechanism
Explicit AI-agent MCP configuration mutation and local agent launch.
Rationale
The source supports explicit agent extension setup rather than covert install-time compromise. Per policy, explicit user-command agent configuration mutation is warned rather than blocked.
Evidence
package.jsonbin/clawql.mjsdist/onboarding/cli.jsdist/onboarding/harness-cli.jsdist/onboarding/mcp-config-write.jsdist/onboarding/init.js~/.codex/config.toml~/.cursor/mcp.json~/Library/Application Support/Claude/claude_desktop_config.json~/.config/opencode/opencode.json~/.ClawQL/.clawql-init-push.env

Decision evidence

public snapshot
AI called this Suspicious at 91.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `dist/onboarding/harness-cli.js` writes Cursor, Claude, Codex, or OpenCode MCP configuration.
  • `clawql codex|cursor|claude|opencode` explicitly prepares config then launches the selected local agent.
  • `dist/onboarding/mcp-config-write.js` merges a ClawQL MCP server and creates a timestamped backup.
  • `dist/onboarding/init.js` can invoke `npx tsx` for a Vault push only with `--push-vault` or an interactive confirmation and `VAULT_TOKEN`.
Evidence against
  • `package.json` has no `preinstall`, `install`, `postinstall`, or `prepare` lifecycle hook.
  • Bin entrypoints only import packaged server or onboarding CLI modules.
  • Agent-config writes occur only through explicit CLI commands; no import-time config mutation was found.
  • No obfuscation, credential harvesting, covert exfiltration, or remote payload execution was found in inspected onboarding and entrypoint code.
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 65 file(s), 187 KB of source, external domains: 0.0.0.0, 127.0.0.1, clawql.com, docs.clawql.com, opencode.ai, storage.googleapis.com

Source & flagged code

20 flagged · loading source
providers/aws/apis/rds-2014-10-31/openapi.yamlView file
22201patternName = aws_access_key severity = critical line = 22201 matchedText = descript...de>.
Critical
Critical Secret

Package contains a critical-looking secret pattern.

providers/aws/apis/rds-2014-10-31/openapi.yamlView on unpkg · L22201
22201patternName = aws_access_key severity = critical line = 22201 matchedText = descript...de>.
Critical
Secret Pattern

AWS access key ID in providers/aws/apis/rds-2014-10-31/openapi.yaml

providers/aws/apis/rds-2014-10-31/openapi.yamlView on unpkg · L22201
32930patternName = aws_access_key severity = critical line = 32930 matchedText = - descri...de>.
Critical
Secret Pattern

AWS access key ID in providers/aws/apis/rds-2014-10-31/openapi.yaml

providers/aws/apis/rds-2014-10-31/openapi.yamlView on unpkg · L32930
dist/onboarding/harness-cli.jsView file
5*/ L6: import { spawn } from "node:child_process"; L7: import { copyFile, mkdir, readFile, writeFile } from "node:fs/promises";
High
Child Process

Package source references child process execution.

dist/onboarding/harness-cli.jsView on unpkg · L5
bin/clawql-mcp-http.mjsView file
8const dir = dirname(fileURLToPath(import.meta.url)); L9: await import(join(dir, "../dist/server-http.js"));
Medium
Dynamic Require

Package source references dynamic require/import behavior.

bin/clawql-mcp-http.mjsView on unpkg · L8
dist/onboarding/hashicorp-vault.jsView file
3export async function probeHashicorpVault() { L4: const envAddr = process.env.VAULT_ADDR?.trim(); L5: if (envAddr) { ... L14: try { L15: execSync("kubectl -n clawql get svc vault -o name", { L16: stdio: "ignore", ... L18: }); L19: const addr = "http://127.0.0.1:8200"; L20: const health = await fetchVaultHealth(addr);
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

dist/onboarding/hashicorp-vault.jsView on unpkg · L3
dist/onboarding/init.jsView file
89args.push("--kubectl-exec"); L90: const result = spawnSync("npx", ["tsx", ...args], { L91: stdio: "inherit",
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

dist/onboarding/init.jsView on unpkg · L89
dist/onboarding/doctor.jsView file
matchType = previous_version_dangerous_delta matchedPackage = clawql-mcp@6.4.1 matchedIdentity = npm:Y2xhd3FsLW1jcA:6.4.1 similarity = 0.759 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/onboarding/doctor.jsView on unpkg
providers/aws/apis/iam-2010-05-08/openapi.yamlView file
19732patternName = aws_access_key severity = critical line = 19732 matchedText = AccessKe...MPLE
Critical
Secret Pattern

AWS access key ID in providers/aws/apis/iam-2010-05-08/openapi.yaml

providers/aws/apis/iam-2010-05-08/openapi.yamlView on unpkg · L19732
19859patternName = aws_access_key severity = critical line = 19859 matchedText = RoleId: ...MPLE
Critical
Secret Pattern

AWS access key ID in providers/aws/apis/iam-2010-05-08/openapi.yaml

providers/aws/apis/iam-2010-05-08/openapi.yamlView on unpkg · L19859
19901patternName = aws_access_key severity = critical line = 19901 matchedText = UserId: ...MPLE
Critical
Secret Pattern

AWS access key ID in providers/aws/apis/iam-2010-05-08/openapi.yaml

providers/aws/apis/iam-2010-05-08/openapi.yamlView on unpkg · L19901
20495patternName = aws_access_key severity = critical line = 20495 matchedText = UserId: ...MPLE
Critical
Secret Pattern

AWS access key ID in providers/aws/apis/iam-2010-05-08/openapi.yaml

providers/aws/apis/iam-2010-05-08/openapi.yamlView on unpkg · L20495
20529patternName = aws_access_key severity = critical line = 20529 matchedText = - Access...MPLE
Critical
Secret Pattern

AWS access key ID in providers/aws/apis/iam-2010-05-08/openapi.yaml

providers/aws/apis/iam-2010-05-08/openapi.yamlView on unpkg · L20529
20533patternName = aws_access_key severity = critical line = 20533 matchedText = - Access...MPLE
Critical
Secret Pattern

AWS access key ID in providers/aws/apis/iam-2010-05-08/openapi.yaml

providers/aws/apis/iam-2010-05-08/openapi.yamlView on unpkg · L20533
providers/aws/apis/sts-2011-06-15/openapi.yamlView file
777patternName = aws_access_key severity = critical line = 777 matchedText = descript.../p>"
Critical
Secret Pattern

AWS access key ID in providers/aws/apis/sts-2011-06-15/openapi.yaml

providers/aws/apis/sts-2011-06-15/openapi.yamlView on unpkg · L777
820patternName = aws_access_key severity = critical line = 820 matchedText = descript.../p>"
Critical
Secret Pattern

AWS access key ID in providers/aws/apis/sts-2011-06-15/openapi.yaml

providers/aws/apis/sts-2011-06-15/openapi.yamlView on unpkg · L820
1222patternName = aws_access_key severity = critical line = 1222 matchedText = AccessKe...MPLE
Critical
Secret Pattern

AWS access key ID in providers/aws/apis/sts-2011-06-15/openapi.yaml

providers/aws/apis/sts-2011-06-15/openapi.yamlView on unpkg · L1222
1342patternName = aws_access_key severity = critical line = 1342 matchedText = AccessKe...MPLE
Critical
Secret Pattern

AWS access key ID in providers/aws/apis/sts-2011-06-15/openapi.yaml

providers/aws/apis/sts-2011-06-15/openapi.yamlView on unpkg · L1342
1422patternName = aws_access_key severity = critical line = 1422 matchedText = AccessKe...MPLE
Critical
Secret Pattern

AWS access key ID in providers/aws/apis/sts-2011-06-15/openapi.yaml

providers/aws/apis/sts-2011-06-15/openapi.yamlView on unpkg · L1422
1448patternName = aws_access_key severity = critical line = 1448 matchedText = AccessKe...MPLE
Critical
Secret Pattern

AWS access key ID in providers/aws/apis/sts-2011-06-15/openapi.yaml

providers/aws/apis/sts-2011-06-15/openapi.yamlView on unpkg · L1448

Findings

16 Critical4 High4 Medium5 Low
CriticalCritical Secretproviders/aws/apis/rds-2014-10-31/openapi.yaml
CriticalPrevious Version Dangerous Deltadist/onboarding/doctor.js
CriticalSecret Patternproviders/aws/apis/rds-2014-10-31/openapi.yaml
CriticalSecret Patternproviders/aws/apis/rds-2014-10-31/openapi.yaml
CriticalSecret Patternproviders/aws/apis/iam-2010-05-08/openapi.yaml
CriticalSecret Patternproviders/aws/apis/iam-2010-05-08/openapi.yaml
CriticalSecret Patternproviders/aws/apis/iam-2010-05-08/openapi.yaml
CriticalSecret Patternproviders/aws/apis/iam-2010-05-08/openapi.yaml
CriticalSecret Patternproviders/aws/apis/iam-2010-05-08/openapi.yaml
CriticalSecret Patternproviders/aws/apis/iam-2010-05-08/openapi.yaml
CriticalSecret Patternproviders/aws/apis/sts-2011-06-15/openapi.yaml
CriticalSecret Patternproviders/aws/apis/sts-2011-06-15/openapi.yaml
CriticalSecret Patternproviders/aws/apis/sts-2011-06-15/openapi.yaml
CriticalSecret Patternproviders/aws/apis/sts-2011-06-15/openapi.yaml
CriticalSecret Patternproviders/aws/apis/sts-2011-06-15/openapi.yaml
CriticalSecret Patternproviders/aws/apis/sts-2011-06-15/openapi.yaml
HighChild Processdist/onboarding/harness-cli.js
HighShell
HighSame File Env Network Executiondist/onboarding/hashicorp-vault.js
HighRuntime Package Installdist/onboarding/init.js
MediumDynamic Requirebin/clawql-mcp-http.mjs
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings