AI Security Review
scanned 4h ago · by lpm-firewall-aiNo confirmed malicious attack surface: the package is an MCP server for DeXe DAO operations with explicit user-invoked tools. Sensitive actions are configured by DEXE_* env vars and are not triggered at npm install time or hidden import time.
Static reason
No blocking static signals were detected.
Trigger
Runtime MCP use or explicit CLI subcommands such as init/doctor; build bootstrap only after a build tool call.
Impact
Can interact with blockchain/IPFS endpoints and write local .env/cache/temp logs when explicitly configured or invoked; no evidence of exfiltration, persistence, destructive behavior, or agent control hijack.
Mechanism
User-configured DAO tooling: RPC reads, optional IPFS pinning, optional WalletConnect or private-key transaction broadcast, and lazy protocol checkout.
Rationale
Static source inspection found expected MCP/DAO functionality with no install-time mutation, hidden credential exfiltration, remote payload execution, or unconsented AI-agent config writes. The risky primitives are user-invoked and package-aligned, with some guardrails such as --ignore-scripts during lazy bootstrap and trusted-host checks for Graph API bearer use.
Evidence
package.jsondist/index.jsdist/env/loader.jsdist/config.jsdist/bootstrap.jsdist/hardhat.jsdist/cli/init.jsdist/lib/ipfs.jsdist/lib/subgraph.jsdist/lib/signer.jsdist/tools/txSend.jsdist/lib/walletconnect.js.envplatform cache directory/dexe-mcp/DeXe-Protocolos tmpdir/dexe-mcp-*/*.log
Network endpoints9
github.com/dexe-network/DeXe-Protocol.gitapi.pinata.cloud/data/testAuthenticationapi.pinata.cloud/pinning/pinJSONToIPFSapi.pinata.cloud/pinning/pinFileToIPFSwss://relay.walletconnect.comapi.dexe.iobsc-dataseed.binance.orgdweb.linkipfs.io
Decision evidence
public snapshotAI called this Clean at 92.0% confidence as Benign with low false-positive risk.
Evidence for block
Evidence against
- package.json has no preinstall/install/postinstall; only prepublishOnly build/typecheck.
- dist/index.js starts an MCP stdio server and only dynamically imports doctor/init for explicit subcommands.
- dist/env/loader.js reads package .env and DEXE_* process env for diagnostics; no broad credential harvesting.
- dist/bootstrap.js lazy-clones https://github.com/dexe-network/DeXe-Protocol.git only on build-tool use and runs npm install with --ignore-scripts.
- dist/cli/init.js writes only package-root .env after interactive TTY prompts and prints, but does not edit, Claude config.
- Network calls in dist/lib/ipfs.js, dist/lib/subgraph.js, dist/tools/txSend.js, and walletconnect are package-aligned RPC/IPFS/DAO operations gated by user env/tool calls.
Behavioral surface
ChildProcessEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsUrlStrings
Source & flagged code
0 flaggedNo flagged code excerpts are attached to this scan.
Findings
2 Medium5 Low
MediumNetwork
MediumEnvironment Vars
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings