registry  /  dexe-mcp  /  0.11.0

dexe-mcp@0.11.0

MCP server for the DeXe Protocol — full DAO operations coverage: deploy DAOs, build every proposal type, IPFS metadata, stake/vote/delegate/execute/claim calldata. Plus dev tooling (build/test/introspect/decode).

AI Security Review

scanned 4h ago · by lpm-firewall-ai

No confirmed malicious attack surface: the package is an MCP server for DeXe DAO operations with explicit user-invoked tools. Sensitive actions are configured by DEXE_* env vars and are not triggered at npm install time or hidden import time.

Static reason
No blocking static signals were detected.
Trigger
Runtime MCP use or explicit CLI subcommands such as init/doctor; build bootstrap only after a build tool call.
Impact
Can interact with blockchain/IPFS endpoints and write local .env/cache/temp logs when explicitly configured or invoked; no evidence of exfiltration, persistence, destructive behavior, or agent control hijack.
Mechanism
User-configured DAO tooling: RPC reads, optional IPFS pinning, optional WalletConnect or private-key transaction broadcast, and lazy protocol checkout.
Rationale
Static source inspection found expected MCP/DAO functionality with no install-time mutation, hidden credential exfiltration, remote payload execution, or unconsented AI-agent config writes. The risky primitives are user-invoked and package-aligned, with some guardrails such as --ignore-scripts during lazy bootstrap and trusted-host checks for Graph API bearer use.
Evidence
package.jsondist/index.jsdist/env/loader.jsdist/config.jsdist/bootstrap.jsdist/hardhat.jsdist/cli/init.jsdist/lib/ipfs.jsdist/lib/subgraph.jsdist/lib/signer.jsdist/tools/txSend.jsdist/lib/walletconnect.js.envplatform cache directory/dexe-mcp/DeXe-Protocolos tmpdir/dexe-mcp-*/*.log
Network endpoints9
github.com/dexe-network/DeXe-Protocol.gitapi.pinata.cloud/data/testAuthenticationapi.pinata.cloud/pinning/pinJSONToIPFSapi.pinata.cloud/pinning/pinFileToIPFSwss://relay.walletconnect.comapi.dexe.iobsc-dataseed.binance.orgdweb.linkipfs.io

Decision evidence

public snapshot
AI called this Clean at 92.0% confidence as Benign with low false-positive risk.
Evidence for block
    Evidence against
    • package.json has no preinstall/install/postinstall; only prepublishOnly build/typecheck.
    • dist/index.js starts an MCP stdio server and only dynamically imports doctor/init for explicit subcommands.
    • dist/env/loader.js reads package .env and DEXE_* process env for diagnostics; no broad credential harvesting.
    • dist/bootstrap.js lazy-clones https://github.com/dexe-network/DeXe-Protocol.git only on build-tool use and runs npm install with --ignore-scripts.
    • dist/cli/init.js writes only package-root .env after interactive TTY prompts and prints, but does not edit, Claude config.
    • Network calls in dist/lib/ipfs.js, dist/lib/subgraph.js, dist/tools/txSend.js, and walletconnect are package-aligned RPC/IPFS/DAO operations gated by user env/tool calls.
    Behavioral surface
    Source
    ChildProcessEnvironmentVarsFilesystemNetworkShell
    Supply chain
    HighEntropyStringsUrlStrings
    ManifestNo manifest risk signals triggered.
    scanned 78 file(s), 810 KB of source, external domains: api.beta.dexe.io, api.dexe.io, api.pinata.cloud, api.qrserver.com, api.safe.global, api.tally.xyz, app.pinata.cloud, avatars.githubusercontent.com, bsc-dataseed.binance.org, bsc-dataseed.bnbchain.org, chainlist.org, cloud.reown.com, data-seed-prebsc-1-s1.bnbchain.org, dweb.link, gateway.pinata.cloud, gateway.thegraph.com, git-scm.com, github.com, ipfs.io, nodejs.org, www.w3.org, x.com

    Source & flagged code

    0 flagged
    No flagged code excerpts are attached to this scan.

    Findings

    2 Medium5 Low
    MediumNetwork
    MediumEnvironment Vars
    LowNon Install Lifecycle Scripts
    LowScripts Present
    LowFilesystem
    LowHigh Entropy Strings
    LowUrl Strings