registry  /  etix-mcp  /  0.2.1

etix-mcp@0.2.1

Etix MCP server for Claude — search events, venues & performers and fetch event details

Static Scan Results

scanned 3h ago · by rust-scanner

Static analysis flagged 8 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsEvalFilesystemNetwork
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 1 file(s), 1.68 MB of source, external domains: dom.spec.whatwg.org, github.com, html.spec.whatwg.org, json-schema.org, mathiasbynens.be, raw.githubusercontent.com, spec.openapis.org, stackoverflow.com, tools.ietf.org, www.etix.com, www.safaribooksonline.com, www.w3.org

Source & flagged code

2 flagged · loading source
dist/bundle.jsView file
15161patternName = generic_password severity = medium line = 15161 matchedText = password...d]",
Medium
Secret Pattern

Package contains a possible secret pattern.

dist/bundle.jsView on unpkg · L15161
2961sourceCode = this.opts.code.process(sourceCode, sch); L2962: const makeValidate = new Function(`${names_1.default.self}`, `${names_1.default.scope}`, sourceCode); L2963: const validate = makeValidate(this, this.scope.get());
Low
Eval

Package source references a known benign dynamic code generation pattern.

dist/bundle.jsView on unpkg · L2961

Findings

3 Medium5 Low
MediumSecret Patterndist/bundle.js
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowEvaldist/bundle.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings