registry  /  fractascan-mcp  /  0.1.1

fractascan-mcp@0.1.1

Model Context Protocol server exposing Fracta scan tools (passive_scan, scan_repo, …)

AI Security Review

scanned 6d ago · by lpm-firewall-ai

No confirmed malicious attack surface. The package is a user-invoked MCP security scanner with network and repo scanning capabilities aligned with its README and tool descriptions.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs the fracta-mcp bin as an MCP server and invokes tools
Impact
Can contact user-supplied targets, read selected repository files, run gitleaks, and save local scan reports/state when tools are invoked
Mechanism
MCP scanner for URLs, configured targets, and local repositories
Rationale
Static inspection found powerful scanner behavior, but it is documented, user-invoked through MCP tools, and not delivered through install/import-time hooks or foreign agent-control-surface mutation. Optional LLM enrichment and report/state writes are controlled by runtime configuration and package-aligned.
Evidence
package.jsonREADME.mddist/index.jsdist/node-QWZVVGUH.js./fracta-state.db./fracta-reports/*.md./fracta-reports/*.json/tmp/fracta-gitleaks-*
Network endpoints1
api.anthropic.com

Decision evidence

public snapshot
AI called this Clean at 86.0% confidence as Benign with low false-positive risk.
Evidence for block
    Evidence against
    • package.json has no npm lifecycle hooks; only bin fracta-mcp -> dist/index.js
    • dist/index.js starts an MCP stdio server and exposes documented scan tools
    • Network fetches target user-supplied URLs with SSRF validation for passive_scan
    • scan_repo reads a user-supplied/local repo path and runs gitleaks if present
    • Runtime writes are package-aligned reports/state: fracta-reports and fracta-state.db
    • Anthropic API use is opt-in via FRACTA_LLM=1 and ANTHROPIC_API_KEY
    Behavioral surface
    Source
    ChildProcessCryptoEnvironmentVarsEvalFilesystemNetworkShell
    Supply chain
    HighEntropyStringsTelemetryUrlStrings
    Manifest
    WildcardDependency
    scanned 5 file(s), 647 KB of source, external domains: api.anthropic.com, app.seu-dominio.com, cve.mitre.org, cwe.mitre.org, datatracker.ietf.org, docs.anthropic.com, docs.expo.dev, docs.nestjs.com, docs.stripe.com, evil.com, exemplo.com.br, fracta.pro, github.com, meuapp.com.br, owasp.org, platform.claude.com, supabase.com, www.gov.br, www.prisma.io

    Source & flagged code

    5 flagged · loading source
    dist/index.jsView file
    matchType = previous_version_dangerous_delta matchedPackage = fractascan-mcp@0.1.0 matchedIdentity = npm:ZnJhY3Rhc2Nhbi1tY3A:0.1.0 similarity = 0.800 summary = stored previous version shares package body but lacks this dangerous source file
    High
    Previous Version Dangerous Delta

    This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

    dist/index.jsView on unpkg
    1682patternName = generic_password severity = medium line = 1682 matchedText = const bo..." };
    Medium
    Secret Pattern

    Package contains a possible secret pattern.

    dist/index.jsView on unpkg · L1682
    2421patternName = generic_password severity = medium line = 2421 matchedText = body: { ..." },
    Medium
    Secret Pattern

    Hardcoded password in dist/index.js

    dist/index.jsView on unpkg · L2421
    4379patternName = generic_password severity = medium line = 4379 matchedText = password...99",
    Medium
    Secret Pattern

    Hardcoded password in dist/index.js

    dist/index.jsView on unpkg · L4379
    541title: "CSP com 'unsafe-eval' em script-src", L542: detail: "'unsafe-eval' reabre eval()/new Function()/setTimeout(string) \u2014 amplia a superf\xEDcie de XSS.", L543: recommendation: "Remova 'unsafe-eval' e refatore o c\xF3digo que depende de eval/Function din\xE2micos."
    Low
    Eval

    Package source references a known benign dynamic code generation pattern.

    dist/index.jsView on unpkg · L541

    Findings

    1 High6 Medium6 Low
    HighPrevious Version Dangerous Deltadist/index.js
    MediumSecret Patterndist/index.js
    MediumNetwork
    MediumEnvironment Vars
    MediumWildcard Dependency
    MediumSecret Patterndist/index.js
    MediumSecret Patterndist/index.js
    LowScripts Present
    LowEvaldist/index.js
    LowFilesystem
    LowHigh Entropy Strings
    LowTelemetry
    LowUrl Strings