registry  /  fractascan-mcp  /  0.1.19

fractascan-mcp@0.1.19

Model Context Protocol server exposing Fracta scan tools (passive_scan, scan_repo, …)

AI Security Review

scanned 5h ago · by lpm-firewall-ai

No confirmed malicious attack surface is established. The package exposes an explicit MCP security scanner with user-invoked network scans, repo reads, report writes, and optional external scanner/LLM integrations.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs fracta-mcp as an MCP server and invokes tools such as passive_scan, scan_repo, verify_consent, or scan_target.
Impact
Expected scanner behavior: sends probes to chosen targets, reads chosen repos, and writes local reports/state; no unconsented install/import-time attack behavior found.
Mechanism
MCP security scanning of user-supplied URLs, repos, and configured targets
Rationale
Source inspection shows a user-invoked MCP scanner with no lifecycle hooks, no stealth persistence, no credential exfiltration, and no unconsented agent control-surface mutation. Suspicious primitives are package-aligned security scanning capabilities rather than malicious behavior.
Evidence
package.jsonREADME.mddist/index.jsdist/chunk-U24RMSTQ.js./fracta-state.dbfracta-reports/*user-supplied repo path for read-only scanningtemporary gitleaks report directory under OS tmp
Network endpoints5
fracta.prozap-api.techgithub.com/andersongadelhaadv-cmyk/fractauser-supplied http(s) targetsAnthropic API via SDK when FRACTA_LLM=1

Decision evidence

public snapshot
AI called this Clean at 88.0% confidence as Benign with low false-positive risk.
Evidence for block
  • dist/index.js starts an MCP server/bin and registers scan tools that can make HTTP requests to user-supplied targets.
  • dist/index.js scan_repo reads a user-supplied local path and writes reports/state to fracta-reports/fracta-state.db when invoked.
  • dist/chunk-U24RMSTQ.js can spawn gitleaks/semgrep for explicit repo scanning; this is scanner-aligned behavior.
  • dist/index.js optionally calls Anthropic only when FRACTA_LLM=1 and ANTHROPIC_API_KEY is set.
Evidence against
  • package.json has no preinstall/install/postinstall lifecycle hooks.
  • README.md documents the package as an MCP security/LGPD scanner and shows explicit MCP client configuration.
  • Network use is directed at user-provided URLs or package-aligned promo/docs URLs; no hardcoded exfiltration endpoint was found.
  • Credential strings are test inputs, target auth from targets.yaml, or env-configured API keys for opt-in LLM enrichment; no harvesting loop was found.
  • No AI-agent config mutation or broad control-surface writes were found in inspected package files.
  • Dynamic import is limited to local bundled modules for runtime verifier/formatters and Anthropic SDK wrapper.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsEvalFilesystemNetworkShell
Supply chain
HighEntropyStringsTelemetryUrlStrings
Manifest
WildcardDependency
scanned 9 file(s), 699 KB of source, external domains: api.anthropic.com, app.seu-dominio.com, cve.mitre.org, cwe.mitre.org, datatracker.ietf.org, developer.mozilla.org, docs.anthropic.com, docs.expo.dev, docs.nestjs.com, docs.stripe.com, evil.com, exemplo.com.br, fracta.pro, github.com, json.schemastore.org, meuapp.com.br, owasp.org, platform.claude.com, semgrep.dev, supabase.com, www.gov.br, www.prisma.io, zap-api.tech

Source & flagged code

5 flagged · loading source
dist/index.jsView file
matchType = previous_version_dangerous_delta matchedPackage = fractascan-mcp@0.1.3 matchedIdentity = npm:ZnJhY3Rhc2Nhbi1tY3A:0.1.3 similarity = 0.750 summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/index.jsView on unpkg
1234patternName = generic_password severity = medium line = 1234 matchedText = const bo..." };
Medium
Secret Pattern

Package contains a possible secret pattern.

dist/index.jsView on unpkg · L1234
2111patternName = generic_password severity = medium line = 2111 matchedText = body: { ..." },
Medium
Secret Pattern

Hardcoded password in dist/index.js

dist/index.jsView on unpkg · L2111
4240patternName = generic_password severity = medium line = 4240 matchedText = password...99",
Medium
Secret Pattern

Hardcoded password in dist/index.js

dist/index.jsView on unpkg · L4240
55title: "CSP com 'unsafe-eval' em script-src", L56: detail: "'unsafe-eval' reabre eval()/new Function()/setTimeout(string) \u2014 amplia a superf\xEDcie de XSS.", L57: recommendation: "Remova 'unsafe-eval' e refatore o c\xF3digo que depende de eval/Function din\xE2micos."
Low
Eval

Package source references a known benign dynamic code generation pattern.

dist/index.jsView on unpkg · L55

Findings

1 High6 Medium6 Low
HighPrevious Version Dangerous Deltadist/index.js
MediumSecret Patterndist/index.js
MediumNetwork
MediumEnvironment Vars
MediumWildcard Dependency
MediumSecret Patterndist/index.js
MediumSecret Patterndist/index.js
LowScripts Present
LowEvaldist/index.js
LowFilesystem
LowHigh Entropy Strings
LowTelemetry
LowUrl Strings