registry  /  infinitecampus-mcp  /  2.3.5

infinitecampus-mcp@2.3.5

Infinite Campus (Campus Parent) MCP server — multi-district read + message/document write

Static Scan Results

scanned 3h ago · by rust-scanner

Static analysis flagged 9 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsEvalFilesystemNetwork
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 23 file(s), 1.45 MB of source, external domains: github.com, json-schema.org, raw.githubusercontent.com, spec.openapis.org, stackoverflow.com, tools.ietf.org, www.anthropic.com, www.safaribooksonline.com, www.w3.org

Source & flagged code

3 flagged · loading source
dist/client.jsView file
270patternName = generic_password severity = medium line = 270 matchedText = password...d)',
Medium
Secret Pattern

Package contains a possible secret pattern.

dist/client.jsView on unpkg · L270
dist/bundle.jsView file
38548patternName = generic_password severity = medium line = 38548 matchedText = passwo...
Medium
Secret Pattern

Hardcoded password in dist/bundle.js

dist/bundle.jsView on unpkg · L38548
2952sourceCode = this.opts.code.process(sourceCode, sch); L2953: const makeValidate = new Function(`${names_1.default.self}`, `${names_1.default.scope}`, sourceCode); L2954: const validate = makeValidate(this, this.scope.get());
Low
Eval

Package source references a known benign dynamic code generation pattern.

dist/bundle.jsView on unpkg · L2952

Findings

4 Medium5 Low
MediumSecret Patterndist/client.js
MediumNetwork
MediumEnvironment Vars
MediumSecret Patterndist/bundle.js
LowScripts Present
LowEvaldist/bundle.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings