registry  /  klypix-mcp  /  1.18.0

klypix-mcp@1.18.0

An open, local-first, agent-neutral canvas file your AI reads and writes over MCP — works with Claude, Cursor, Cline, any model.

AI Security Review

scanned 10d ago · by lpm-firewall-ai

No confirmed malicious attack surface was found. The package exposes MCP/A2A tools for reading and writing local .klypix canvases and optional user-invoked agent-memory installation/linking.

Static reason
No blocking static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User explicitly runs CLI commands or invokes MCP/A2A tools.
Impact
Can modify project brain/canvas files and agent config when invoked as documented; no install-time execution, credential theft, or exfiltration observed.
Mechanism
Local-first canvas/agent-memory server with user-invoked file writes.
Rationale
Static inspection shows powerful local file and AI-agent configuration features, but they are documented, package-aligned, and activated by explicit CLI/tool use rather than install/import-time abuse. No credential harvesting, covert network exfiltration, destructive behavior, or unconsented lifecycle agent control mutation was found.
Evidence
package.jsonbin/klypix-mcp.mjsbin/klypix-install.mjsbin/klypix-a2a.mjssrc/klypix-core.mjssrc/agent-rules.mjssrc/global-brain-hook.mjsbrain.klypix.claude/brain-capture-state.json.claude/brain-capture-log.jsonlAGENTS.md.cursor/mcp.json.vscode/mcp.json~/.claude/project-brain~/.claude/settings.json
Network endpoints5
klypix.com127.0.0.1:41241/127.0.0.1:41241/.well-known/agent-card.jsonnpm view klypix-mcp versionXenova/all-MiniLM-L6-v2

Decision evidence

public snapshot
AI called this Clean at 86.0% confidence as Benign with medium false-positive risk.
Evidence for block
    Evidence against
    • package.json has no install/preinstall/postinstall lifecycle scripts.
    • bin/klypix-mcp.mjs starts an MCP stdio server; write tools operate on user-specified vault/brain files.
    • bin/klypix-install.mjs writes ~/.claude/project-brain and ~/.claude/settings.json only when user runs `klypix-mcp install`.
    • src/agent-rules.mjs writes project agent config/rules only when user runs `klypix-mcp link`; fenced managed blocks are explicit.
    • bin/klypix-a2a.mjs binds HTTP A2A to 127.0.0.1 by default and rejects canvas paths outside the vault.
    • Network activity found is package-aligned/optional: npm version check, local A2A endpoint, optional HuggingFace model import/cache.
    Behavioral surface
    Source
    ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
    Supply chain
    HighEntropyStringsUrlStrings
    ManifestNo manifest risk signals triggered.
    scanned 17 file(s), 403 KB of source, external domains: klypix.com, registry.npmjs.org

    Source & flagged code

    3 flagged · loading source
    src/klypix-core.mjsView file
    157let t; L158: try { t = await import('@huggingface/transformers'); } L159: catch {
    Medium
    Dynamic Require

    Package source references dynamic require/import behavior.

    src/klypix-core.mjsView on unpkg · L157
    8// L9: // where Block is { kind:'text', text } or { kind:'image', data(base64), mime, name }. L10: // ... L52: export function resolveVault(explicit) { L53: return path.resolve(explicit || process.env.KLYPIX_VAULT || path.join(os.homedir(), 'Documents')); L54: } ... L263: const ext = p.split('.').pop().toLowerCase(); L264: blocks.push({ kind: 'image', data: b64, mime: IMG_MIME[ext] || 'image/png', name: p }); L265: included++;
    Low
    Weak Crypto

    Package source references weak cryptographic algorithms.

    src/klypix-core.mjsView on unpkg · L8
    bin/klypix-mcp.mjsView file
    matchType = previous_version_dangerous_delta matchedPackage = klypix-mcp@1.16.0 matchedIdentity = npm:a2x5cGl4LW1jcA:1.16.0 similarity = 0.813 summary = stored previous version shares package body but lacks this dangerous source file
    Critical
    Previous Version Dangerous Delta

    This package version adds a dangerous source file absent from the previous stored version.

    bin/klypix-mcp.mjsView on unpkg

    Findings

    1 Critical3 Medium5 Low
    CriticalPrevious Version Dangerous Deltabin/klypix-mcp.mjs
    MediumDynamic Requiresrc/klypix-core.mjs
    MediumNetwork
    MediumEnvironment Vars
    LowScripts Present
    LowWeak Cryptosrc/klypix-core.mjs
    LowFilesystem
    LowHigh Entropy Strings
    LowUrl Strings