registry  /  klypix-mcp  /  1.19.0

klypix-mcp@1.19.0

An open, local-first, agent-neutral canvas file your AI reads and writes over MCP — works with Claude, Cursor, Cline, any model.

AI Security Review

scanned 10d ago · by lpm-firewall-ai

No confirmed malicious attack surface. The package exposes deliberate MCP/A2A tools and explicit install/link commands that manage local KLYPIX brain files and agent configuration.

Static reason
No blocking static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs klypix-mcp server or explicit commands such as install, link, init, doctor, or calls MCP tools.
Impact
Can write local brain/canvas/config files by design; no unconsented lifecycle execution or exfiltration found.
Mechanism
local canvas/agent-memory tooling with user-invoked config and hook installation
Rationale
Static inspection shows powerful local agent-memory and hook functionality, but it is activated by explicit user commands or MCP tool calls and is consistent with the package description. No lifecycle execution, stealth persistence, credential harvesting, external exfiltration, or hidden destructive behavior was found.
Evidence
package.jsonindex.mjsbin/klypix-mcp.mjsbin/klypix-install.mjsbin/klypix-link.mjsbin/klypix-doctor.mjssrc/agent-rules.mjssrc/global-brain-hook.mjssrc/klypix-core.mjsbrain.klypix.claude/brain-brief.md.claude/brain-capture-state.json.claude/brain-capture-log.jsonlAGENTS.md.cursor/mcp.json.cursor/rules/klypix-brain.mdc.vscode/mcp.json~/.claude/settings.json~/.claude/project-brain
Network endpoints4
registry.npmjs.org/klypix-mcp/latest127.0.0.1:41241klypix.comgithub.com/dahshanlabs/klypix-mcp

Decision evidence

public snapshot
AI called this Clean at 86.0% confidence as Benign with medium false-positive risk.
Evidence for block
  • bin/klypix-install.mjs explicitly writes ~/.claude/project-brain and ~/.claude/settings.json hooks when user runs install.
  • src/agent-rules.mjs writes project agent rule/MCP files when user runs link.
  • src/global-brain-hook.mjs can read hook input/transcripts and write local brain/log/cache files after install.
  • src/global-brain-hook.mjs and doctor paths can query npm version from registry/npm CLI.
Evidence against
  • package.json has no install/preinstall/postinstall lifecycle hooks.
  • index.mjs only re-exports src/klypix-format.mjs; no import-time hook/config mutation.
  • bin/klypix-mcp.mjs dispatches install/link/doctor/init only via explicit CLI args; otherwise starts an MCP server.
  • Network use is package-aligned version checking or local A2A server; no credential/file exfiltration endpoint found.
  • Writes are local-first brain/canvas, MCP config, and agent instruction files matching documented package purpose.
  • No obfuscated payload, eval/vm/Function, binary loading, or destructive filesystem behavior found.
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 17 file(s), 416 KB of source, external domains: klypix.com, registry.npmjs.org

Source & flagged code

3 flagged · loading source
src/klypix-core.mjsView file
158let t; L159: try { t = await import('@huggingface/transformers'); } L160: catch {
Medium
Dynamic Require

Package source references dynamic require/import behavior.

src/klypix-core.mjsView on unpkg · L158
8// L9: // where Block is { kind:'text', text } or { kind:'image', data(base64), mime, name }. L10: // ... L53: export function resolveVault(explicit) { L54: return path.resolve(explicit || process.env.KLYPIX_VAULT || path.join(os.homedir(), 'Documents')); L55: } ... L264: const ext = p.split('.').pop().toLowerCase(); L265: blocks.push({ kind: 'image', data: b64, mime: IMG_MIME[ext] || 'image/png', name: p }); L266: included++;
Low
Weak Crypto

Package source references weak cryptographic algorithms.

src/klypix-core.mjsView on unpkg · L8
bin/klypix-mcp.mjsView file
matchType = previous_version_dangerous_delta matchedPackage = klypix-mcp@1.18.1 matchedIdentity = npm:a2x5cGl4LW1jcA:1.18.1 similarity = 0.875 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version.

bin/klypix-mcp.mjsView on unpkg

Findings

1 Critical3 Medium5 Low
CriticalPrevious Version Dangerous Deltabin/klypix-mcp.mjs
MediumDynamic Requiresrc/klypix-core.mjs
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowWeak Cryptosrc/klypix-core.mjs
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings