AI Security Review
scanned 2h ago · by lpm-firewall-aiNo confirmed malicious attack surface was found. The package runs an MCP server that bridges user-invoked MapleStory auction queries through a localhost WebSocket broker and Chrome extension.
Static reason
One or more suspicious static signals were detected.
Trigger
User explicitly runs the bin or configures it as an MCP server
Impact
Package-aligned auction search and wishlist actions; no credential harvesting, persistence, or unconsented agent config mutation observed
Mechanism
local MCP-to-browser-extension bridge for auction API requests
Rationale
Static inspection shows a package-aligned MCP bridge with explicit runtime network activity and no install-time mutation, exfiltration, destructive behavior, or remote payload execution. The child_process and WebSocket primitives are used to start and communicate with the local broker needed for the documented Chrome-extension workflow.
Evidence
package.jsonREADME.mddist/index.jsdist/broker.jsdist/maple_knowledge.md
Network endpoints6
ws://127.0.0.1:29171api.mskr.nexon.com/v1api.mskr.nexon.com/v1/market/web/itemsapi.maplescouter.comchromewebstore.google.com/detail/maple-auction-mcp/mdjabnokhboicgecmpnggabjfimelfjnauction.maplestory.nexon.com
Decision evidence
public snapshotAI called this Clean at 90.0% confidence as Benign with low false-positive risk.
Evidence for block
- dist/index.js imports child_process.spawn to start dist/broker.js when the local bridge is unavailable
- dist/broker.js exposes a localhost WebSocket broker on 127.0.0.1:29171 for MCP client and Chrome extension messages
- MCP tools can POST/DELETE Nexon wishlist entries when explicitly invoked via add_wishlist/remove_wishlist
Evidence against
- package.json has no install/preinstall/postinstall hooks; only prepublishOnly build script
- dist/index.js runtime is an MCP stdio server for MapleStory auction search and related user tools
- Network use is package-aligned: Nexon Maple auction APIs and maplescouter API; no unrelated exfil endpoint found
- File access is limited to bundled dist/maple_knowledge.md via readFileSync; no writes to agent configs or user files found
- README documents explicit MCP setup commands rather than automatic AI-agent control-surface mutation
- Scanner eval/dynamic findings are bundled dependencies and schema libraries, not package payload execution
Behavioral surface
ChildProcessCryptoEnvironmentVarsEvalFilesystemShell
HighEntropyStringsUrlStrings
Source & flagged code
3 flagged · loading sourcedist/index.jsView file
16706// src/bridge.ts
L16707: import { spawn } from "node:child_process";
L16708: import { fileURLToPath } from "node:url";
High
54Cross-file remote execution chain: dist/index.js spawns dist/broker.js; helper contains network access plus dynamic code execution.
L54: kStatusCode: Symbol("status-code"),
L55: kWebSocket: Symbol("websocket"),
L56: NOOP: () => {
...
L107: } else {
L108: buf = Buffer.from(data);
L109: toBuffer.readOnly = false;
...
L119: };
L120: if (!process.env.WS_NO_BUFFER_UTIL) {
L121: try {
...
L171: *
L172: * @private
L173: */
High
Cross File Remote Execution Context
Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
dist/index.jsView on unpkg · L546627sourceCode = this.opts.code.process(sourceCode, sch);
L6628: const makeValidate = new Function(`${names_1.default.self}`, `${names_1.default.scope}`, sourceCode);
L6629: const validate = makeValidate(this, this.scope.get());
Low
Eval
Package source references a known benign dynamic code generation pattern.
dist/index.jsView on unpkg · L6627Findings
3 High1 Medium6 Low
HighChild Processdist/index.js
HighShell
HighCross File Remote Execution Contextdist/index.js
MediumEnvironment Vars
LowNon Install Lifecycle Scripts
LowScripts Present
LowEvaldist/index.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings