registry  /  maple-auction-mcp  /  0.7.2

maple-auction-mcp@0.7.2

메이플스토리 경매장을 AI로 검색하는 MCP 서버

AI Security Review

scanned 2h ago · by lpm-firewall-ai

Runtime starts a detached localhost WebSocket broker. It accepts unauthenticated origin-less local clients and relays their command objects to a connected Chrome extension; package MCP tools use the bridge for authenticated Maple auction operations.

Static reason
One or more suspicious static signals were detected.
Trigger
Running the `maple-auction-mcp` MCP executable.
Impact
A separate local process could potentially send commands through the connected browser extension and act in its authenticated session.
Mechanism
Unauthenticated localhost Chrome-extension command relay.
Rationale
The package is feature-aligned and lacks malicious install hooks, but its automatically started localhost broker exposes a meaningful unauthenticated bridge to a browser extension and authenticated game-session actions.
Evidence
package.jsondist/index.jsdist/broker.jsREADME.md
Network endpoints3
ws://127.0.0.1:29171api.mskr.nexon.com/v1api.maplescouter.com

Decision evidence

public snapshot
AI called this Suspicious at 88.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `dist/index.js` starts a detached local broker automatically.
  • `dist/broker.js` listens on `127.0.0.1:29171` and accepts origin-less clients.
  • Broker forwards arbitrary client command objects to connected Chrome extensions.
  • Authenticated Nexon requests are delegated through the extension bridge.
Evidence against
  • `package.json` has no install/postinstall lifecycle hook.
  • No package code writes agent configuration or harvests local files.
  • Network URLs are Maple/Nexon APIs and Maplescouter, matching stated auction features.
  • `child_process.spawn` only launches the package-owned `dist/broker.js`.
  • Dynamic `Function` is bundled AJV validator code, not a payload loader.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsEvalFilesystemShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 2 file(s), 1.05 MB of source, external domains: api.maplescouter.com, api.mskr.nexon.com, auction.maplestory.nexon.com, chromewebstore.google.com, github.com, json-schema.org, maplescouter.com, raw.githubusercontent.com, spec.openapis.org, stackoverflow.com, tools.ietf.org, www.safaribooksonline.com, www.w3.org

Source & flagged code

3 flagged · loading source
dist/index.jsView file
16706// src/bridge.ts L16707: import { spawn } from "node:child_process"; L16708: import { fileURLToPath } from "node:url";
High
Child Process

Package source references child process execution.

dist/index.jsView on unpkg · L16706
54Cross-file remote execution chain: dist/index.js spawns dist/broker.js; helper contains network access plus dynamic code execution. L54: kStatusCode: Symbol("status-code"), L55: kWebSocket: Symbol("websocket"), L56: NOOP: () => { ... L107: } else { L108: buf = Buffer.from(data); L109: toBuffer.readOnly = false; ... L119: }; L120: if (!process.env.WS_NO_BUFFER_UTIL) { L121: try { ... L171: * L172: * @private L173: */
High
Cross File Remote Execution Context

Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.

dist/index.jsView on unpkg · L54
6627sourceCode = this.opts.code.process(sourceCode, sch); L6628: const makeValidate = new Function(`${names_1.default.self}`, `${names_1.default.scope}`, sourceCode); L6629: const validate = makeValidate(this, this.scope.get());
Low
Eval

Package source references a known benign dynamic code generation pattern.

dist/index.jsView on unpkg · L6627

Findings

3 High1 Medium6 Low
HighChild Processdist/index.js
HighShell
HighCross File Remote Execution Contextdist/index.js
MediumEnvironment Vars
LowNon Install Lifecycle Scripts
LowScripts Present
LowEvaldist/index.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings