AI Security Review
scanned 2h ago · by lpm-firewall-aiRuntime starts a detached localhost WebSocket broker. It accepts unauthenticated origin-less local clients and relays their command objects to a connected Chrome extension; package MCP tools use the bridge for authenticated Maple auction operations.
Static reason
One or more suspicious static signals were detected.
Trigger
Running the `maple-auction-mcp` MCP executable.
Impact
A separate local process could potentially send commands through the connected browser extension and act in its authenticated session.
Mechanism
Unauthenticated localhost Chrome-extension command relay.
Rationale
The package is feature-aligned and lacks malicious install hooks, but its automatically started localhost broker exposes a meaningful unauthenticated bridge to a browser extension and authenticated game-session actions.
Evidence
package.jsondist/index.jsdist/broker.jsREADME.md
Network endpoints3
ws://127.0.0.1:29171api.mskr.nexon.com/v1api.maplescouter.com
Decision evidence
public snapshotAI called this Suspicious at 88.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
- `dist/index.js` starts a detached local broker automatically.
- `dist/broker.js` listens on `127.0.0.1:29171` and accepts origin-less clients.
- Broker forwards arbitrary client command objects to connected Chrome extensions.
- Authenticated Nexon requests are delegated through the extension bridge.
Evidence against
- `package.json` has no install/postinstall lifecycle hook.
- No package code writes agent configuration or harvests local files.
- Network URLs are Maple/Nexon APIs and Maplescouter, matching stated auction features.
- `child_process.spawn` only launches the package-owned `dist/broker.js`.
- Dynamic `Function` is bundled AJV validator code, not a payload loader.
Behavioral surface
ChildProcessCryptoEnvironmentVarsEvalFilesystemShell
HighEntropyStringsUrlStrings
Source & flagged code
3 flagged · loading sourcedist/index.jsView file
16706// src/bridge.ts
L16707: import { spawn } from "node:child_process";
L16708: import { fileURLToPath } from "node:url";
High
54Cross-file remote execution chain: dist/index.js spawns dist/broker.js; helper contains network access plus dynamic code execution.
L54: kStatusCode: Symbol("status-code"),
L55: kWebSocket: Symbol("websocket"),
L56: NOOP: () => {
...
L107: } else {
L108: buf = Buffer.from(data);
L109: toBuffer.readOnly = false;
...
L119: };
L120: if (!process.env.WS_NO_BUFFER_UTIL) {
L121: try {
...
L171: *
L172: * @private
L173: */
High
Cross File Remote Execution Context
Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
dist/index.jsView on unpkg · L546627sourceCode = this.opts.code.process(sourceCode, sch);
L6628: const makeValidate = new Function(`${names_1.default.self}`, `${names_1.default.scope}`, sourceCode);
L6629: const validate = makeValidate(this, this.scope.get());
Low
Eval
Package source references a known benign dynamic code generation pattern.
dist/index.jsView on unpkg · L6627Findings
3 High1 Medium6 Low
HighChild Processdist/index.js
HighShell
HighCross File Remote Execution Contextdist/index.js
MediumEnvironment Vars
LowNon Install Lifecycle Scripts
LowScripts Present
LowEvaldist/index.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings