AI Security Review
scanned 2h ago · by lpm-firewall-aiNo confirmed malicious attack surface. The CLI performs filesystem and network actions only for explicit build, marketplace, and game-addon commands.
Static reason
One or more suspicious static signals were detected.
Trigger
User runs mbler login, publish, install, uninstall, or build commands.
Impact
User-selected package archives may be downloaded to the configured Minecraft game directory; no silent install-time action is present.
Mechanism
Explicit PMNX marketplace publishing/installing and Minecraft addon deployment.
Rationale
Static inspection shows a user-invoked Minecraft addon build/marketplace CLI, not covert execution or exfiltration. Scanner signals map to documented marketplace authentication, package download, and build subprocess behavior.
Evidence
package.jsonbin/mbler.cjsbin/mcx-tsc.cjsdist/index.mjsdist/build.mjsREADME.md
Network endpoints2
d.pmnx.qzz.ioregistry.npmjs.com
Decision evidence
public snapshotAI called this Clean at 96.0% confidence as Benign with low false-positive risk.
Evidence for block
Evidence against
- package.json has no preinstall, install, postinstall, or prepare hook.
- bin/mbler.cjs only starts the exported CLI; bin/mcx-tsc.cjs runs the package build entry.
- dist/index.mjs sends its stored PMNX token only during explicit login, publish, unpublish, or profile flows.
- dist/index.mjs downloads and extracts marketplace add-ons only via the explicit install command.
- No eval, vm, shell downloader, credential-file harvesting, AI-agent config mutation, or import-time network call found.
Behavioral surface
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsUrlStrings
Source & flagged code
2 flagged · loading sourcepackage.jsonView file
•name = mbler; similarTo = multer
Medium
Typosquat Name
Package name is suspiciously similar to a popular package name.
package.jsonView on unpkgbin/mbler.cjsView file
1#!/usr/bin/env node
L2: const mbler = require('./../dist')
L3:
Medium
Dynamic Require
Package source references dynamic require/import behavior.
bin/mbler.cjsView on unpkg · L1Findings
4 Medium4 Low
MediumTyposquat Namepackage.json
MediumDynamic Requirebin/mbler.cjs
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings