registry  /  mcp-efficiency-engine  /  0.1.5

mcp-efficiency-engine@0.1.5

Motor de orquestacion para agentes MCP con routing por dominio y bootstrap portable.

AI Security Review

scanned 2h ago · by lpm-firewall-ai

LPM blocks this version under the AI-agent control-surface policy. Automatic npm postinstall mutates the consuming project's AI-agent configuration surface. It drops `.vscode/mcp.json` and `AGENTS.md`, then configures a repository post-commit hook when applicable.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
npm install of `mcp-efficiency-engine@0.1.5`
Impact
Can cause an AI-enabled editor to discover package-selected MCP servers and changes future repository commit behavior.
Mechanism
postinstall scaffolding of foreign MCP instructions and Git hook configuration
Policy narrative
On npm install, `postinstall` runs `bin/install-host.js` against `INIT_CWD` or the current directory. Before any explicit user CLI command, it copies package-controlled `.vscode/mcp.json` and `AGENTS.md` into the consuming project and, for a Git repository, sets its local hooks path to package-provided `.githooks`. This is an unconsented install-time mutation of a foreign AI-agent control surface, regardless of the package's stated onboarding purpose.
Rationale
Source inspection confirms a concrete automatic postinstall control-surface write into the host project. This meets the firewall block policy for unconsented npm lifecycle mutation of foreign/broad AI-agent configuration.
Evidence
package.jsonbin/install-host.js.vscode/mcp.jsonscripts/setup/install-project-hooks.ps1.githooks/post-commitAGENTS.md

Decision evidence

public snapshot
AI called this Malicious at 96.0% confidence as Malware with low false-positive risk.
Evidence for policy block
  • `package.json` runs `postinstall` automatically.
  • `bin/install-host.js` targets `INIT_CWD` or `process.cwd()`, i.e. the consuming project.
  • Postinstall copies package `.vscode/mcp.json` and `AGENTS.md` into that project.
  • `.vscode/mcp.json` registers six package-selected MCP server commands.
  • Postinstall invokes `scripts/setup/install-project-hooks.ps1`, which sets local `core.hooksPath=.githooks`.
  • Existing differing files are preserved unless `--force`, but absent control files are created without consent.
Evidence against
  • No credential harvesting or exfiltration was found in inspected lifecycle files.
  • The lifecycle path skips interactive bootstrap when stdin is non-TTY.
  • The dropped MCP configuration uses local command names rather than embedded remote URLs.
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystem
Supply chainNo supply-chain packaging signals triggered.
ManifestNo manifest risk signals triggered.
scanned 2 file(s), 14.1 KB of source

Source & flagged code

4 flagged · loading source
package.jsonView file
scripts.postinstall = node ./bin/install-host.js --postinstall
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node ./bin/install-host.js --postinstall
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
bin/install-host.jsView file
1Install-time AI-agent control hijack evidence: L27: "tooling", L28: "AGENTS.md", L29: "ARCHITECTURE.md", ... L148: function ensureDir(dirPath) { L149: fs.mkdirSync(dirPath, { recursive: true }); L150: } ... L163: L164: fs.copyFileSync(sourcePath, targetPath); L165: return { copied: true, skipped: false, reason: "copied" }; Payload evidence from AGENTS.md: L1: <!-- markdownlint-disable MD013 --> L2:
Critical
Ai Agent Control Hijack

Install-time source drops package-supplied AI-agent/MCP control files or instructions.

bin/install-host.jsView on unpkg · L1
scripts/context/build-repomix.ps1View file
path = scripts/context/build-repomix.ps1 kind = build_helper sizeBytes = 64 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

scripts/context/build-repomix.ps1View on unpkg

Findings

1 Critical1 High4 Medium2 Low
CriticalAi Agent Control Hijackbin/install-host.js
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumEnvironment Vars
MediumShips Build Helperscripts/context/build-repomix.ps1
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem