registry  /  mcp-efficiency-engine  /  0.1.6

mcp-efficiency-engine@0.1.6

Motor de orquestacion para agentes MCP con routing por dominio y bootstrap portable.

AI Security Review

scanned 4h ago · by lpm-firewall-ai

LPM blocks this version under the AI-agent control-surface policy. Automatic npm postinstall scaffolds package-controlled files into the consuming project. This includes a VS Code MCP control configuration that launches package scripts.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
npm install or dependency installation
Impact
Can alter the host project's AI-agent tool configuration without an explicit user command.
Mechanism
postinstall copies AI-agent/MCP configuration and executable scaffolding into `INIT_CWD`
Policy narrative
Installing the package invokes its postinstall script. The installer targets the consumer working directory and recursively copies a broad scaffold that includes `.vscode/mcp.json`; that file configures MCP servers and invokes package-provided PowerShell launch scripts using `-ExecutionPolicy Bypass`. Existing files are preserved absent `--force`, but absent files are created automatically. This is an unconsented install-time mutation of a foreign project AI-agent control surface.
Rationale
Source inspection confirms the scanner's core finding: the package performs automatic postinstall writes into the consumer project, including MCP configuration. The absence of an observed exfiltration payload does not remove the concrete AI-agent control-surface hijack risk.
Evidence
package.jsonbin/install-host.js.vscode/mcp.jsonbin/mcpee.jsscripts/ops/install-terminal-telemetry-hook.ps1.github.githooksAGENTS.mdscripts

Decision evidence

public snapshot
AI called this Malicious at 96.0% confidence as Malware with low false-positive risk.
Evidence for policy block
  • `package.json` runs `node ./bin/install-host.js --postinstall` automatically on install.
  • `bin/install-host.js` defaults its target to `INIT_CWD`/current directory and copies scaffold entries during postinstall.
  • The scaffold list includes `.vscode`, `.github`, `.githooks`, `AGENTS.md`, and package-supplied scripts.
  • `.vscode/mcp.json` registers MCP servers and launches package-supplied PowerShell scripts with execution-policy bypass.
  • The postinstall path copies these foreign-project AI-agent control files before its noninteractive early return.
Evidence against
  • No obfuscated payload, `eval`, VM execution, or dynamic remote-code loading was found.
  • LangSmith publishing is guarded by enabled configuration plus an API key and project.
  • Terminal telemetry hook installation is exposed through explicit `observe-on`, not invoked by the postinstall path.
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystem
Supply chainNo supply-chain packaging signals triggered.
ManifestNo manifest risk signals triggered.
scanned 2 file(s), 16.2 KB of source

Source & flagged code

4 flagged · loading source
package.jsonView file
scripts.postinstall = node ./bin/install-host.js --postinstall
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node ./bin/install-host.js --postinstall
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
bin/install-host.jsView file
1Install-time AI-agent control hijack evidence: L27: "tooling", L28: "AGENTS.md", L29: "ARCHITECTURE.md", ... L148: function ensureDir(dirPath) { L149: fs.mkdirSync(dirPath, { recursive: true }); L150: } ... L163: L164: fs.copyFileSync(sourcePath, targetPath); L165: return { copied: true, skipped: false, reason: "copied" }; Payload evidence from AGENTS.md: L1: <!-- markdownlint-disable MD013 --> L2:
Critical
Ai Agent Control Hijack

Install-time source drops package-supplied AI-agent/MCP control files or instructions.

bin/install-host.jsView on unpkg · L1
scripts/context/build-repomix.ps1View file
path = scripts/context/build-repomix.ps1 kind = build_helper sizeBytes = 64 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

scripts/context/build-repomix.ps1View on unpkg

Findings

1 Critical1 High4 Medium2 Low
CriticalAi Agent Control Hijackbin/install-host.js
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumEnvironment Vars
MediumShips Build Helperscripts/context/build-repomix.ps1
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem