registry  /  mcp-user-system  /  1.0.1

mcp-user-system@1.0.1

MCP server for token-user-system — wallet operations via Model Context Protocol

AI Security Review

scanned 2h ago · by lpm-firewall-ai

Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.

Static reason
No blocking static signals were detected.
Trigger
User runs the `mcp-user-system-install` bin, then launches the configured MCP server.
Impact
Adds an MCP server entry and persists the user-entered backend URL and access token in local MCP configuration.
Mechanism
Explicit MCP configuration mutation and authenticated wallet API requests.
Rationale
Source inspection found no malicious install hook or covert execution chain. The package still warrants a warning because an explicit installer persists credentials and registers an MCP command in an AI client configuration.
Evidence
package.jsoninstall.cjsdist/index.jsdist/env.jsdist/tools/wallet.js

Decision evidence

public snapshot
AI called this Suspicious at 93.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `install.cjs` explicitly writes a `user-system` entry into Claude Desktop MCP configuration.
  • The installer stores caller-supplied `TUS_BASE_URL` and `TUS_ACCESS_TOKEN` in that MCP configuration.
  • `dist/tools/wallet.js` sends the configured token as a Bearer header to the caller-configured base URL.
Evidence against
  • `package.json` has no preinstall, install, or postinstall lifecycle hook.
  • Configuration mutation occurs only when the separate `mcp-user-system-install` CLI is run interactively.
  • Runtime exposes fixed wallet-read tools over stdio; no shell execution, dynamic code loading, or hidden network host is present.
Behavioral surface
Source
EnvironmentVarsFilesystemNetwork
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 4 file(s), 10.3 KB of source, external domains: api.example.com

Source & flagged code

1 flagged · loading source
dist/tools/wallet.jsView file
Published source reference
Medium
Ai Review Evidence

`dist/tools/wallet.js` sends the configured token as a Bearer header to the caller-configured base URL.

dist/tools/wallet.jsView on unpkg

Findings

5 Medium5 Low
MediumNetwork
MediumEnvironment Vars
MediumAi Review Evidence
MediumAi Review Evidence
MediumAi Review Evidencedist/tools/wallet.js
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings