registry  /  memgit-mcp  /  0.1.2

memgit-mcp@0.1.2

memgit MCP server — run as npx memgit-mcp. Git for AI memory.

Static Scan Results

scanned 6d ago · by rust-scanner

Static analysis flagged 3 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessFilesystemShell
Supply chain
UrlStrings
ManifestNo manifest risk signals triggered.
scanned 1 file(s), 1.67 KB of source, external domains: python.org

Source & flagged code

1 flagged · loading source
bin/memgit-mcp.jsView file
9L10: import { execFileSync, spawn } from "node:child_process"; L11: import { existsSync, mkdirSync } from "node:fs"; ... L14: L15: const VENV = join(homedir(), ".memgit-npm-venv"); L16: const PIP = join(VENV, process.platform === "win32" ? "Scripts/pip" : "bin/pip"); L17: const MEMGIT = join(VENV, process.platform === "win32" ? "Scripts/memgit" : "bin/memgit"); ... L28: } L29: throw new Error("Python 3.11+ not found. Install from https://python.org/downloads"); L30: } ... L32: if (!existsSync(MEMGIT)) { L33: process.stderr.write("[memgit-mcp] First run: installing memgit...\n");
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

bin/memgit-mcp.jsView on unpkg · L9

Findings

1 High2 Low
HighSandbox Evasion Gated Capabilitybin/memgit-mcp.js
LowFilesystem
LowUrl Strings