registry  /  netsuite-supermcp  /  0.1.22

netsuite-supermcp@0.1.22

A NetSuite MCP server with OAuth, REST/RESTlet tools, client installers, and account permission probes.

AI Security Review

scanned 46m ago · by lpm-firewall-ai

No confirmed malicious install-time or import-time attack surface. The package exposes user-invoked NetSuite MCP setup, OAuth, public tunnel, SuiteCloud deploy, and MCP client installer capabilities.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
npm install prints postinstall hints; runtime actions require explicit CLI commands such as netsuite-supermcp install, setup, public-url, or suitecloud --deploy
Impact
Can modify selected local MCP client configs and create .env only after explicit user command; can start tunnels/download support tools for explicit public URL or deploy workflows.
Mechanism
user-invoked MCP server/client setup and NetSuite integration tooling
Rationale
The only install-time hook is a benign informational postinstall, while agent config writes, tunnels, package-manager/JDK downloads, and SuiteCloud deployment are explicit user-command workflows aligned with the NetSuite MCP package purpose. Under the policy, explicit user-command agent setup without exfiltration or stealth persistence is not malicious.
Evidence
package.jsonbin/postinstall.mjsbin/netsuite-supermcp.mjsbin/netsuite-supermcp-setup.mjsscripts/install-clients.tsscripts/client-installer/targets.tsscripts/client-installer/config.tsscripts/client-installer/io.tsscripts/public-url.tsscripts/suitecloud-project.ts~/.codex/config.toml.mcp.json~/.cursor/mcp.json~/.gemini/settings.json~/.config/opencode/mcp.json.vscode/mcp.json.env.netsuite-supermcp-suitecloud/
Network endpoints1
api.adoptium.net/v3/binary/latest/21/ga/windows/x64/jdk/hotspot/normal/eclipse?project=jdk

Decision evidence

public snapshot
AI called this Clean at 89.0% confidence as Benign with medium false-positive risk.
Evidence for block
  • package.json has postinstall lifecycle script
  • scripts/install-clients.ts can write MCP configs for Codex/Claude/Cursor/Gemini/etc when explicitly run
  • scripts/public-url.ts can download/run ngrok for an explicit public-url command
  • scripts/suitecloud-project.ts can invoke npx SuiteCloud CLI and download a Windows JDK when explicitly deploying
Evidence against
  • bin/postinstall.mjs only prints usage hints and exits on quiet env; no file writes or network
  • Agent/client config mutation is behind explicit netsuite-supermcp install/setup target selection, not install-time
  • CLI child_process calls dispatch local Bun scripts or documented tools from user commands
  • Network endpoints are package-aligned: NetSuite OAuth/REST, ngrok tunnel, Adoptium JDK, Oracle SuiteCloud CLI
  • No credential harvesting or exfiltration beyond user-provided NetSuite/OAuth env embedded into chosen local MCP client configs
  • No obfuscated payloads, eval/vm, native binary loading, or import-time execution found
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 61 file(s), 239 KB of source, external domains: 1234567-sb1.restlets.api.netsuite.com, 1234567-sb1.suitetalk.api.netsuite.com, 127.0.0.1, api.adoptium.net, bin.equinox.io, bun.sh, dashboard.ngrok.com, docs.oracle.com, system.netsuite.com

Source & flagged code

9 flagged · loading source
package.jsonView file
scripts.postinstall = node ./bin/postinstall.mjs
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node ./bin/postinstall.mjs
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
bin/netsuite-supermcp-switch-account.mjsView file
1#!/usr/bin/env node L2: import { spawnSync } from "node:child_process" L3: import { dirname, join } from "node:path"
High
Child Process

Package source references child process execution.

bin/netsuite-supermcp-switch-account.mjsView on unpkg · L1
scripts/public-url.tsView file
254const result = spawnSync( L255: "powershell.exe", L256: [
High
Shell

Package source references shell execution.

scripts/public-url.tsView on unpkg · L254
scripts/smoke.tsView file
1import { type ChildProcess, spawn } from "node:child_process" L2: import { rm } from "node:fs/promises" ... L6: const SmokeConfigSchema = z.object({ L7: baseUrl: z.string().url().default("http://127.0.0.1:3125"), L8: token: z.string().min(12).default("test-token-12345"), ... L11: const config = SmokeConfigSchema.parse({ L12: baseUrl: process.env["SMOKE_BASE_URL"], L13: token: process.env["MCP_BEARER_TOKEN"],
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

scripts/smoke.tsView on unpkg · L1
bin/netsuite-supermcp-setup.mjsView file
1#!/usr/bin/env node L2: import { spawnSync } from "node:child_process" L3: import { dirname, join } from "node:path" ... L8: encoding: "utf8", L9: shell: process.platform === "win32", L10: }) ... L12: console.error("NetSuite SuperMCP setup needs Bun.") L13: console.error("Install Bun: https://bun.sh/docs/installation") L14: console.error("Then rerun: netsuite-supermcp setup")
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

bin/netsuite-supermcp-setup.mjsView on unpkg · L1
scripts/suitecloud-project.tsView file
matchType = previous_version_dangerous_delta matchedPackage = netsuite-supermcp@0.1.19 matchedIdentity = npm:bmV0c3VpdGUtc3VwZXJtY3A:0.1.19 similarity = 0.825 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

scripts/suitecloud-project.tsView on unpkg
66console.log("") L67: console.log("This uses npx for Oracle SuiteCloud CLI and manages a portable JDK on Windows.") L68: } ... L71: function ensureSuiteCloudJavaEnv(): NodeJS.ProcessEnv { L72: const java = spawnSync("java", ["-version"], { L73: encoding: "utf8",
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

scripts/suitecloud-project.tsView on unpkg · L66
setup.shView file
path = setup.sh kind = build_helper sizeBytes = 1116 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

setup.shView on unpkg

Findings

1 Critical6 High5 Medium4 Low
CriticalPrevious Version Dangerous Deltascripts/suitecloud-project.ts
HighInstall Time Lifecycle Scriptspackage.json
HighChild Processbin/netsuite-supermcp-switch-account.mjs
HighShellscripts/public-url.ts
HighSame File Env Network Executionscripts/smoke.ts
HighSandbox Evasion Gated Capabilitybin/netsuite-supermcp-setup.mjs
HighRuntime Package Installscripts/suitecloud-project.ts
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
MediumEnvironment Vars
MediumShips Build Helpersetup.sh
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings