registry  /  novada-mcp  /  0.8.10

novada-mcp@0.8.10

One MCP server for all web data. Search, scrape, crawl, proxy, and AI research in one install.

AI Security Review

scanned 4d ago · by lpm-firewall-ai

No confirmed malicious attack surface was established. The package exposes user-invoked MCP tools for web search, extraction, crawling, proxies, browser automation, and account management, aligned with its manifest and README.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User starts the novada/novada-mcp CLI or invokes an MCP tool with credentials and target parameters.
Impact
Can contact Novada APIs and user-specified web targets, return proxy credentials masked in output, and save fetched content to Downloads; no unconsented install/import behavior found.
Mechanism
User-directed web/API client with local output saving
Rationale
Static source inspection shows a web data MCP client with network and proxy capabilities that are explicit package functionality and activated by user tool calls. I found no install-time/import-time exfiltration, persistence, destructive behavior, or unconsented AI-agent control-surface mutation.
Evidence
package.jsonbuild/index.jsbuild/config.jsbuild/utils/credentials.jsbuild/utils/output.jsbuild/tools/site_copy.jsbuild/tools/proxy.jsskills/novada-agent/setup.sh~/Downloads/novada-mcp
Network endpoints6
scraper.novada.comapi.novada.com/g/api/proxyscraperapi.novada.comwebunlocker.novada.comapi-m.novada.comwss://upg-scbr2.novada.com

Decision evidence

public snapshot
AI called this Clean at 89.0% confidence as Benign with medium false-positive risk.
Evidence for block
  • User-invoked tools can fetch arbitrary URLs and write extracted output under ~/Downloads/novada-mcp (build/tools/site_copy.js, build/utils/output.js).
  • Proxy/account tools read NOVADA_* credentials and call Novada management/API hosts when invoked (build/utils/credentials.js, build/_core/developer_api.js).
Evidence against
  • package.json lifecycle hooks are build/test-only; prepare runs npm run build and prepublishOnly blocks local .env before publishing.
  • Entrypoint build/index.js starts an MCP stdio server; no install-time credential harvesting or persistence found.
  • Network endpoints are Novada service APIs or user-supplied URLs for the package's declared search/scrape/crawl/proxy purpose.
  • Filesystem writes are bounded to generated outputs under ~/Downloads/novada-mcp with filename sanitization/path checks.
  • skills/novada-agent/setup.sh only prints setup guidance; no downloads, shell execution, or file mutation.
  • No child_process, eval/vm/Function, native binary loading, destructive commands, or AI-agent config mutation found in inspected files.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetwork
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 75 file(s), 850 KB of source, external domains: api-m.novada.com, api.novada.com, dashboard.novada.com, developer-api.novada.com, docs.example.com, example.com, github.com, scraper.novada.com, scraperapi.novada.com, status.novada.com, web.archive.org, webunlocker.novada.com, www.novada.com

Source & flagged code

8 flagged · loading source
build/tools/proxy.jsView file
124patternName = generic_password severity = medium line = 124 matchedText = ` proxy... }`,
Medium
Secret Pattern

Package contains a possible secret pattern.

build/tools/proxy.jsView on unpkg · L124
skills/novada-agent/setup.shView file
path = skills/novada-agent/setup.sh kind = build_helper sizeBytes = 493 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

skills/novada-agent/setup.shView on unpkg
build/tools/site_copy.jsView file
matchType = previous_version_dangerous_delta matchedPackage = novada-mcp@0.8.9 matchedIdentity = npm:bm92YWRhLW1jcA:0.8.9 similarity = 0.945 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version.

build/tools/site_copy.jsView on unpkg
build/tools/proxy_residential.jsView file
124patternName = generic_password severity = medium line = 124 matchedText = ` proxy... }`,
Medium
Secret Pattern

Hardcoded password in build/tools/proxy_residential.js

build/tools/proxy_residential.jsView on unpkg · L124
build/tools/proxy_account_create.jsView file
87patternName = generic_password severity = medium line = 87 matchedText = password...**",
Medium
Secret Pattern

Hardcoded password in build/tools/proxy_account_create.js

build/tools/proxy_account_create.jsView on unpkg · L87
build/tools/proxy_mobile.jsView file
127patternName = generic_password severity = medium line = 127 matchedText = ` proxy... }`,
Medium
Secret Pattern

Hardcoded password in build/tools/proxy_mobile.js

build/tools/proxy_mobile.jsView on unpkg · L127
build/tools/proxy_datacenter.jsView file
115patternName = generic_password severity = medium line = 115 matchedText = ` proxy... }`,
Medium
Secret Pattern

Hardcoded password in build/tools/proxy_datacenter.js

build/tools/proxy_datacenter.jsView on unpkg · L115
build/tools/proxy_isp.jsView file
117patternName = generic_password severity = medium line = 117 matchedText = ` proxy... }`,
Medium
Secret Pattern

Hardcoded password in build/tools/proxy_isp.js

build/tools/proxy_isp.jsView on unpkg · L117

Findings

1 Critical10 Medium5 Low
CriticalPrevious Version Dangerous Deltabuild/tools/site_copy.js
MediumSecret Patternbuild/tools/proxy.js
MediumNetwork
MediumEnvironment Vars
MediumShips Build Helperskills/novada-agent/setup.sh
MediumStructural Risk Force Deep Review
MediumSecret Patternbuild/tools/proxy_residential.js
MediumSecret Patternbuild/tools/proxy_account_create.js
MediumSecret Patternbuild/tools/proxy_mobile.js
MediumSecret Patternbuild/tools/proxy_datacenter.js
MediumSecret Patternbuild/tools/proxy_isp.js
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings