registry  /  novada-mcp  /  0.8.9

novada-mcp@0.8.9

One MCP server for all web data. Search, scrape, crawl, proxy, and AI research in one install.

AI Security Review

scanned 4d ago · by lpm-firewall-ai

No confirmed malicious attack surface was established. The package is an MCP/CLI client for Novada web data APIs with user-invoked network, proxy, browser, and output-writing features aligned with its description.

Static reason
One or more suspicious static signals were detected.
Trigger
User starts the MCP server/CLI and calls a Novada tool.
Impact
External web/API requests and local result files under Downloads; no unconsented install/import-time behavior found.
Mechanism
User-invoked Novada API client and web data tooling
Rationale
Static inspection shows a feature-rich Novada MCP/CLI package whose suspicious primitives are package-aligned and user-invoked, with no concrete install-time, import-time, exfiltration, persistence, or agent-control mutation behavior. Account/proxy capabilities introduce sensitive functionality but are explicit product features with masking and confirmation gates rather than hidden attack behavior.
Evidence
package.jsonbuild/index.jsbuild/cli.jsbuild/config.jsbuild/utils/credentials.jsbuild/utils/output.jsbuild/tools/proxy.jsbuild/tools/browser.jsbuild/tools/static_ip_mgmt.jsbuild/tools/ip_whitelist.js~/Downloads/novada-mcp
Network endpoints6
scraper.novada.comapi.novada.com/g/api/proxyscraperapi.novada.comwebunlocker.novada.comapi-m.novada.comwss://upg-scbr2.novada.com

Decision evidence

public snapshot
AI called this Clean at 86.0% confidence as Benign with medium false-positive risk.
Evidence for block
  • Provides proxy/browser/scraping capabilities that can access external sites when user calls MCP tools.
  • build/utils/credentials.js can fetch Novada proxy/browser sub-account credentials from api-m.novada.com using NOVADA_API_KEY.
  • Some tools can write results to ~/Downloads/novada-mcp and account-management tools can perform confirmed write actions.
Evidence against
  • package.json prepare only runs build chmod; prepublishOnly blocks publishing with .env present, no install-time exfiltration found.
  • build/index.js registers MCP tools; behavior is runtime user-invoked, not import-time execution.
  • Network hosts are Novada service endpoints or user-supplied target URLs for advertised search/extract/scrape/proxy features.
  • Secrets are read from Novada env vars and masked in proxy output; no credential harvesting beyond package-aligned auth use found.
  • No child_process, native binary loading, persistence, destructive filesystem behavior, or AI-agent config mutation found.
  • Write/billable management actions inspected require explicit confirm/dry-run style gates.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetwork
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 75 file(s), 846 KB of source, external domains: api-m.novada.com, api.novada.com, dashboard.novada.com, developer-api.novada.com, docs.example.com, example.com, github.com, scraper.novada.com, scraperapi.novada.com, status.novada.com, web.archive.org, webunlocker.novada.com, www.novada.com

Source & flagged code

7 flagged · loading source
build/tools/proxy.jsView file
124patternName = generic_password severity = medium line = 124 matchedText = ` proxy... }`,
Medium
Secret Pattern

Package contains a possible secret pattern.

build/tools/proxy.jsView on unpkg · L124
skills/novada-agent/setup.shView file
path = skills/novada-agent/setup.sh kind = build_helper sizeBytes = 493 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

skills/novada-agent/setup.shView on unpkg
build/tools/proxy_residential.jsView file
124patternName = generic_password severity = medium line = 124 matchedText = ` proxy... }`,
Medium
Secret Pattern

Hardcoded password in build/tools/proxy_residential.js

build/tools/proxy_residential.jsView on unpkg · L124
build/tools/proxy_account_create.jsView file
87patternName = generic_password severity = medium line = 87 matchedText = password...**",
Medium
Secret Pattern

Hardcoded password in build/tools/proxy_account_create.js

build/tools/proxy_account_create.jsView on unpkg · L87
build/tools/proxy_mobile.jsView file
127patternName = generic_password severity = medium line = 127 matchedText = ` proxy... }`,
Medium
Secret Pattern

Hardcoded password in build/tools/proxy_mobile.js

build/tools/proxy_mobile.jsView on unpkg · L127
build/tools/proxy_datacenter.jsView file
115patternName = generic_password severity = medium line = 115 matchedText = ` proxy... }`,
Medium
Secret Pattern

Hardcoded password in build/tools/proxy_datacenter.js

build/tools/proxy_datacenter.jsView on unpkg · L115
build/tools/proxy_isp.jsView file
117patternName = generic_password severity = medium line = 117 matchedText = ` proxy... }`,
Medium
Secret Pattern

Hardcoded password in build/tools/proxy_isp.js

build/tools/proxy_isp.jsView on unpkg · L117

Findings

10 Medium5 Low
MediumSecret Patternbuild/tools/proxy.js
MediumNetwork
MediumEnvironment Vars
MediumShips Build Helperskills/novada-agent/setup.sh
MediumStructural Risk Force Deep Review
MediumSecret Patternbuild/tools/proxy_residential.js
MediumSecret Patternbuild/tools/proxy_account_create.js
MediumSecret Patternbuild/tools/proxy_mobile.js
MediumSecret Patternbuild/tools/proxy_datacenter.js
MediumSecret Patternbuild/tools/proxy_isp.js
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings