registry  /  novada-mcp  /  0.9.3

novada-mcp@0.9.3

One MCP server for all web data. Search, scrape, crawl, proxy, and AI research in one install.

Static Scan Results

scanned 2h ago · by rust-scanner

Static analysis flagged 16 finding(s) at 93.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetwork
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 75 file(s), 965 KB of source, external domains: api-m.novada.com, api.novada.com, dashboard.novada.com, developer-api.novada.com, docs.example.com, example.com, github.com, scraper.novada.com, status.novada.com, web.archive.org, webunlocker.novada.com, www.novada.com

Source & flagged code

8 flagged · loading source
build/tools/proxy.jsView file
126patternName = generic_password severity = medium line = 126 matchedText = ` proxy... }`,
Medium
Secret Pattern

Package contains a possible secret pattern.

build/tools/proxy.jsView on unpkg · L126
skills/novada-agent/setup.shView file
path = skills/novada-agent/setup.sh kind = build_helper sizeBytes = 493 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

skills/novada-agent/setup.shView on unpkg
build/tools/types.jsView file
matchType = previous_version_dangerous_delta matchedPackage = novada-mcp@0.9.15 matchedIdentity = npm:bm92YWRhLW1jcA:0.9.15 similarity = 0.781 summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

build/tools/types.jsView on unpkg
build/tools/proxy_residential.jsView file
124patternName = generic_password severity = medium line = 124 matchedText = ` proxy... }`,
Medium
Secret Pattern

Hardcoded password in build/tools/proxy_residential.js

build/tools/proxy_residential.jsView on unpkg · L124
build/tools/proxy_account_create.jsView file
87patternName = generic_password severity = medium line = 87 matchedText = password...**",
Medium
Secret Pattern

Hardcoded password in build/tools/proxy_account_create.js

build/tools/proxy_account_create.jsView on unpkg · L87
build/tools/proxy_mobile.jsView file
127patternName = generic_password severity = medium line = 127 matchedText = ` proxy... }`,
Medium
Secret Pattern

Hardcoded password in build/tools/proxy_mobile.js

build/tools/proxy_mobile.jsView on unpkg · L127
build/tools/proxy_datacenter.jsView file
115patternName = generic_password severity = medium line = 115 matchedText = ` proxy... }`,
Medium
Secret Pattern

Hardcoded password in build/tools/proxy_datacenter.js

build/tools/proxy_datacenter.jsView on unpkg · L115
build/tools/proxy_isp.jsView file
117patternName = generic_password severity = medium line = 117 matchedText = ` proxy... }`,
Medium
Secret Pattern

Hardcoded password in build/tools/proxy_isp.js

build/tools/proxy_isp.jsView on unpkg · L117

Findings

1 High10 Medium5 Low
HighPrevious Version Dangerous Deltabuild/tools/types.js
MediumSecret Patternbuild/tools/proxy.js
MediumNetwork
MediumEnvironment Vars
MediumShips Build Helperskills/novada-agent/setup.sh
MediumStructural Risk Force Deep Review
MediumSecret Patternbuild/tools/proxy_residential.js
MediumSecret Patternbuild/tools/proxy_account_create.js
MediumSecret Patternbuild/tools/proxy_mobile.js
MediumSecret Patternbuild/tools/proxy_datacenter.js
MediumSecret Patternbuild/tools/proxy_isp.js
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings