registry  /  sens-mcp  /  0.3.0

sens-mcp@0.3.0

A project index for Claude Code — let the model query your codebase instead of reading it all. Saves subscription usage and keeps code clean.

AI Security Review

scanned 3h ago · by lpm-firewall-ai

Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.

Static reason
No blocking static signals were detected.
Trigger
User runs sens dashboard and clicks Connect to Claude Code, or explicitly runs sens rules/report/index/mcp commands.
Impact
Adds a package-owned MCP server entry and writes local .sens cache/log/report files; no confirmed exfiltration or remote code execution beyond npx invocation of this package.
Mechanism
user-invoked project indexing plus explicit MCP config setup
Rationale
Source inspection supports a package-aligned tool with an explicit user-command MCP config mutation, which is an agent-control-surface lifecycle risk but not malicious under the policy. No concrete exfiltration, install-time mutation, destructive behavior, or staged payload was found.
Evidence
package.jsondist/cli.jsdist/server-YDYSA2YO.jsdist/server-OKFVY3GH.jsdist/chunk-5YINTSQX.jsdist/chunk-DPT26USV.jsREADME.md.mcp.json.sens/index.json.sens/usage.jsonl.sens/report.htmlSENS_RULES.md

Decision evidence

public snapshot
AI called this Suspicious at 86.0% confidence as Benign with medium false-positive risk.
Evidence for warning
  • dist/server-OKFVY3GH.js exposes dashboard POST /api/connect that writes project .mcp.json.
  • dist/server-OKFVY3GH.js sets mcpServers.sens to run npx -y sens-mcp mcp.
  • dist/chunk-DPT26USV.js MCP usage logging appends tool calls to .sens/usage.jsonl.
Evidence against
  • package.json has no preinstall/install/postinstall lifecycle hooks.
  • dist/cli.js only runs actions from explicit CLI commands; mcp server starts only via sens mcp.
  • dist/server-YDYSA2YO.js registers local MCP tools for project indexing/querying, not credential access or exfiltration.
  • dist/chunk-5YINTSQX.js indexes local source and writes cache to .sens/index.json using declared parsers/WASM grammars.
  • No external network endpoints or remote payload fetches found in runtime source; README URLs are badges/docs.
Behavioral surface
Source
ChildProcessDynamicRequireFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 8 file(s), 186 KB of source, external domains: www.w3.org

Source & flagged code

2 flagged · loading source
dist/chunk-5YINTSQX.jsView file
28async function build(root, absFiles) { L29: const { Project, Node, SyntaxKind } = await import("ts-morph"); L30: const project = new Project({
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/chunk-5YINTSQX.jsView on unpkg · L28
dist/grammars/tree-sitter-go.wasmView file
path = dist/grammars/tree-sitter-go.wasm kind = wasm_module sizeBytes = 235957 magicHex = [redacted]
Medium
Ships Wasm Module

Package ships WebAssembly modules.

dist/grammars/tree-sitter-go.wasmView on unpkg

Findings

4 Medium4 Low
MediumDynamic Requiredist/chunk-5YINTSQX.js
MediumNetwork
MediumShips Wasm Moduledist/grammars/tree-sitter-go.wasm
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings