No confirmed malicious attack surface. The MCP server makes tool-invoked, credentialed requests only to XMLRiver and may persist credentials supplied through its own configuration tool.
Static reason
One or more suspicious static signals were detected.
Trigger
User starts the CLI and invokes an XMLRiver MCP tool; credential persistence requires `xmlriver_set_credentials`.
Impact
Search queries and configured XMLRiver credentials are sent to XMLRiver; no unconsented persistence or foreign control-surface mutation was found.
Mechanism
Package-aligned MCP API client with explicit local credential storage.
Rationale
Static inspection shows a package-aligned XMLRiver MCP client, not a malicious chain. Scanner signals arise from normal credential handling, local config storage, and provider API requests.
Evidence
package.jsondist/index.jsREADME.md
Network endpoints3
xmlriver.com/search/xmlxmlriver.com/search_yandex/xmlxmlriver.com/api/get_balance/