AI called this Clean at 96.0% confidence as Benign with low false-positive risk.
Evidence against
- package.json has no preinstall, install, or postinstall lifecycle hook.
- dist/index.js exposes a stdio MCP server through its declared bin entrypoint.
- Network calls target only XMLStock API endpoints for requested SERP and balance tools.
- Credentials are read from XMLSTOCK_* values and masked in status/error output.
- The only file write is xmlstock_set_credentials, an explicit MCP tool that saves supplied values to its own config file with mode 0600.
- No child_process, eval, dynamic loading, broad file traversal, destructive actions, or agent-control writes were found.
Behavioral surface
SourceChildProcessEnvironmentVarsFilesystemNetwork
ManifestNo manifest risk signals triggered.
scanned 1 file(s), 47.6 KB of source, external domains: xmlstock.com