No confirmed malicious attack surface. The package is a user-invoked stdio MCP server for Yandex.Webmaster; explicit credential setup stores values in its package-owned configuration path and subsequent tool calls contact Yandex APIs.
Static reason
One or more suspicious static signals were detected.
Trigger
Running the CLI/MCP server, then invoking OAuth, credential, or Yandex.Webmaster tools.
Impact
User-supplied Yandex OAuth credentials are stored locally and used only for the declared Yandex service calls.
Mechanism
Explicit OAuth credential storage and authorized Yandex API requests.
Rationale
Static inspection shows package-aligned OAuth and Yandex.Webmaster functionality, not a concrete malicious chain. Scanner signals arise from expected credential handling, local configuration, and declared service API calls.
Evidence
package.jsondist/index.jsREADME.md~/.config/seo-tools-mcp/.env
Network endpoints3
oauth.yandex.ru/tokenoauth.yandex.ru/authorizeapi.webmaster.yandex.net/v4