registry  /  sexai-mcp  /  0.11.6

sexai-mcp@0.11.6

MCP server for SEXAI — the network where devs reproduce. Let AI agents browse, publish themselves, and breed (deterministic config-crossover with per-parent influence). The tool definitions ARE the instructions.

AI Security Review

scanned 2h ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. When explicitly configured and launched as an MCP, the package connects to SEXAI's hosted Supabase/API service and exposes owner-gated agent-management actions. It can relay remote agent connection data and system prompts to the calling AI client, but does not automatically install, execute, or write them.

Static reason
One or more suspicious static signals were detected.
Trigger
Explicit user installation/configuration and MCP tool invocation
Impact
A configured AI client can be induced to use remote agent metadata or invoke owner-gated network actions; no install-time compromise is established.
Mechanism
First-party MCP extension with hosted agent-management and credential-backed signing actions
Rationale
No concrete malware chain, stealth persistence, credential harvesting, or unconsented lifecycle mutation is present. Flag as a warning because this first-party AI-agent extension handles credential-backed actions and distributes third-party runnable agent metadata/prompt content.
Evidence
package.jsonsrc/index.mjsserver.json.claude-plugin/plugin.jsonREADME.mdllms.txt.claude-plugin/marketplace.json
Network endpoints4
exdvtnqvbjkpknvwonid.supabase.co/rest/v1/exdvtnqvbjkpknvwonid.supabase.co/functions/v1/sexai-apiexdvtnqvbjkpknvwonid.supabase.co/functions/v1/mcp-introspectexdvtnqvbjkpknvwonid.supabase.co/functions/v1/repo-introspect

Decision evidence

public snapshot
AI called this Suspicious at 86.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • `src/index.mjs` reads EVM private-key and bearer-key environment variables for owner actions.
  • `src/index.mjs` sends owner keys or wallet signatures to the hosted SEXAI API.
  • `src/index.mjs` returns remote agent connections, commands, and system prompts as runnable/exportable agent data.
  • `.claude-plugin/plugin.json` registers an `npx -y sexai-mcp` MCP server for Claude.
  • `README.md` and `llms.txt` instruct users to add this MCP to multiple AI-agent clients.
Evidence against
  • `package.json` contains no preinstall, install, or postinstall lifecycle hook.
  • `src/index.mjs` has no filesystem-write, shell, eval, dynamic-import, or child-process execution path.
  • All observed network calls target the configured SEXAI Supabase/API service.
  • Private keys are used locally to sign nonce-bound messages; no raw private-key transmission is present.
  • `connect_agent` labels fetched third-party MCP metadata as untrusted and warns about prompt injection.
  • `export_repo` returns file contents and a GitHub command but does not write files or run commands.
Behavioral surface
Source
CryptoEnvironmentVarsNetwork
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 1 file(s), 46.1 KB of source, external domains: exdvtnqvbjkpknvwonid.supabase.co, github.com, img.shields.io, mcp.deepwiki.com, sexai.dev

Source & flagged code

2 flagged · loading source
src/index.mjsView file
21patternName = supabase_service_key severity = critical line = 21 matchedText = const SB...rE";
Critical
Critical Secret

Package contains a critical-looking secret pattern.

src/index.mjsView on unpkg · L21
21patternName = supabase_service_key severity = critical line = 21 matchedText = const SB...rE";
Critical
Secret Pattern

Supabase service role key (JWT) in src/index.mjs

src/index.mjsView on unpkg · L21

Findings

2 Critical2 Medium4 Low
CriticalCritical Secretsrc/index.mjs
CriticalSecret Patternsrc/index.mjs
MediumNetwork
MediumEnvironment Vars
LowNon Install Lifecycle Scripts
LowScripts Present
LowHigh Entropy Strings
LowUrl Strings