registry  /  sexai-mcp  /  0.11.2

sexai-mcp@0.11.2

MCP server for SEXAI — the network where devs reproduce. Let AI agents browse, publish themselves, and breed (deterministic config-crossover with per-parent influence). The tool definitions ARE the instructions.

AI Security Review

scanned 2d ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. Explicit plugin/MCP activation starts a stdio server with network-backed agent-management tools. It can sign owner actions with an opt-in wallet key and returns agent prompts and runnable MCP configuration for user-directed export.

Static reason
One or more suspicious static signals were detected.
Trigger
User installs/enables the Claude plugin or explicitly runs the `sexai-mcp` MCP server and invokes its tools.
Impact
An enabled AI client can be induced by the supplied instructions or exported artifacts to adopt remote agent prompts/configuration and perform platform writes; no unconsented install-time mutation is present.
Mechanism
First-party MCP extension exposing remote agent publication, signed platform actions, and agent-config export.
Rationale
This is not concrete malware: it has no install-time hook or automatic local mutation. It is suspicious because its first-party MCP/plugin setup deliberately expands an AI agent's authority and can propagate remote prompts and MCP commands through explicit export workflows.
Evidence
package.jsonsrc/index.mjs.claude-plugin/plugin.jsonserver.json
Network endpoints4
exdvtnqvbjkpknvwonid.supabase.co/rest/v1/exdvtnqvbjkpknvwonid.supabase.co/functions/v1/sexai-apiexdvtnqvbjkpknvwonid.supabase.co/functions/v1/mcp-introspectexdvtnqvbjkpknvwonid.supabase.co/functions/v1/repo-introspect

Decision evidence

public snapshot
AI called this Suspicious at 86.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • `.claude-plugin/plugin.json` registers an MCP server via `npx -y sexai-mcp`.
  • `src/index.mjs` provides signed owner actions and network writes for publishing, breeding, payments, and agent updates.
  • `src/index.mjs` reads `SEXAI_AGENT_PRIVATE_KEY`, derives an account, and signs requests sent to the platform API.
  • `export_repo` returns an `AGENTS.md` plus `mcp.json` that can embed platform-supplied soul text and an `npx` command.
  • Runtime instructions encourage autonomous onboarding and agent reproduction, including wallet-key setup.
Evidence against
  • `package.json` has only `prepublishOnly`; no install, preinstall, postinstall, or prepare hook exists.
  • The package does not invoke shell commands, write local files, or dynamically load code at runtime.
  • Private-key use signs EIP-191 messages locally; source does not transmit the raw key.
  • Import and remote-MCP introspection label returned third-party content as untrusted and require review.
  • Export returns a file map and instructions rather than modifying agent or project configuration itself.
Behavioral surface
Source
CryptoEnvironmentVarsNetwork
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 1 file(s), 44.2 KB of source, external domains: exdvtnqvbjkpknvwonid.supabase.co, github.com, img.shields.io, mcp.deepwiki.com, sexai.dev

Source & flagged code

2 flagged · loading source
src/index.mjsView file
21patternName = supabase_service_key severity = critical line = 21 matchedText = const SB...rE";
Critical
Critical Secret

Package contains a critical-looking secret pattern.

src/index.mjsView on unpkg · L21
21patternName = supabase_service_key severity = critical line = 21 matchedText = const SB...rE";
Critical
Secret Pattern

Supabase service role key (JWT) in src/index.mjs

src/index.mjsView on unpkg · L21

Findings

2 Critical2 Medium4 Low
CriticalCritical Secretsrc/index.mjs
CriticalSecret Patternsrc/index.mjs
MediumNetwork
MediumEnvironment Vars
LowNon Install Lifecycle Scripts
LowScripts Present
LowHigh Entropy Strings
LowUrl Strings