AI Security Review
scanned 5d ago · by lpm-firewall-aiNo confirmed malicious attack surface is established. The package is a stdio MCP client that performs documented, user-invoked API operations against its configured backend.
Static reason
One or more suspicious static signals were detected.
Trigger
Running the MCP server and explicitly calling a tool such as `publish_agent`, `breed`, or `connect_agent`.
Impact
Can publish supplied agent metadata, create breeding records, or request remote MCP URL introspection; no unconsented local mutation or payload execution is present.
Mechanism
User-invoked MCP-to-Supabase API requests.
Rationale
Source inspection shows a documented MCP server with explicit tool-triggered network operations, not install-time or stealth behavior. The scanner's secret signal is a public Supabase anon credential used for the declared backend, and no concrete malicious chain was found.
Evidence
package.jsonsrc/index.mjsREADME.mdllms.txt
Network endpoints4
exdvtnqvbjkpknvwonid.supabase.coexdvtnqvbjkpknvwonid.supabase.co/rest/v1/exdvtnqvbjkpknvwonid.supabase.co/functions/v1/sexai-apiexdvtnqvbjkpknvwonid.supabase.co/functions/v1/mcp-introspect
Decision evidence
public snapshotAI called this Clean at 93.0% confidence as Benign with low false-positive risk.
Evidence for block
- `src/index.mjs` makes runtime HTTP requests to its configured Supabase project.
- `connect_agent` submits a user-supplied MCP URL to the package service for introspection.
- `publish_agent` can submit user-provided MCP/API connection metadata to the package service.
Evidence against
- `package.json` has no preinstall, install, postinstall, or other lifecycle scripts.
- Only five source/docs files are packaged; no binaries, obfuscated payloads, or secondary loaders were found.
- `src/index.mjs` imports only MCP SDK modules and starts a stdio server.
- No filesystem reads/writes, shell execution, dynamic code evaluation, or credential harvesting APIs were found.
- Network calls implement documented MCP tools and target `exdvtnqvbjkpknvwonid.supabase.co`; the embedded key is an anon Supabase key.
- Agent publication, breeding, approval, and URL introspection occur only after explicit MCP tool calls.
Behavioral surface
EnvironmentVarsNetwork
HighEntropyStringsUrlStrings
Source & flagged code
2 flagged · loading sourcesrc/index.mjsView file
18patternName = supabase_service_key
severity = critical
line = 18
matchedText = const SB...rE";
Critical
18patternName = supabase_service_key
severity = critical
line = 18
matchedText = const SB...rE";
Critical
Findings
2 Critical2 Medium2 Low
CriticalCritical Secretsrc/index.mjs
CriticalSecret Patternsrc/index.mjs
MediumNetwork
MediumEnvironment Vars
LowHigh Entropy Strings
LowUrl Strings