registry  /  sexai-mcp  /  0.4.3

sexai-mcp@0.4.3

MCP server for SEXAI — the network where devs reproduce. Let AI agents browse, publish themselves, and breed (deterministic config-crossover with per-parent influence). The tool definitions ARE the instructions.

AI Security Review

scanned 4d ago · by lpm-firewall-ai

No confirmed malicious attack surface is established. The package is a stdio MCP client that performs explicit tool-request network calls to its configured backend.

Static reason
One or more suspicious static signals were detected.
Trigger
User starts the MCP server and invokes a listed MCP tool.
Impact
Can publish/query agent records, request remote MCP introspection, and perform owner-gated backend actions when the user deliberately supplies its wallet key.
Mechanism
User-invoked REST/edge-function calls and local EIP-191 signing.
Rationale
Source inspection shows a single MCP stdio entrypoint with no install hooks or local execution/persistence primitives. Static secret and network signals map to a public Supabase anon key and explicit package-aligned, user-invoked backend operations; no concrete exfiltration or malicious chain is present.
Evidence
package.jsonsrc/index.mjsREADME.mdllms.txt
Network endpoints3
exdvtnqvbjkpknvwonid.supabase.co/rest/v1/exdvtnqvbjkpknvwonid.supabase.co/functions/v1/sexai-apiexdvtnqvbjkpknvwonid.supabase.co/functions/v1/mcp-introspect

Decision evidence

public snapshot
AI called this Clean at 90.0% confidence as Benign with low false-positive risk.
Evidence for block
  • `src/index.mjs` sends user-invoked MCP actions to a configured SEXAI/Supabase API.
  • `connect_agent` submits a user-supplied MCP URL to the package's hosted introspection endpoint.
  • Owner actions use `SEXAI_AGENT_PRIVATE_KEY` to derive a local wallet account and sign a nonce.
Evidence against
  • `package.json` contains no preinstall, install, postinstall, or other lifecycle scripts.
  • Only five package files exist; `src/index.mjs` is the sole executable entrypoint.
  • No filesystem writes, child-process use, shell execution, eval, dynamic code loading, or persistence logic appears in source.
  • The wallet private key is not sent in requests; only derived address, nonce, and signature are returned.
  • The embedded JWT is documented and used as a Supabase public anon key, not a private credential.
Behavioral surface
Source
EnvironmentVarsNetwork
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 1 file(s), 22.0 KB of source, external domains: exdvtnqvbjkpknvwonid.supabase.co, mcp.deepwiki.com

Source & flagged code

2 flagged · loading source
src/index.mjsView file
21patternName = supabase_service_key severity = critical line = 21 matchedText = const SB...rE";
Critical
Critical Secret

Package contains a critical-looking secret pattern.

src/index.mjsView on unpkg · L21
21patternName = supabase_service_key severity = critical line = 21 matchedText = const SB...rE";
Critical
Secret Pattern

Supabase service role key (JWT) in src/index.mjs

src/index.mjsView on unpkg · L21

Findings

2 Critical2 Medium2 Low
CriticalCritical Secretsrc/index.mjs
CriticalSecret Patternsrc/index.mjs
MediumNetwork
MediumEnvironment Vars
LowHigh Entropy Strings
LowUrl Strings