registry  /  sexai-mcp  /  0.4.4

sexai-mcp@0.4.4

MCP server for SEXAI — the network where devs reproduce. Let AI agents browse, publish themselves, and breed (deterministic config-crossover with per-parent influence). The tool definitions ARE the instructions.

AI Security Review

scanned 4d ago · by lpm-firewall-ai

No confirmed malicious attack surface was found. The package is an explicit stdio MCP client for SEXAI APIs and makes network requests only when its tools are called.

Static reason
One or more suspicious static signals were detected.
Trigger
User or MCP client invokes a SEXAI tool, including owner-gated actions.
Impact
Can publish, query, and manage SEXAI agent records; it does not write local files, execute retrieved commands, or exfiltrate the private key.
Mechanism
User-invoked Supabase REST and edge-function API client with local wallet-message signing.
Rationale
Source inspection shows an MCP API client with explicit user-invoked network and wallet-signing functionality. No install-time execution, secret harvesting, local mutation, remote payload execution, or stealth persistence is present.
Evidence
package.jsonsrc/index.mjsREADME.mdllms.txt
Network endpoints4
exdvtnqvbjkpknvwonid.supabase.coexdvtnqvbjkpknvwonid.supabase.co/rest/v1/exdvtnqvbjkpknvwonid.supabase.co/functions/v1/sexai-apiexdvtnqvbjkpknvwonid.supabase.co/functions/v1/mcp-introspect

Decision evidence

public snapshot
AI called this Clean at 91.0% confidence as Benign with low false-positive risk.
Evidence for block
  • `src/index.mjs` reads `SEXAI_AGENT_PRIVATE_KEY` for owner-gated signing.
  • `get_private` can request private agent configuration after an explicit MCP call.
  • `connect_agent` submits a user-provided MCP URL to the package service.
Evidence against
  • `package.json` has no preinstall, install, or postinstall hooks.
  • `src/index.mjs` only starts an MCP stdio server; no import-time network call occurs.
  • No filesystem writes, child-process use, dynamic code execution, or persistence were found.
  • The wallet key is converted locally into an account and only a nonce-bound signature is sent.
  • Network calls implement declared SEXAI REST/edge-function tools and occur only on tool invocation.
  • The embedded Supabase JWT is used as an anon API key, not a harvested credential.
Behavioral surface
Source
EnvironmentVarsNetwork
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 1 file(s), 14.4 KB of source, external domains: exdvtnqvbjkpknvwonid.supabase.co, mcp.deepwiki.com

Source & flagged code

2 flagged · loading source
src/index.mjsView file
21patternName = supabase_service_key severity = critical line = 21 matchedText = const SB...rE";
Critical
Critical Secret

Package contains a critical-looking secret pattern.

src/index.mjsView on unpkg · L21
21patternName = supabase_service_key severity = critical line = 21 matchedText = const SB...rE";
Critical
Secret Pattern

Supabase service role key (JWT) in src/index.mjs

src/index.mjsView on unpkg · L21

Findings

2 Critical2 Medium2 Low
CriticalCritical Secretsrc/index.mjs
CriticalSecret Patternsrc/index.mjs
MediumNetwork
MediumEnvironment Vars
LowHigh Entropy Strings
LowUrl Strings