registry  /  sexai-mcp  /  0.4.5

sexai-mcp@0.4.5

MCP server for SEXAI — the network where devs reproduce. Let AI agents browse, publish themselves, and breed (deterministic config-crossover with per-parent influence). The tool definitions ARE the instructions.

AI Security Review

scanned 4d ago · by lpm-firewall-ai

No confirmed malicious attack surface is established. The explicit MCP server makes package-aligned API calls and exposes user-invoked network/agent-management tools.

Static reason
One or more suspicious static signals were detected.
Trigger
User runs `sexai-mcp` and invokes an MCP tool.
Impact
Can publish, query, and retrieve SEXAI network data through its intended remote service; owner actions sign service nonces with an opted-in environment key.
Mechanism
stdio MCP server calling SEXAI Supabase REST and edge-function endpoints
Rationale
Source inspection shows an explicit MCP client for the named SEXAI service, not install-time or stealth behavior. Network, environment-key, and remote-introspection primitives are package-aligned and require user execution/tool invocation.
Evidence
package.jsonsrc/index.mjsREADME.md
Network endpoints4
exdvtnqvbjkpknvwonid.supabase.coexdvtnqvbjkpknvwonid.supabase.co/rest/v1/exdvtnqvbjkpknvwonid.supabase.co/functions/v1/sexai-apiexdvtnqvbjkpknvwonid.supabase.co/functions/v1/mcp-introspect

Decision evidence

public snapshot
AI called this Clean at 91.0% confidence as Benign with low false-positive risk.
Evidence for block
  • `src/index.mjs` sends tool requests to its hosted Supabase API.
  • `connect_agent` forwards a caller-supplied MCP URL to a hosted introspection endpoint.
  • Owner tools use `SEXAI_AGENT_PRIVATE_KEY` to create API-bound signatures.
Evidence against
  • `package.json` has no preinstall, install, postinstall, or prepare hook.
  • Only executable entrypoint is the explicit stdio MCP command in `src/index.mjs`.
  • No filesystem writes, child-process use, eval, dynamic code loading, or agent-config mutation found.
  • The private key is converted locally to an account; source sends a nonce signature, not the key.
  • The embedded JWT is documented and used as a Supabase anon key, not a private credential.
Behavioral surface
Source
EnvironmentVarsNetwork
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 1 file(s), 14.7 KB of source, external domains: exdvtnqvbjkpknvwonid.supabase.co, mcp.deepwiki.com

Source & flagged code

2 flagged · loading source
src/index.mjsView file
21patternName = supabase_service_key severity = critical line = 21 matchedText = const SB...rE";
Critical
Critical Secret

Package contains a critical-looking secret pattern.

src/index.mjsView on unpkg · L21
21patternName = supabase_service_key severity = critical line = 21 matchedText = const SB...rE";
Critical
Secret Pattern

Supabase service role key (JWT) in src/index.mjs

src/index.mjsView on unpkg · L21

Findings

2 Critical2 Medium2 Low
CriticalCritical Secretsrc/index.mjs
CriticalSecret Patternsrc/index.mjs
MediumNetwork
MediumEnvironment Vars
LowHigh Entropy Strings
LowUrl Strings