registry  /  slashvibe-mcp  /  0.5.13

slashvibe-mcp@0.5.13

Social layer for Claude Code - DMs, presence, Matrix multiplayer rooms, and connection between AI-assisted developers

AI Security Review

scanned 11h ago · by lpm-firewall-ai

No confirmed malicious attack surface. The package is an MCP social/collaboration server with user-invoked setup and authenticated runtime network features.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs npx slashvibe-mcp setup or configures/runs the MCP server.
Impact
Registers the vibe MCP server, stores vibe auth/session data, and exchanges presence/messages with configured services.
Mechanism
user-invoked MCP setup and package-aligned API communication
Rationale
The risky primitives are aligned with an explicitly invoked MCP collaboration tool and are not delivered through npm lifecycle execution or hidden import-time control-surface mutation. Source inspection found user-visible setup, package-owned config/state, and package-aligned network behavior rather than credential theft, persistence, destructive behavior, or unconsented agent control hijack.
Evidence
package.jsoncli.jssetup.jsindex.jspresence.jsconfig.jsstore/api.jstools/init.jstools/cc-insights.jstools/lib/git-bundle.jstools/_work-context.test.js~/.claude.json~/Library/Application Support/Claude/claude_desktop_config.json~/.config/claude/config.json~/AppData/Roaming/Claude/claude_desktop_config.json~/.vibe/config.json~/.vibe/auth.json~/.vibe/.session_<pid>
Network endpoints11
www.slashvibe.devslashvibe.devlocalhost:9876localhost:7544api.twitter.comx.comapi.neynar.com/v2rpc.vibe.networkrpc-testnet.vibe.networkexplorer.vibe.networkexplorer-testnet.vibe.network

Decision evidence

public snapshot
AI called this Clean at 84.0% confidence as Benign with low false-positive risk.
Evidence for block
  • setup.js user-invoked setup writes Claude MCP config under home config paths and registers npx slashvibe-mcp@latest.
  • index.js starts presence heartbeat and guest-message polling when run as MCP server for an initialized user.
  • tools/cc-insights.js can upload Claude Code insight JSON, but only via explicit vibe_cc_upload tool.
Evidence against
  • package.json has no preinstall/install/postinstall lifecycle hooks.
  • cli.js routes TTY use to setup.js or MCP server; no install-time execution.
  • Network calls are package-aligned to slashvibe.dev, local OAuth callback, Matrix local bot, Twitter/X, Farcaster, Telegram, Discord, and Vibe L2 endpoints.
  • tools/_work-context.test.js contains synthetic secret patterns for redaction tests, not live credentials.
  • config.js stores package auth/session state in ~/.vibe and does not harvest unrelated credentials.
  • No broad lifecycle mutation, persistence hook, destructive action, or remote code execution found.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 242 file(s), 1.88 MB of source, external domains: api.neynar.com, api.pinata.cloud, api.telegram.org, api.twitter.com, basescan.org, bridge.vibe.network, conduit.xyz, discord.com, docs.neynar.com, docs.slashvibe.dev, eth.llamarpc.com, etherscan.io, example.com, explorer-testnet.vibe.network, explorer.vibe.network, fonts.googleapis.com, fonts.gstatic.com, github.com, graph.facebook.com, mainnet.base.org, my-project.vercel.app, neynar.com, opensea.io, rpc-testnet.vibe.network, rpc.vibe.network, sepolia.base.org, sepolia.basescan.org, slashvibe.dev, testnets.opensea.io, twitter.com, vibe.fyi, warpcast.com, www.slashvibe.dev, x.com, your-domain.com, yourapp.vercel.app

Source & flagged code

7 flagged · loading source
tools/_work-context.test.jsView file
83patternName = github_pat severity = critical line = 83 matchedText = const in...90';
Critical
Critical Secret

Package contains a critical-looking secret pattern.

tools/_work-context.test.jsView on unpkg · L83
83patternName = github_pat severity = critical line = 83 matchedText = const in...90';
Critical
Secret Pattern

GitHub personal access token in tools/_work-context.test.js

tools/_work-context.test.jsView on unpkg · L83
twitter.jsView file
39.update(signatureBaseString) L40: .digest('base64'); L41: } ... L80: async function xRequest(method, endpoint, params = {}, body = null) { L81: const baseUrl = 'https://api.twitter.com'; L82: const url = `${baseUrl}${endpoint}`; ... L89: const fetchUrl = method === 'GET' && Object.keys(params).length > 0 L90: ? `${url}?${new URLSearchParams(params)}` L91: : url;
Low
Weak Crypto

Package source references weak cryptographic algorithms.

twitter.jsView on unpkg · L39
tools/subscriptions.jsView file
39const token = config.getToken(); L40: const apiUrl = process.env.VIBE_API_URL || 'https://www.slashvibe.dev'; L41: ... L51: L52: const result = await response.json(); L53: ... L72: `.trim(), L73: data: result L74: };
High
Credential Exfiltration

Source combines credential-like environment material and outbound requests; review data flow before blocking.

tools/subscriptions.jsView on unpkg · L39
hooks/check-guest-messages.shView file
path = hooks/check-guest-messages.sh kind = build_helper sizeBytes = 7800 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

hooks/check-guest-messages.shView on unpkg
tools/init.jsView file
matchType = previous_version_dangerous_delta matchedPackage = slashvibe-mcp@0.5.12 matchedIdentity = npm:c2xhc2h2aWJlLW1jcA:0.5.12 similarity = 0.975 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

tools/init.jsView on unpkg
tools/_work-context.manual-test.jsView file
77patternName = github_pat severity = critical line = 77 matchedText = { input:...' },
Critical
Secret Pattern

GitHub personal access token in tools/_work-context.manual-test.js

tools/_work-context.manual-test.jsView on unpkg · L77

Findings

4 Critical1 High4 Medium5 Low
CriticalCritical Secrettools/_work-context.test.js
CriticalPrevious Version Dangerous Deltatools/init.js
CriticalSecret Patterntools/_work-context.test.js
CriticalSecret Patterntools/_work-context.manual-test.js
HighCredential Exfiltrationtools/subscriptions.js
MediumNetwork
MediumEnvironment Vars
MediumShips Build Helperhooks/check-guest-messages.sh
MediumStructural Risk Force Deep Review
LowScripts Present
LowWeak Cryptotwitter.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings