registry  /  slashvibe-mcp  /  0.5.15

slashvibe-mcp@0.5.15

Social layer for Claude Code - DMs, presence, Matrix multiplayer rooms, and connection between AI-assisted developers

AI Security Review

scanned 3h ago · by lpm-firewall-ai

No confirmed malicious attack surface. The package is a Claude/MCP social collaboration server with user-invoked setup and package-aligned network activity.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs slashvibe-mcp as MCP server or explicitly runs setup/vibe_start tools.
Impact
Package-aligned presence, messaging, auth, and collaboration features; no install-time hijack, credential harvesting, or foreign control-surface mutation found.
Mechanism
MCP tools, OAuth token storage, slashvibe.dev API requests, optional user-invoked Claude MCP config update
Rationale
Static inspection found agent/MCP capabilities and networked collaboration features, but they are package-aligned, user-invoked, and not delivered by install-time lifecycle hooks. Scanner hints map to documented auth/API flows and redacted work-context sharing rather than concrete malware or unconsented control-surface hijack.
Evidence
package.jsoncli.jssetup.jsindex.jsconfig.jstools/start.jstools/_work-context.jstools/subscriptions.jsstore/api.js~/.claude.json~/Library/Application Support/Claude/claude_desktop_config.json~/.config/claude/config.json~/AppData/Roaming/Claude/claude_desktop_config.json~/.vibe/config.json~/.vibe/auth.json~/.vibe/.session_<pid>~/.vibe/vibe-repo
Network endpoints6
www.slashvibe.devslashvibe.devapi.twitter.comdiscord.com/api/v10graph.facebook.com/v18.0api.neynar.com/v2

Decision evidence

public snapshot
AI called this Clean at 86.0% confidence as Benign with low false-positive risk.
Evidence for block
    Evidence against
    • package.json has no npm lifecycle hooks; only bin entries cli.js/setup.js and main index.js.
    • setup.js writes Claude MCP config only when invoked via CLI setup/TTY, not at install time.
    • setup.js registers package-aligned MCP server command npx -y slashvibe-mcp@latest and saves auth under ~/.vibe/config.json.
    • index.js starts an MCP server and exposes social/presence/message tools; network calls target slashvibe.dev API.
    • tools/_work-context.js gathers limited git/project metadata with execFileSync, redaction, basename-only files, and timeout.
    • tools/subscriptions.js sends stored auth token only to configured slashvibe.dev subscription endpoint.
    Behavioral surface
    Source
    ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
    Supply chain
    HighEntropyStringsUrlStrings
    ManifestNo manifest risk signals triggered.
    scanned 243 file(s), 1.89 MB of source, external domains: api.neynar.com, api.pinata.cloud, api.telegram.org, api.twitter.com, basescan.org, bridge.vibe.network, conduit.xyz, discord.com, docs.neynar.com, docs.slashvibe.dev, eth.llamarpc.com, etherscan.io, example.com, explorer-testnet.vibe.network, explorer.vibe.network, fonts.googleapis.com, fonts.gstatic.com, github.com, graph.facebook.com, mainnet.base.org, my-project.vercel.app, neynar.com, opensea.io, rpc-testnet.vibe.network, rpc.vibe.network, sepolia.base.org, sepolia.basescan.org, slashvibe.dev, testnets.opensea.io, twitter.com, vibe.fyi, warpcast.com, www.slashvibe.dev, x.com, your-domain.com, yourapp.vercel.app

    Source & flagged code

    7 flagged · loading source
    tools/_work-context.test.jsView file
    83patternName = github_pat severity = critical line = 83 matchedText = const in...90';
    Critical
    Critical Secret

    Package contains a critical-looking secret pattern.

    tools/_work-context.test.jsView on unpkg · L83
    83patternName = github_pat severity = critical line = 83 matchedText = const in...90';
    Critical
    Secret Pattern

    GitHub personal access token in tools/_work-context.test.js

    tools/_work-context.test.jsView on unpkg · L83
    twitter.jsView file
    39.update(signatureBaseString) L40: .digest('base64'); L41: } ... L80: async function xRequest(method, endpoint, params = {}, body = null) { L81: const baseUrl = 'https://api.twitter.com'; L82: const url = `${baseUrl}${endpoint}`; ... L89: const fetchUrl = method === 'GET' && Object.keys(params).length > 0 L90: ? `${url}?${new URLSearchParams(params)}` L91: : url;
    Low
    Weak Crypto

    Package source references weak cryptographic algorithms.

    twitter.jsView on unpkg · L39
    tools/subscriptions.jsView file
    39const token = config.getToken(); L40: const apiUrl = process.env.VIBE_API_URL || 'https://www.slashvibe.dev'; L41: ... L51: L52: const result = await response.json(); L53: ... L72: `.trim(), L73: data: result L74: };
    High
    Credential Exfiltration

    Source combines credential-like environment material and outbound requests; review data flow before blocking.

    tools/subscriptions.jsView on unpkg · L39
    hooks/check-guest-messages.shView file
    path = hooks/check-guest-messages.sh kind = build_helper sizeBytes = 7800 magicHex = [redacted]
    Medium
    Ships Build Helper

    Package ships non-JavaScript build or shell helper files.

    hooks/check-guest-messages.shView on unpkg
    tools/start.jsView file
    matchType = previous_version_dangerous_delta matchedPackage = slashvibe-mcp@0.5.13 matchedIdentity = npm:c2xhc2h2aWJlLW1jcA:0.5.13 similarity = 0.983 summary = stored previous version shares package body but lacks this dangerous source file
    Critical
    Previous Version Dangerous Delta

    This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

    tools/start.jsView on unpkg
    tools/_work-context.manual-test.jsView file
    77patternName = github_pat severity = critical line = 77 matchedText = { input:...' },
    Critical
    Secret Pattern

    GitHub personal access token in tools/_work-context.manual-test.js

    tools/_work-context.manual-test.jsView on unpkg · L77

    Findings

    4 Critical1 High4 Medium5 Low
    CriticalCritical Secrettools/_work-context.test.js
    CriticalPrevious Version Dangerous Deltatools/start.js
    CriticalSecret Patterntools/_work-context.test.js
    CriticalSecret Patterntools/_work-context.manual-test.js
    HighCredential Exfiltrationtools/subscriptions.js
    MediumNetwork
    MediumEnvironment Vars
    MediumShips Build Helperhooks/check-guest-messages.sh
    MediumStructural Risk Force Deep Review
    LowScripts Present
    LowWeak Cryptotwitter.js
    LowFilesystem
    LowHigh Entropy Strings
    LowUrl Strings