registry  /  slashvibe-mcp  /  0.5.7

slashvibe-mcp@0.5.7

Social layer for Claude Code - DMs, presence, Matrix multiplayer rooms, and connection between AI-assisted developers

AI Security Review

scanned 2d ago · by lpm-firewall-ai

No confirmed malicious attack surface was found. Network calls, config writes, local auth storage, git inspection, and optional hook helpers are aligned with the advertised /vibe MCP collaboration product and require runtime/user-invoked actions.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs the MCP server or setup command, then invokes vibe tools/authentication.
Impact
Stores auth/config under ~/.vibe, sends social/presence/messaging data to slashvibe.dev, and can add a Claude MCP server entry during setup.
Mechanism
User-invoked MCP social client with OAuth, presence, messaging, and optional local configuration writes.
Rationale
Static source inspection found broad network and local configuration behavior, but it is tied to the package's declared MCP social/collaboration functionality and user-invoked setup/auth flows. No lifecycle execution, hidden exfiltration, destructive persistence, or unconsented AI-agent control-surface mutation was identified.
Evidence
package.jsoncli.jssetup.jsindex.jstools/init.jstools/start.jstools/subscriptions.jstools/_work-context.jshooks/check-guest-messages.shhooks/check-guest-messages.jsconfig.jsstore/api.js~/.vibe/config.json~/.vibe/.session_<pid>~/.claude.json~/Library/Application Support/Claude/claude_desktop_config.json~/.config/claude/config.json~/AppData/Roaming/Claude/claude_desktop_config.json
Network endpoints7
www.slashvibe.devslashvibe.devapi.twitter.comdiscord.com/api/v10api.telegram.orgapi.neynar.com/v2localhost:7544

Decision evidence

public snapshot
AI called this Clean at 86.0% confidence as Benign with medium false-positive risk.
Evidence for block
    Evidence against
    • package.json has no preinstall/postinstall lifecycle scripts; bin entries are cli.js and setup.js only.
    • setup.js modifies Claude MCP config only when user runs setup/TTY CLI, adding npx slashvibe-mcp@latest for the advertised MCP server.
    • index.js starts an MCP server and exposes vibe_* social/presence/messaging tools; no import-time credential harvesting found.
    • tools/subscriptions.js sends the stored auth token only as Authorization to configured VIBE_API_URL/default slashvibe.dev for the subscription feature.
    • tools/_work-context.js gathers bounded git/project context, uses execFileSync with shell:false, redacts common secrets, and is used for presence context.
    • hooks/check-guest-messages.* are shipped helper hooks but are not installed by package lifecycle; injected external messages include safety warnings.
    Behavioral surface
    Source
    ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
    Supply chain
    HighEntropyStringsUrlStrings
    ManifestNo manifest risk signals triggered.
    scanned 238 file(s), 1.83 MB of source, external domains: api.neynar.com, api.pinata.cloud, api.telegram.org, api.twitter.com, basescan.org, bridge.vibe.network, conduit.xyz, discord.com, docs.neynar.com, docs.slashvibe.dev, eth.llamarpc.com, etherscan.io, example.com, explorer-testnet.vibe.network, explorer.vibe.network, fonts.googleapis.com, fonts.gstatic.com, github.com, graph.facebook.com, mainnet.base.org, my-project.vercel.app, neynar.com, opensea.io, rpc-testnet.vibe.network, rpc.vibe.network, sepolia.base.org, sepolia.basescan.org, slashvibe.dev, testnets.opensea.io, twitter.com, vibe.fyi, warpcast.com, www.slashvibe.dev, x.com, your-domain.com, yourapp.vercel.app

    Source & flagged code

    7 flagged · loading source
    tools/_work-context.test.jsView file
    83patternName = github_pat severity = critical line = 83 matchedText = const in...90';
    Critical
    Critical Secret

    Package contains a critical-looking secret pattern.

    tools/_work-context.test.jsView on unpkg · L83
    83patternName = github_pat severity = critical line = 83 matchedText = const in...90';
    Critical
    Secret Pattern

    GitHub personal access token in tools/_work-context.test.js

    tools/_work-context.test.jsView on unpkg · L83
    twitter.jsView file
    39.update(signatureBaseString) L40: .digest('base64'); L41: } ... L80: async function xRequest(method, endpoint, params = {}, body = null) { L81: const baseUrl = 'https://api.twitter.com'; L82: const url = `${baseUrl}${endpoint}`; ... L89: const fetchUrl = method === 'GET' && Object.keys(params).length > 0 L90: ? `${url}?${new URLSearchParams(params)}` L91: : url;
    Low
    Weak Crypto

    Package source references weak cryptographic algorithms.

    twitter.jsView on unpkg · L39
    tools/subscriptions.jsView file
    39const token = config.getToken(); L40: const apiUrl = process.env.VIBE_API_URL || 'https://www.slashvibe.dev'; L41: ... L51: L52: const result = await response.json(); L53: ... L72: `.trim(), L73: data: result L74: };
    High
    Credential Exfiltration

    Source combines credential-like environment material and outbound requests; review data flow before blocking.

    tools/subscriptions.jsView on unpkg · L39
    hooks/check-guest-messages.shView file
    path = hooks/check-guest-messages.sh kind = build_helper sizeBytes = 7800 magicHex = [redacted]
    Medium
    Ships Build Helper

    Package ships non-JavaScript build or shell helper files.

    hooks/check-guest-messages.shView on unpkg
    tools/init.jsView file
    matchType = previous_version_dangerous_delta matchedPackage = slashvibe-mcp@0.5.5 matchedIdentity = npm:c2xhc2h2aWJlLW1jcA:0.5.5 similarity = 0.983 summary = stored previous version shares package body but lacks this dangerous source file
    Critical
    Previous Version Dangerous Delta

    This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

    tools/init.jsView on unpkg
    tools/_work-context.manual-test.jsView file
    77patternName = github_pat severity = critical line = 77 matchedText = { input:...' },
    Critical
    Secret Pattern

    GitHub personal access token in tools/_work-context.manual-test.js

    tools/_work-context.manual-test.jsView on unpkg · L77

    Findings

    4 Critical1 High4 Medium5 Low
    CriticalCritical Secrettools/_work-context.test.js
    CriticalPrevious Version Dangerous Deltatools/init.js
    CriticalSecret Patterntools/_work-context.test.js
    CriticalSecret Patterntools/_work-context.manual-test.js
    HighCredential Exfiltrationtools/subscriptions.js
    MediumNetwork
    MediumEnvironment Vars
    MediumShips Build Helperhooks/check-guest-messages.sh
    MediumStructural Risk Force Deep Review
    LowScripts Present
    LowWeak Cryptotwitter.js
    LowFilesystem
    LowHigh Entropy Strings
    LowUrl Strings