registry  /  tower-mcp  /  0.1.2

tower-mcp@0.1.2

Air-traffic control for AI agents editing a shared repo — semantic pre-flight collision detection over MCP. Model-agnostic (Claude Code, Cursor, Codex).

AI Security Review

scanned 3h ago · by lpm-firewall-ai

No confirmed malicious attack surface. The explicit CLI persists coordination state under `.tower` and can connect to a user-configured remote Tower MCP endpoint.

Static reason
No blocking static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs `tower init`, `claim`, `guard`, or `serve`.
Impact
Creates local coordination state and, when explicitly configured, sends claim data to `TOWER_URL`.
Mechanism
Local agent-work coordination with optional configured MCP transport.
Rationale
Source inspection shows a user-invoked coordination CLI, not install-time or stealth behavior. Its agent configuration and hook references are printed templates only, while network use is explicitly configured.
Evidence
package.jsondist/index.jsdist/commands.jsdist/lib.jsdist/remote.js.tower/policy.yaml.tower/tower.db.tower/claim-id

Decision evidence

public snapshot
AI called this Clean at 98.0% confidence as Benign with low false-positive risk.
Evidence for block
    Evidence against
    • `package.json` has no lifecycle scripts; only a user-invoked `tower` bin.
    • `dist/index.js` writes only local `.tower` policy, SQLite state, and claim-id files.
    • `cmdInit` prints MCP/hook setup text but does not modify `.mcp.json`, agent rules, or Git hooks.
    • Remote MCP use requires explicit `TOWER_URL`; only its configured endpoint receives claim metadata and optional bearer token.
    • HTTP serving defaults to `127.0.0.1`; non-local access requires `TOWER_TOKEN`.
    • No child-process execution, eval/vm, destructive file operations, or credential harvesting found.
    Behavioral surface
    Source
    ChildProcessCryptoEnvironmentVarsFilesystem
    Supply chain
    HighEntropyStrings
    ManifestNo manifest risk signals triggered.
    scanned 5 file(s), 82.0 KB of source

    Source & flagged code

    1 flagged · loading source
    dist/commands.jsView file
    matchType = previous_version_dangerous_delta matchedPackage = tower-mcp@0.1.1 matchedIdentity = npm:dG93ZXItbWNw:0.1.1 similarity = 0.500 summary = stored previous version shares package body but lacks this dangerous source file
    High
    Previous Version Dangerous Delta

    This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

    dist/commands.jsView on unpkg

    Findings

    1 High1 Medium3 Low
    HighPrevious Version Dangerous Deltadist/commands.js
    MediumEnvironment Vars
    LowScripts Present
    LowFilesystem
    LowHigh Entropy Strings