Is @leeoohoo/ui-apps-devkit safe to use?

@leeoohoo/ui-apps-devkit has a security risk score of 87.32/100 (CRITICAL risk). Our security analysis detected 75 findings. Review the detailed security assessment below to understand the specific risks before installation.

What are the security risks of @leeoohoo/ui-apps-devkit?

Based on our automated security analysis, @leeoohoo/ui-apps-devkit presents critical risk level. The extension is analyzed for malware patterns, secret exposure, network communications, permissions, and supply chain vulnerabilities.

How is the security score calculated?

Risky Plugins calculates security scores using weighted categories: severity of findings (25 points max), malware detections (35 points), secret exposure (28 points), network communications (10 points), and obfuscation (10 points). Scores range from 0-100, with higher scores indicating greater risk.

What does CRITICAL, HIGH, MEDIUM, LOW, MINIMAL risk mean?

CRITICAL (80-100): Severe security issues like malware. HIGH (60-79): Significant vulnerabilities. MEDIUM (40-59): Moderate security concerns. LOW (20-39): Minor issues. MINIMAL (0-19): Very low risk. Always review findings before installing any extension.

Is "@leeoohoo/ui-apps-devkit" on MCP Registry Safe to Install?

Name: @leeoohoo/ui-apps-devkit
Availability: InStock
Author: leeoohoo

leeoohoo · mcp · v0.1.14

ChatOS UI Apps DevKit (CLI + templates + sandbox) for building installable ChatOS UI Apps plugins.

Risk Assessment

Analyzed

87.32

out of 100

CRITICAL

75 security findings detected across all analyzers

MCP server analyzed for tool poisoning, prompt injection, and data exfiltration

Severity Breakdown

Critical

High

Medium

Low

Info

Finding Categories

Network

MCP Server Analysis

MCP servers expose tools and resources to AI assistants. Unlike browser extensions, they run as standalone processes with direct system access. Tool definitions are analyzed for prompt injection, data exfiltration, and tool poisoning patterns.

About This Extension

ChatOS UI Apps DevKit (CLI + templates + sandbox) for building installable ChatOS UI Apps plugins.

Detailed Findings

75 total

Security Analysis Summary

Security Analysis Overview

@leeoohoo/ui-apps-devkit is a mcp extension published by leeoohoo. Version 0.1.14 has been analyzed by the Risky Plugins security platform, receiving a risk score of 87.32/100 (CRITICAL risk) based on 75 security findings.

Risk Assessment

This extension presents critical security risk. Severe issues were detected, potentially including malware indicators, exposed secrets, or dangerous behaviors. Installation is strongly discouraged until these issues are addressed.

Findings Breakdown

High: 2 finding(s)
Medium: 9 finding(s)

What Was Analyzed

The security assessment covers multiple analysis categories:

Malware Detection: YARA rule matching against 2,400+ malware signatures
Secret Detection: Scanning for exposed API keys, tokens, and credentials
Static Analysis: Code-level security analysis for common vulnerability patterns
Network Analysis: Detection of suspicious network communications and endpoints
Obfuscation Detection: Identification of code obfuscation techniques

Developer Information

@leeoohoo/ui-apps-devkit is published by leeoohoo on the mcp marketplace.

Recommendation

This extension is not recommended for installation without thorough manual review. Consider alternatives with lower risk scores, or contact the developer to address the identified security concerns.

Source Code Viewer

Source Code Not Available

Source code is not available for this version of the extension.

Frequently Asked Questions

Similar Extensions

Related extensions from the same publisher or marketplace

@mseep/kintone-mcp-server

skydeckai

CRITICAL

source-map-parser-mcp

masonchow

CRITICAL

@vjlanguage/mcp-vj-docs

vjlanguage

CRITICAL

@paretools/http

dave212

CRITICAL

@gravitykit/gravitymcp

gravitykit

CRITICAL

@superdoc-dev/mcp

harbournick

CRITICAL

Risk Assessment

Severity Breakdown

Finding Categories

MCP Server Analysis

About This Extension

Detailed Findings

MCP-TOOL-FILESYSTEM-ACCESS-src/sandbox/server.js-346

MCP-TOOL-FILESYSTEM-ACCESS-src/sandbox/server.js-193

NET-FETCH-src/sandbox/server.js-2000

NET-FETCH-src/sandbox/server.js-1917

NET-FETCH-src/sandbox/server.js-1317

NET-FETCH-src/sandbox/server.js-1930

NET-FETCH-src/sandbox/server.js-1944

NET-FETCH-src/sandbox/server.js-614

NET-FETCH-src/sandbox/server.js-1553

NET-FETCH-src/sandbox/server.js-1343

NET-FETCH-src/sandbox/server.js-1404

HASH-bbe10eae023d694e

HASH-9df9b460579fb58f

HASH-e4b5ed4ea9cc9592

HASH-2986f6fef04e4617

HASH-a26e57dceddb0394

HASH-49be2dc1d2efc8af

HASH-2986f6fef04e4617

HASH-04276ce38f59c6b9

HASH-816b9afabb1222f8

HASH-d3b47d07e9cb31d7

HASH-35d8dbff23ec8e8f

HASH-e63d37c1edd19df1

HASH-78c93aedd6d4e1a5

HASH-70c8e9aeea34de59

HASH-6e23bf99939a4112

HASH-21655c2074ae4882

HASH-f1cf7b61b9fad03c

HASH-507ea1f62bb988a5

HASH-efa8efb71eae1639

HASH-38be9b8188cce989

HASH-49be2dc1d2efc8af

HASH-3dc2a983bde8913b

HASH-c61eddd165263400

HASH-5641f942799d8e69

HASH-44329a77eadfe144

HASH-fee6d97b47ba15fe

HASH-3b58b6653b5359c0

HASH-fc498bbac2afd6b4

HASH-6cd350e901282ac9

HASH-5788cabf4d800ec4

HASH-28babf6d54bb88e8

HASH-d6aa72fa5a62dabd

HASH-547c8be5b33fa3b7

HASH-13058e490978c0fa

HASH-63dbd5004fa68ed1

HASH-6e7b11822a1e0a27

HASH-c61eddd165263400

HASH-b4b69ebf189830fb

HASH-816b9afabb1222f8

HASH-505f1db8e1100212

HASH-70ac9ba4adc0c5ac

HASH-17e21ded0d067313

HASH-0606edac0b224129

HASH-28babf6d54bb88e8

HASH-e1eb8cb30246e152

HASH-8b3d2717caacc8ed

HASH-b8e6b578ee57a0c2

HASH-70ac9ba4adc0c5ac

HASH-792f1ee9391644f4

HASH-8cf25a4a54911065

HASH-9df9b460579fb58f

HASH-110bc029b0ba56da

HASH-3fde7f220d40cb5f

HASH-ade1b20529bbb211

HASH-8cc9f5ce48c3a91d

HASH-ade1b20529bbb211

HASH-5b760d0d7ea8f97e

HASH-69522b74e7a55654

HASH-c3b71f764cb7d2b9

HASH-8cc9f5ce48c3a91d

HASH-192f7f25eeaefeba

HASH-56f673b3749ee944

HASH-44ed0c4655374d17