Is @spec-driven-steroids/mcp malware?

@spec-driven-steroids/mcp shows significant security concerns with a undefined risk rating (NaN/100). While not confirmed malware, undefined high severity issues were detected. Use with caution.

What security issues does @spec-driven-steroids/mcp have?

Our analysis found undefined security indicators: undefined critical, undefined high, undefined medium severity. Key issues include: Malware Signature, Malware Signature, Malware Signature.

Should I uninstall @spec-driven-steroids/mcp?

Consider uninstalling @spec-driven-steroids/mcp or finding a safer alternative. The extension has undefined high severity security issues that warrant concern. Review the detailed findings before continuing to use it.

HIGH RISK NaN/100

@spec-driven-steroids/mcp

Unknown developer

Threat Summary

Risk Level

Critical Issues

High Issues

Total Findings

Key Security Threats

HIGH Malware Signature

YARA rule match: -postinstall_system_command

/tmp/extract-765c48d9b8cbc31854c8d8d87cccc377b0e9910d4bfb8b5600ebc985446a77a7-2817929965/dist/index.d.ts

HIGH Malware Signature

YARA rule match: -postinstall_file_manipulation

/tmp/extract-765c48d9b8cbc31854c8d8d87cccc377b0e9910d4bfb8b5600ebc985446a77a7-2817929965/dist/index.js

HIGH Malware Signature

YARA rule match: -postinstall_network_communication

/tmp/extract-765c48d9b8cbc31854c8d8d87cccc377b0e9910d4bfb8b5600ebc985446a77a7-2817929965/dist/index.js

HIGH Malware Signature

YARA rule match: -postinstall_system_command

/tmp/extract-765c48d9b8cbc31854c8d8d87cccc377b0e9910d4bfb8b5600ebc985446a77a7-2817929965/dist/index.js

HIGH Malware Signature

YARA rule match: -postinstall_network_communication

/tmp/extract-765c48d9b8cbc31854c8d8d87cccc377b0e9910d4bfb8b5600ebc985446a77a7-2817929965/LICENSE

All Findings (23)

View all 23 security findings

Malware Signature

YARA rule match: -postinstall_system_command

Malware Signature

YARA rule match: -postinstall_file_manipulation

Malware Signature

YARA rule match: -postinstall_network_communication

Malware Signature

YARA rule match: -postinstall_system_command

Malware Signature

YARA rule match: -postinstall_network_communication

filesystem-access

MCP tool poisoning risk: FILESYSTEM-ACCESS-dist/index.js-519

filesystem-access

MCP tool poisoning risk: FILESYSTEM-ACCESS-dist/index.js-531

filesystem-access

MCP tool poisoning risk: FILESYSTEM-ACCESS-dist/index.js-543

filesystem-access

MCP tool poisoning risk: FILESYSTEM-ACCESS-dist/index.js-95

Indicator of Compromise

XIOC detected Domain: requirements.md

Indicator of Compromise

XIOC detected Domain: gmail.com

Indicator of Compromise

XIOC detected Domain: readme.md

Indicator of Compromise

XIOC detected Email: [email protected]

Indicator of Compromise

XIOC detected URL: https://github.com/lindoelio/spec-driven-steroids.git

Indicator of Compromise

XIOC detected Domain: design.md

Indicator of Compromise

XIOC detected Domain: tasks.md

Indicator of Compromise

XIOC detected Domain: index.d.ts.map

Indicator of Compromise

XIOC detected Domain: skill.md

Indicator of Compromise

XIOC detected Domain: docs.design

Indicator of Compromise

XIOC detected Domain: index.js.map

Indicator of Compromise

XIOC detected Domain: github.com

metadata

HASH-12b2f95d90a1a793

metadata

HASH-18d19bc33c4b4fc7

Recommended Action

This extension has significant security concerns that warrant careful review. Consider uninstalling or finding a safer alternative. If you must use it, limit the permissions and monitor for suspicious activity.

View Full Security Report Find Safer Alternatives