@messengerflow/mcp-server
Unknown developer
Threat Summary
Key Security Threats
MCP tool poisoning risk: CREDENTIAL-ACCESS-dist/index.js-13801
dist/index.js:13801
MCP tool poisoning risk: CREDENTIAL-ACCESS-dist/index.js-13
dist/index.js:13
MCP tool poisoning risk: CREDENTIAL-ACCESS-dist/index.js-13
dist/index.js:13
YARA rule match: -credential_env_files
/tmp/extract-6612330d42a5f91419193e1255fb3ac1ee15ea435cf1a8f6d787d0eecf1763dd-809212187/dist/index.js
YARA rule match: -postinstall_crypto_operations
/tmp/extract-6612330d42a5f91419193e1255fb3ac1ee15ea435cf1a8f6d787d0eecf1763dd-809212187/dist/index.js
All Findings (113)
View all 113 security findings
MCP tool poisoning risk: CREDENTIAL-ACCESS-dist/index.js-13801
MCP tool poisoning risk: CREDENTIAL-ACCESS-dist/index.js-13
MCP tool poisoning risk: CREDENTIAL-ACCESS-dist/index.js-13
YARA rule match: -credential_env_files
YARA rule match: -postinstall_crypto_operations
YARA rule match: -postinstall_obfuscation
YARA rule match: -postinstall_file_manipulation
YARA rule match: -postinstall_network_communication
YARA rule match: -postinstall_file_download
YARA rule match: -postinstall_registry_modification
YARA rule match: -postinstall_system_command
YARA rule match: -NoUseWeakRandom
MCP tool poisoning risk: CREDENTIAL-ACCESS-dist/index.js-14
YARA rule match: -postinstall_file_manipulation
YARA rule match: -postinstall_network_communication
YARA rule match: -postinstall_system_command
Network call of type 'socket_io' detected.
MCP tool poisoning risk: NETWORK-ACCESS-dist/index.js-13832
Network call of type 'fetch' detected.
XIOC detected IP: ::
XIOC detected Domain: issue2.errors.map
XIOC detected URL: http://json-schema.org/draft-04/schema#
XIOC detected URL: https://json-schema.org/draft/2020-12/schema
XIOC detected URL: http://json-schema.org/draft-07/schema#
XIOC detected URL: http://json-schema.org/draft-04/schema#
XIOC detected URL: https://auth.messengerflow.com/realms/messengerflow
XIOC detected URL: https://img.shields.io/npm/v/@messengerflow/mcp-server)](https://www.npmjs.com/package/@messengerflow/mcp-server)
XIOC detected URL: https://messengerflow.com)
XIOC detected URL: https://mcp.messengerflow.com/mcp
XIOC detected URL: https://app.messengerflow.com/api/v1
XIOC detected URL: https://app.messengerflow.com)
XIOC detected URL: https://app.messengerflow.com/api/v1
XIOC detected URL: http://[$
XIOC detected Domain: numberschema.gt
XIOC detected Domain: numberschema.lt
XIOC detected Domain: schema.properties
XIOC detected Domain: prefixitems.map
XIOC detected Domain: items.map
XIOC detected Domain: schema.anyof.map
XIOC detected Domain: schema.oneof.map
XIOC detected Domain: inst.rest
XIOC detected Domain: inst.in
XIOC detected URL: https://json-schema.org/draft/2020-12/schema
XIOC detected URL: http://json-schema.org/draft-07/schema#
XIOC detected Domain: type.map
XIOC detected Domain: z.email
XIOC detected Domain: z.iso.date
XIOC detected Domain: checks.map
XIOC detected Domain: inst.email
XIOC detected Domain: inst.date
XIOC detected Domain: inst.gt
XIOC detected Domain: inst.lt
XIOC detected Domain: inst.int
XIOC detected Domain: inst.safe
XIOC detected Domain: mime.map
XIOC detected Domain: json2.properties
XIOC detected Domain: def.items.map
XIOC detected Domain: ctx2.target
XIOC detected Domain: this.ctx.target
XIOC detected Domain: this.ctx.io
XIOC detected Domain: params.io
XIOC detected Domain: params.case
XIOC detected Domain: truthyarray.map
XIOC detected Domain: falsyarray.map
XIOC detected Domain: ctx.io
XIOC detected Domain: ctx.target
XIOC detected Domain: schema.id
XIOC detected Domain: regexes.map
XIOC detected Domain: def.in
XIOC detected Domain: def.parts
XIOC detected Domain: sizing.unit.one
XIOC detected Domain: issue2.values.map
XIOC detected Domain: meta3.id
XIOC detected Domain: pm.id
XIOC detected Domain: values.map
XIOC detected Domain: merged.data
XIOC detected Domain: def.rest
XIOC detected Domain: keyresult.issues.map
XIOC detected Domain: valueresult.issues.map
XIOC detected Domain: def.values.map
XIOC detected Domain: inst.constructor.name
XIOC detected Domain: result2.issues.map
XIOC detected Domain: content.map
XIOC detected Domain: r.data
XIOC detected Domain: catchall.run
XIOC detected Domain: results.map
XIOC detected Domain: def.options.map
XIOC detected Domain: patterns.map
XIOC detected Domain: sharedvalue.data
XIOC detected Domain: enumvalues.map
XIOC detected Domain: curr.properties
XIOC detected Domain: path.map
XIOC detected Domain: zod.run
XIOC detected Domain: result.issues.map
XIOC detected Domain: def.property
XIOC detected Domain: lines.map
XIOC detected Domain: this.name
XIOC detected Domain: array2.map
XIOC detected Domain: keys.map
XIOC detected Domain: object.prototype.hasownproperty.call
XIOC detected Domain: issues.map
XIOC detected Domain: obj.constructor.name
XIOC detected Domain: inst.name
XIOC detected Domain: img.shields.io
XIOC detected Domain: mcp.messengerflow.com
XIOC detected Domain: app.messengerflow.com
XIOC detected Domain: www.npmjs.com
XIOC detected Domain: messengerflow.com
XIOC detected Domain: json-schema.org
XIOC detected Domain: auth.messengerflow.com
XIOC detected Domain: cls.name
HASH-d2292eafdd1cf150
HASH-b647f4950dac0885
Recommended Action
This extension has significant security concerns that warrant careful review. Consider uninstalling or finding a safer alternative. If you must use it, limit the permissions and monitor for suspicious activity.