{"advisories":[{"id":"AGENTSCORE-2026-0054","package":"@axon-trading/mcp","old_version":"1.13.5","new_version":"1.14.0","old_score":95,"new_score":85,"old_risk":"LOW","new_risk":"LOW","findings":[{"type":"no_repository","detail":"Package has no repository link — source code is not verifiable","severity":"medium","recommendation":"Prefer packages with public source repositories"},{"type":"no_provenance","detail":"Package is not published with provenance attestations or trusted publishing. Published by: tytaninc7","severity":"low","recommendation":"Enable npm provenance via GitHub Actions to provide a verifiable build-to-publish chain"}],"affected_servers":[],"verdict":"allow","severity":"low","summary":"@axon-trading/mcp updated from 1.13.5 to 1.14.0. Score changed 95/100 to 85/100 (-10). Risk: LOW to LOW. 2 findings.","detected_at":"2026-05-25T00:00:37.398+00:00","published_at":"2026-05-25T00:00:37.481338+00:00"},{"id":"AGENTSCORE-2026-0053","package":"chrome-devtools-mcp","old_version":"0.26.0","new_version":"1.0.1","old_score":80,"new_score":60,"old_risk":"MODERATE","new_risk":"ELEVATED","findings":[{"file":"package/build/src/third_party/devtools-formatter-worker.js","type":"unsafe_eval","detail":"Uses eval() with dynamic input","severity":"high","recommendation":"Avoid eval with variables. Use JSON.parse or structured dispatch instead."},{"file":"package/build/src/third_party/index.js","type":"command_injection","detail":"Potential command injection: shell execution with template literal input","severity":"high","recommendation":"Sanitise all inputs to shell commands or use parameterised alternatives"}],"affected_servers":[],"verdict":"warn","severity":"high","summary":"chrome-devtools-mcp updated from 0.26.0 to 1.0.1. Score changed 80/100 to 60/100 (-20). Risk: MODERATE to ELEVATED. 2 findings.","detected_at":"2026-05-23T02:10:17.876+00:00","published_at":"2026-05-23T02:10:17.953609+00:00"},{"id":"AGENTSCORE-2026-0052","package":"hemmabo-mcp-server","old_version":"3.2.8","new_version":"3.2.11","old_score":100,"new_score":95,"old_risk":"LOW","new_risk":"LOW","findings":[{"type":"no_provenance","detail":"Package is not published with provenance attestations or trusted publishing. Published by: hemmabo","severity":"low","recommendation":"Enable npm provenance via GitHub Actions to provide a verifiable build-to-publish chain"}],"affected_servers":[],"verdict":"allow","severity":"low","summary":"hemmabo-mcp-server updated from 3.2.8 to 3.2.11. Score changed 100/100 to 95/100 (-5). Risk: LOW to LOW. 1 finding.","detected_at":"2026-05-23T00:40:17.962+00:00","published_at":"2026-05-23T00:40:18.212442+00:00"},{"id":"AGENTSCORE-2026-0051","package":"@socialneuron/mcp-server","old_version":"1.7.10","new_version":"1.7.12","old_score":100,"new_score":95,"old_risk":"LOW","new_risk":"LOW","findings":[{"type":"no_provenance","detail":"Package is not published with provenance attestations or trusted publishing. Published by: socialneuronteam","severity":"low","recommendation":"Enable npm provenance via GitHub Actions to provide a verifiable build-to-publish chain"}],"affected_servers":[],"verdict":"allow","severity":"low","summary":"@socialneuron/mcp-server updated from 1.7.10 to 1.7.12. Score changed 100/100 to 95/100 (-5). Risk: LOW to LOW. 1 finding.","detected_at":"2026-05-22T21:24:09.911+00:00","published_at":"2026-05-22T21:24:09.982865+00:00"},{"id":"AGENTSCORE-2026-0050","package":"beluz-qa","old_version":"0.4.0","new_version":"0.5.0","old_score":95,"new_score":90,"old_risk":"LOW","new_risk":"LOW","findings":[{"file":"package/dist/cli/doctor.js","type":"command_injection","detail":"Potential command injection: shell execution with template literal input (downgraded — mitigators detected in scope: sanitizer:path.join)","severity":"low","recommendation":"Sanitise all inputs to shell commands or use parameterised alternatives","mitigators_detected":["path.join"],"mitigation_categories":["sanitizer"],"severity_downgraded_from":"high"},{"type":"no_provenance","detail":"Package is not published with provenance attestations or trusted publishing. Published by: luz.gutierrez","severity":"low","recommendation":"Enable npm provenance via GitHub Actions to provide a verifiable build-to-publish chain"}],"affected_servers":[],"verdict":"allow","severity":"low","summary":"beluz-qa updated from 0.4.0 to 0.5.0. Score changed 95/100 to 90/100 (-5). Risk: LOW to LOW. 2 findings.","detected_at":"2026-05-22T20:06:09.981+00:00","published_at":"2026-05-22T20:06:10.224277+00:00"},{"id":"AGENTSCORE-2026-0049","package":"@diagrammo/dgmo-mcp","old_version":"0.1.20","new_version":"0.1.21","old_score":100,"new_score":95,"old_risk":"LOW","new_risk":"LOW","findings":[{"type":"no_provenance","detail":"Package is not published with provenance attestations or trusted publishing. Published by: demian0311","severity":"low","recommendation":"Enable npm provenance via GitHub Actions to provide a verifiable build-to-publish chain"}],"affected_servers":[],"verdict":"allow","severity":"low","summary":"@diagrammo/dgmo-mcp updated from 0.1.20 to 0.1.21. Score changed 100/100 to 95/100 (-5). Risk: LOW to LOW. 1 finding.","detected_at":"2026-05-21T02:18:09.564+00:00","published_at":"2026-05-21T02:18:09.61914+00:00"},{"id":"AGENTSCORE-2026-0048","package":"@mcp-guardian/server","old_version":"2.4.1","new_version":"2.9.0","old_score":85,"new_score":55,"old_risk":"LOW","new_risk":"ELEVATED","findings":[{"type":"install_script","detail":"Package has 'postinstall' script: node scripts/postinstall-windows.cjs","severity":"low","recommendation":"Install script detected but contains no obvious network calls"},{"type":"excessive_dependencies","detail":"Package has 27 runtime dependencies (high attack surface)","severity":"medium","recommendation":"Prefer packages with fewer dependencies"},{"file":"package/dist/clients/pricing-client.js","type":"command_injection","detail":"Potential command injection: shell execution with template literal input","severity":"high","recommendation":"Sanitise all inputs to shell commands or use parameterised alternatives"},{"file":"package/README.md","type":"unsafe_eval","detail":"Uses eval() with dynamic input (downgraded — mitigators detected in scope: test_fixture:.test.ts, documentation_context:```bash\n)","severity":"low","recommendation":"Avoid eval with variables. Use JSON.parse or structured dispatch instead.","mitigators_detected":[".test.ts","```bash\n","### A"],"mitigation_categories":["test_fixture","documentation_context"],"severity_downgraded_from":"high"},{"type":"no_provenance","detail":"Package is not published with provenance attestations or trusted publishing. Published by: rudraneel93","severity":"low","recommendation":"Enable npm provenance via GitHub Actions to provide a verifiable build-to-publish chain"}],"affected_servers":[],"verdict":"warn","severity":"high","summary":"@mcp-guardian/server updated from 2.4.1 to 2.9.0. Score changed 85/100 to 55/100 (-30). Risk: LOW to ELEVATED. 5 findings.","detected_at":"2026-05-20T19:00:37.152+00:00","published_at":"2026-05-20T19:00:37.226732+00:00"},{"id":"AGENTSCORE-2026-0047","package":"prism-mcp-server","old_version":"15.2.1","new_version":"15.4.0","old_score":85,"new_score":65,"old_risk":"LOW","new_risk":"ELEVATED","findings":[{"type":"excessive_dependencies","detail":"Package has 23 runtime dependencies (high attack surface)","severity":"medium","recommendation":"Prefer packages with fewer dependencies"},{"file":"package/dist/auth.js","type":"command_injection","detail":"Potential command injection: shell execution with template literal input","severity":"high","recommendation":"Sanitise all inputs to shell commands or use parameterised alternatives"},{"type":"no_provenance","detail":"Package is not published with provenance attestations or trusted publishing. Published by: dmitricostenco","severity":"low","recommendation":"Enable npm provenance via GitHub Actions to provide a verifiable build-to-publish chain"}],"affected_servers":[],"verdict":"warn","severity":"high","summary":"prism-mcp-server updated from 15.2.1 to 15.4.0. Score changed 85/100 to 65/100 (-20). Risk: LOW to ELEVATED. 3 findings.","detected_at":"2026-05-20T06:30:27.807+00:00","published_at":"2026-05-20T06:30:27.883511+00:00"},{"id":"AGENTSCORE-2026-0046","package":"mneme-ai","old_version":"2.12.0","new_version":"2.19.75","old_score":90,"new_score":50,"old_risk":"LOW","new_risk":"ELEVATED","findings":[{"type":"install_script","detail":"Package has 'postinstall' script: node bin/postinstall-mneme-lite.cjs","severity":"low","recommendation":"Install script detected but contains no obvious network calls"},{"type":"install_script","detail":"Package has 'preinstall' script: node -e \"try{const fs=require('node:fs');const path=require('node:path');const os=require('node:os');const{spawnSync}=require('node:child_process');const crypto=require('node:crypto');const w=process.","severity":"high","recommendation":"Review the install script for network calls or code execution"},{"file":"package/dist/commands/setup-free.js","type":"command_injection","detail":"Potential command injection: shell execution with template literal input","severity":"high","recommendation":"Sanitise all inputs to shell commands or use parameterised alternatives"},{"type":"no_provenance","detail":"Package is not published with provenance attestations or trusted publishing. Published by: mneme_npm","severity":"low","recommendation":"Enable npm provenance via GitHub Actions to provide a verifiable build-to-publish chain"}],"affected_servers":[],"verdict":"warn","severity":"high","summary":"mneme-ai updated from 2.12.0 to 2.19.75. Score changed 90/100 to 50/100 (-40). Risk: LOW to ELEVATED. 4 findings.","detected_at":"2026-05-19T14:10:19.148+00:00","published_at":"2026-05-19T14:10:19.231778+00:00"},{"id":"AGENTSCORE-2026-0045","package":"@antv/mcp-server-antv","old_version":"0.1.8","new_version":"0.2.8","old_score":100,"new_score":90,"old_risk":"LOW","new_risk":"LOW","findings":[{"type":"install_script","detail":"Package has 'preinstall' script: bun run index.js","severity":"low","recommendation":"Install script detected but contains no obvious network calls"},{"type":"no_provenance","detail":"Package is not published with provenance attestations or trusted publishing. Published by: atool","severity":"low","recommendation":"Enable npm provenance via GitHub Actions to provide a verifiable build-to-publish chain"}],"affected_servers":[],"verdict":"allow","severity":"low","summary":"@antv/mcp-server-antv updated from 0.1.8 to 0.2.8. Score changed 100/100 to 90/100 (-10). Risk: LOW to LOW. 2 findings.","detected_at":"2026-05-19T01:58:09.673+00:00","published_at":"2026-05-19T01:58:09.896031+00:00"},{"id":"AGENTSCORE-2026-0044","package":"beecork","old_version":"1.4.9","new_version":"1.7.0","old_score":75,"new_score":70,"old_risk":"MODERATE","new_risk":"MODERATE","findings":[{"type":"install_script","detail":"Package has 'postinstall' script: node scripts/postinstall.mjs","severity":"low","recommendation":"Install script detected but contains no obvious network calls"},{"file":"package/dist/cli/doctor.js","type":"command_injection","detail":"Potential command injection: shell execution with template literal input","severity":"high","recommendation":"Sanitise all inputs to shell commands or use parameterised alternatives"},{"type":"no_provenance","detail":"Package is not published with provenance attestations or trusted publishing. Published by: lbakhia","severity":"low","recommendation":"Enable npm provenance via GitHub Actions to provide a verifiable build-to-publish chain"}],"affected_servers":[],"verdict":"warn","severity":"high","summary":"beecork updated from 1.4.9 to 1.7.0. Score changed 75/100 to 70/100 (-5). Risk: MODERATE to MODERATE. 3 findings.","detected_at":"2026-05-18T16:10:18.861+00:00","published_at":"2026-05-18T16:10:19.120573+00:00"},{"id":"AGENTSCORE-2026-0043","package":"@riskstate/mcp-server","old_version":"1.0.5","new_version":"1.0.6","old_score":95,"new_score":85,"old_risk":"LOW","new_risk":"LOW","findings":[{"type":"no_repository","detail":"Package has no repository link — source code is not verifiable","severity":"medium","recommendation":"Prefer packages with public source repositories"},{"type":"no_provenance","detail":"Package is not published with provenance attestations or trusted publishing. Published by: likidodefi","severity":"low","recommendation":"Enable npm provenance via GitHub Actions to provide a verifiable build-to-publish chain"}],"affected_servers":[],"verdict":"allow","severity":"low","summary":"@riskstate/mcp-server updated from 1.0.5 to 1.0.6. Score changed 95/100 to 85/100 (-10). Risk: LOW to LOW. 2 findings.","detected_at":"2026-05-18T12:18:09.262+00:00","published_at":"2026-05-18T12:18:09.319186+00:00"},{"id":"AGENTSCORE-2026-0042","package":"dendrite-wiki-mcp","old_version":"0.4.0-alpha.1","new_version":"0.4.0-alpha.2","old_score":95,"new_score":85,"old_risk":"LOW","new_risk":"LOW","findings":[{"type":"excessive_dependencies","detail":"Package has 21 runtime dependencies (high attack surface)","severity":"medium","recommendation":"Prefer packages with fewer dependencies"},{"type":"no_provenance","detail":"Package is not published with provenance attestations or trusted publishing. Published by: mfillalan","severity":"low","recommendation":"Enable npm provenance via GitHub Actions to provide a verifiable build-to-publish chain"}],"affected_servers":[],"verdict":"allow","severity":"low","summary":"dendrite-wiki-mcp updated from 0.4.0-alpha.1 to 0.4.0-alpha.2. Score changed 95/100 to 85/100 (-10). Risk: LOW to LOW. 2 findings.","detected_at":"2026-05-18T11:20:20.374+00:00","published_at":"2026-05-18T11:20:20.453567+00:00"},{"id":"AGENTSCORE-2026-0041","package":"safari-mcp","old_version":"2.10.10","new_version":"2.11.0","old_score":70,"new_score":65,"old_risk":"MODERATE","new_risk":"ELEVATED","findings":[{"type":"install_script","detail":"Package has 'postinstall' script: node scripts/postinstall.cjs || true","severity":"low","recommendation":"Install script detected but contains no obvious network calls"},{"file":"package/scripts/postinstall.cjs","type":"command_injection","detail":"Potential command injection: shell execution with template literal input (downgraded — mitigators detected in scope: sanitizer:path.join, sanitizer:codesign)","severity":"low","recommendation":"Sanitise all inputs to shell commands or use parameterised alternatives","mitigators_detected":["path.join","codesign"],"mitigation_categories":["sanitizer"],"severity_downgraded_from":"high"},{"file":"package/extension/background.js","type":"unsafe_eval","detail":"Uses eval() with dynamic input","severity":"high","recommendation":"Avoid eval with variables. Use JSON.parse or structured dispatch instead."},{"type":"no_provenance","detail":"Package is not published with provenance attestations or trusted publishing. Published by: achiya","severity":"low","recommendation":"Enable npm provenance via GitHub Actions to provide a verifiable build-to-publish chain"}],"affected_servers":[],"verdict":"warn","severity":"high","summary":"safari-mcp updated from 2.10.10 to 2.11.0. Score changed 70/100 to 65/100 (-5). Risk: MODERATE to ELEVATED. 4 findings.","detected_at":"2026-05-18T06:30:23.233+00:00","published_at":"2026-05-18T06:30:23.286774+00:00"},{"id":"AGENTSCORE-2026-0040","package":"aiwg","old_version":"2026.5.7","new_version":"2026.5.8","old_score":95,"new_score":80,"old_risk":"LOW","new_risk":"MODERATE","findings":[{"file":"package/dist/src/config/cli.js","type":"command_injection","detail":"Potential command injection: shell execution with template literal input","severity":"high","recommendation":"Sanitise all inputs to shell commands or use parameterised alternatives"}],"affected_servers":[],"verdict":"warn","severity":"high","summary":"aiwg updated from 2026.5.7 to 2026.5.8. Score changed 95/100 to 80/100 (-15). Risk: LOW to MODERATE. 1 finding.","detected_at":"2026-05-18T05:24:11.014+00:00","published_at":"2026-05-18T05:24:11.068931+00:00"},{"id":"AGENTSCORE-2026-0039","package":"openchrome-mcp","old_version":"1.10.4","new_version":"1.12.2","old_score":75,"new_score":55,"old_risk":"MODERATE","new_risk":"ELEVATED","findings":[{"type":"command_injection","detail":"Potential command injection: shell execution with template literal input","severity":"high","recommendation":"Sanitise all inputs to shell commands or use parameterised alternatives"},{"type":"unsafe_eval","detail":"Uses eval() with dynamic input","severity":"high","recommendation":"Avoid eval with variables. Use JSON.parse or structured dispatch instead."},{"type":"no_provenance","detail":"Package is not published with provenance attestations or trusted publishing. Published by: shaun0927","severity":"low","recommendation":"Enable npm provenance via GitHub Actions to provide a verifiable build-to-publish chain"}],"affected_servers":[],"verdict":"warn","severity":"high","summary":"openchrome-mcp updated from 1.10.4 to 1.12.2. Score changed 75/100 to 55/100 (-20). Risk: MODERATE to ELEVATED. 3 findings.","detected_at":"2026-05-16T00:00:36.824+00:00","published_at":"2026-05-16T00:00:37.074815+00:00"},{"id":"AGENTSCORE-2026-0038","package":"@unerr-ai/unerr","old_version":"0.1.0","new_version":"0.1.1","old_score":55,"new_score":50,"old_risk":"ELEVATED","new_risk":"ELEVATED","findings":[{"type":"install_script","detail":"Package has 'postinstall' script: node scripts/postinstall.mjs || true","severity":"low","recommendation":"Install script detected but contains no obvious network calls"},{"type":"excessive_dependencies","detail":"Package has 45 runtime dependencies (high attack surface)","severity":"medium","recommendation":"Prefer packages with fewer dependencies"},{"type":"no_repository","detail":"Package has no repository link — source code is not verifiable","severity":"medium","recommendation":"Prefer packages with public source repositories"},{"type":"command_injection","detail":"Potential command injection: shell execution with template literal input","severity":"high","recommendation":"Sanitise all inputs to shell commands or use parameterised alternatives"},{"type":"no_provenance","detail":"Package is not published with provenance attestations or trusted publishing. Published by: jaswanth-unerr","severity":"low","recommendation":"Enable npm provenance via GitHub Actions to provide a verifiable build-to-publish chain"}],"affected_servers":[],"verdict":"warn","severity":"high","summary":"@unerr-ai/unerr updated from 0.1.0 to 0.1.1. Score changed 55/100 to 50/100 (-5). Risk: ELEVATED to ELEVATED. 5 findings.","detected_at":"2026-05-15T07:04:15.976+00:00","published_at":"2026-05-15T07:04:16.097148+00:00"},{"id":"AGENTSCORE-2026-0037","package":"@planu/cli","old_version":"3.8.0","new_version":"3.9.1","old_score":85,"new_score":65,"old_risk":"LOW","new_risk":"ELEVATED","findings":[{"type":"no_repository","detail":"Package has no repository link — source code is not verifiable","severity":"medium","recommendation":"Prefer packages with public source repositories"},{"type":"command_injection","detail":"Potential command injection: shell execution with template literal input","severity":"high","recommendation":"Sanitise all inputs to shell commands or use parameterised alternatives"},{"type":"no_provenance","detail":"Package is not published with provenance attestations or trusted publishing. Published by: planudev","severity":"low","recommendation":"Enable npm provenance via GitHub Actions to provide a verifiable build-to-publish chain"}],"affected_servers":[],"verdict":"warn","severity":"high","summary":"@planu/cli updated from 3.8.0 to 3.9.1. Score changed 85/100 to 65/100 (-20). Risk: LOW to ELEVATED. 3 findings.","detected_at":"2026-05-15T03:20:18.858+00:00","published_at":"2026-05-15T03:20:19.085451+00:00"},{"id":"AGENTSCORE-2026-0036","package":"novada-proxy-mcp","old_version":"1.8.2","new_version":"1.8.3","old_score":95,"new_score":85,"old_risk":"LOW","new_risk":"LOW","findings":[{"type":"no_repository","detail":"Package has no repository link — source code is not verifiable","severity":"medium","recommendation":"Prefer packages with public source repositories"},{"type":"no_provenance","detail":"Package is not published with provenance attestations or trusted publishing. Published by: tw260","severity":"low","recommendation":"Enable npm provenance via GitHub Actions to provide a verifiable build-to-publish chain"}],"affected_servers":[],"verdict":"allow","severity":"low","summary":"novada-proxy-mcp updated from 1.8.2 to 1.8.3. Score changed 95/100 to 85/100 (-10). Risk: LOW to LOW. 2 findings.","detected_at":"2026-05-15T00:40:16.795+00:00","published_at":"2026-05-15T00:40:16.865289+00:00"},{"id":"AGENTSCORE-2026-0035","package":"safari-mcp","old_version":"2.10.8","new_version":"2.10.9","old_score":70,"new_score":50,"old_risk":"MODERATE","new_risk":"ELEVATED","findings":[{"type":"install_script","detail":"Package has 'postinstall' script: node scripts/postinstall.cjs || true","severity":"low","recommendation":"Install script detected but contains no obvious network calls"},{"type":"command_injection","detail":"Potential command injection: shell execution with template literal input","severity":"high","recommendation":"Sanitise all inputs to shell commands or use parameterised alternatives"},{"type":"unsafe_eval","detail":"Uses eval() with dynamic input","severity":"high","recommendation":"Avoid eval with variables. Use JSON.parse or structured dispatch instead."},{"type":"no_provenance","detail":"Package is not published with provenance attestations or trusted publishing. Published by: achiya","severity":"low","recommendation":"Enable npm provenance via GitHub Actions to provide a verifiable build-to-publish chain"}],"affected_servers":[],"verdict":"warn","severity":"high","summary":"safari-mcp updated from 2.10.8 to 2.10.9. Score changed 70/100 to 50/100 (-20). Risk: MODERATE to ELEVATED. 4 findings.","detected_at":"2026-05-14T20:14:10.317+00:00","published_at":"2026-05-14T20:14:10.380175+00:00"},{"id":"AGENTSCORE-2026-0034","package":"@vibebrowser/mcp","old_version":"0.2.7","new_version":"0.2.8","old_score":100,"new_score":95,"old_risk":"LOW","new_risk":"LOW","findings":[{"type":"no_provenance","detail":"Package is not published with provenance attestations or trusted publishing. Published by: vibetechnologies","severity":"low","recommendation":"Enable npm provenance via GitHub Actions to provide a verifiable build-to-publish chain"}],"affected_servers":[],"verdict":"allow","severity":"low","summary":"@vibebrowser/mcp updated from 0.2.7 to 0.2.8. Score changed 100/100 to 95/100 (-5). Risk: LOW to LOW. 1 finding.","detected_at":"2026-05-14T08:14:08.26+00:00","published_at":"2026-05-14T08:14:08.310444+00:00"},{"id":"AGENTSCORE-2026-0033","package":"mcpbrowser","old_version":"0.3.52","new_version":"0.3.53","old_score":95,"new_score":75,"old_risk":"LOW","new_risk":"MODERATE","findings":[{"type":"command_injection","detail":"Potential command injection: shell execution with template literal input","severity":"high","recommendation":"Sanitise all inputs to shell commands or use parameterised alternatives"},{"type":"no_provenance","detail":"Package is not published with provenance attestations or trusted publishing. Published by: cherven","severity":"low","recommendation":"Enable npm provenance via GitHub Actions to provide a verifiable build-to-publish chain"}],"affected_servers":[],"verdict":"warn","severity":"high","summary":"mcpbrowser updated from 0.3.52 to 0.3.53. Score changed 95/100 to 75/100 (-20). Risk: LOW to MODERATE. 2 findings.","detected_at":"2026-05-13T22:48:08.506+00:00","published_at":"2026-05-13T22:48:08.563352+00:00"},{"id":"AGENTSCORE-2026-0032","package":"ninja-terminals","old_version":"2.3.1","new_version":"2.3.2","old_score":95,"new_score":75,"old_risk":"LOW","new_risk":"MODERATE","findings":[{"type":"command_injection","detail":"Potential command injection: shell execution with template literal input","severity":"high","recommendation":"Sanitise all inputs to shell commands or use parameterised alternatives"},{"type":"no_provenance","detail":"Package is not published with provenance attestations or trusted publishing. Published by: dmos82","severity":"low","recommendation":"Enable npm provenance via GitHub Actions to provide a verifiable build-to-publish chain"}],"affected_servers":[],"verdict":"warn","severity":"high","summary":"ninja-terminals updated from 2.3.1 to 2.3.2. Score changed 95/100 to 75/100 (-20). Risk: LOW to MODERATE. 2 findings.","detected_at":"2026-05-13T22:10:17.308+00:00","published_at":"2026-05-13T22:10:17.361352+00:00"},{"id":"AGENTSCORE-2026-0031","package":"@mcp-guardian/server","old_version":"2.3.12","new_version":"2.3.14","old_score":85,"new_score":80,"old_risk":"LOW","new_risk":"MODERATE","findings":[{"type":"excessive_dependencies","detail":"Package has 27 runtime dependencies (high attack surface)","severity":"medium","recommendation":"Prefer packages with fewer dependencies"},{"type":"command_injection","detail":"Potential command injection: shell execution with template literal input (downgraded — mitigators detected in scope: test_fixture:/prompt-injection-detector.js)","severity":"low","recommendation":"Sanitise all inputs to shell commands or use parameterised alternatives","mitigators_detected":["/prompt-injection-detector.js"],"mitigation_categories":["test_fixture"],"severity_downgraded_from":"high"},{"type":"no_provenance","detail":"Package is not published with provenance attestations or trusted publishing. Published by: rudraneel93","severity":"low","recommendation":"Enable npm provenance via GitHub Actions to provide a verifiable build-to-publish chain"}],"affected_servers":[],"verdict":"allow","severity":"low","summary":"@mcp-guardian/server updated from 2.3.12 to 2.3.14. Score changed 85/100 to 80/100 (-5). Risk: LOW to MODERATE. 3 findings.","detected_at":"2026-05-13T16:08:13.024+00:00","published_at":"2026-05-13T16:08:13.082508+00:00"},{"id":"AGENTSCORE-2026-0030","package":"browser-devtools-mcp","old_version":"0.6.13","new_version":"0.7.0","old_score":75,"new_score":60,"old_risk":"MODERATE","new_risk":"ELEVATED","findings":[{"type":"install_script","detail":"Package has 'postinstall' script: node postinstall.cjs","severity":"low","recommendation":"Install script detected but contains no obvious network calls"},{"type":"excessive_dependencies","detail":"Package has 26 runtime dependencies (high attack surface)","severity":"medium","recommendation":"Prefer packages with fewer dependencies"},{"type":"command_injection","detail":"Potential command injection: shell execution with template literal input","severity":"high","recommendation":"Sanitise all inputs to shell commands or use parameterised alternatives"},{"type":"no_provenance","detail":"Package is not published with provenance attestations or trusted publishing. Published by: serkan-ozal","severity":"low","recommendation":"Enable npm provenance via GitHub Actions to provide a verifiable build-to-publish chain"}],"affected_servers":[],"verdict":"warn","severity":"high","summary":"browser-devtools-mcp updated from 0.6.13 to 0.7.0. Score changed 75/100 to 60/100 (-15). Risk: MODERATE to ELEVATED. 4 findings.","detected_at":"2026-05-11T09:04:12.152+00:00","published_at":"2026-05-11T09:04:12.223845+00:00"},{"id":"AGENTSCORE-2026-0029","package":"cursor-memory","old_version":"1.0.3","new_version":"1.0.4","old_score":85,"new_score":80,"old_risk":"LOW","new_risk":"MODERATE","findings":[{"type":"install_script","detail":"Package has 'postinstall' script: node scripts/postinstall.cjs","severity":"low","recommendation":"Install script detected but contains no obvious network calls"},{"type":"install_script","detail":"Package has 'preinstall' script: node scripts/preinstall.cjs","severity":"low","recommendation":"Install script detected but contains no obvious network calls"},{"type":"command_injection","detail":"Potential command injection: shell execution with template literal input (downgraded — mitigators detected in scope: sanitizer:.exec(\"CREATE, sanitizer:db.exec()","severity":"low","recommendation":"Sanitise all inputs to shell commands or use parameterised alternatives","mitigators_detected":[".exec(\"CREATE","db.exec("],"mitigation_categories":["sanitizer"],"severity_downgraded_from":"high"},{"type":"no_provenance","detail":"Package is not published with provenance attestations or trusted publishing. Published by: tranhuucanh39","severity":"low","recommendation":"Enable npm provenance via GitHub Actions to provide a verifiable build-to-publish chain"}],"affected_servers":[],"verdict":"allow","severity":"low","summary":"cursor-memory updated from 1.0.3 to 1.0.4. Score changed 85/100 to 80/100 (-5). Risk: LOW to MODERATE. 4 findings.","detected_at":"2026-05-08T07:00:29.933+00:00","published_at":"2026-05-08T07:00:30.016018+00:00"},{"id":"AGENTSCORE-2026-0028","package":"@moneyforward_i/admina-mcp-server","old_version":"1.0.3","new_version":"1.0.5","old_score":95,"new_score":90,"old_risk":"LOW","new_risk":"LOW","findings":[{"type":"no_license","detail":"Package has no licence specified","severity":"low","recommendation":"Unlicensed code has unclear usage rights"},{"type":"no_provenance","detail":"Package is not published with provenance attestations or trusted publishing. Published by: priyanshbalyan","severity":"low","recommendation":"Enable npm provenance via GitHub Actions to provide a verifiable build-to-publish chain"}],"affected_servers":[],"verdict":"allow","severity":"low","summary":"@moneyforward_i/admina-mcp-server updated from 1.0.3 to 1.0.5. Score changed 95/100 to 90/100 (-5). Risk: LOW to LOW. 2 findings.","detected_at":"2026-05-08T05:44:09.159+00:00","published_at":"2026-05-08T05:44:09.214961+00:00"},{"id":"AGENTSCORE-2026-0027","package":"@voybio/ace-swarm","old_version":"2.4.0","new_version":"2.4.1","old_score":95,"new_score":75,"old_risk":"LOW","new_risk":"MODERATE","findings":[{"type":"command_injection","detail":"Potential command injection: shell execution with template literal input","severity":"high","recommendation":"Sanitise all inputs to shell commands or use parameterised alternatives"},{"type":"no_provenance","detail":"Package is not published with provenance attestations or trusted publishing. Published by: vedatonuryilmaz","severity":"low","recommendation":"Enable npm provenance via GitHub Actions to provide a verifiable build-to-publish chain"}],"affected_servers":[],"verdict":"warn","severity":"high","summary":"@voybio/ace-swarm updated from 2.4.0 to 2.4.1. Score changed 95/100 to 75/100 (-20). Risk: LOW to MODERATE. 2 findings.","detected_at":"2026-05-07T22:24:09.592+00:00","published_at":"2026-05-07T22:24:09.647915+00:00"},{"id":"AGENTSCORE-2026-0026","package":"codeslick-cli","old_version":"1.5.12","new_version":"1.6.0","old_score":85,"new_score":80,"old_risk":"LOW","new_risk":"MODERATE","findings":[{"type":"install_script","detail":"Package has 'postinstall' script: node postinstall.js","severity":"low","recommendation":"Install script detected but contains no obvious network calls"},{"type":"command_injection","detail":"Potential command injection: shell execution with template literal input (downgraded — mitigators detected in scope: sanitizer:sanitize, sanitizer:execFile)","severity":"low","recommendation":"Sanitise all inputs to shell commands or use parameterised alternatives","mitigators_detected":["sanitize","execFile","spawn('process-payment', [","test("],"mitigation_categories":["sanitizer","test_fixture"],"severity_downgraded_from":"high"},{"type":"unsafe_eval","detail":"Uses eval() with dynamic input (downgraded — mitigators detected in scope: sanitizer:execFile)","severity":"low","recommendation":"Avoid eval with variables. Use JSON.parse or structured dispatch instead.","mitigators_detected":["execFile"],"mitigation_categories":["sanitizer"],"severity_downgraded_from":"high"},{"type":"no_provenance","detail":"Package is not published with provenance attestations or trusted publishing. Published by: vitorlourenco","severity":"low","recommendation":"Enable npm provenance via GitHub Actions to provide a verifiable build-to-publish chain"}],"affected_servers":[],"verdict":"allow","severity":"low","summary":"codeslick-cli updated from 1.5.12 to 1.6.0. Score changed 85/100 to 80/100 (-5). Risk: LOW to MODERATE. 4 findings.","detected_at":"2026-05-06T13:40:16.807+00:00","published_at":"2026-05-06T13:40:16.879943+00:00"},{"id":"AGENTSCORE-2026-0025","package":"prism-mcp-server","old_version":"13.0.1","new_version":"13.1.1","old_score":85,"new_score":65,"old_risk":"LOW","new_risk":"ELEVATED","findings":[{"type":"excessive_dependencies","detail":"Package has 23 runtime dependencies (high attack surface)","severity":"medium","recommendation":"Prefer packages with fewer dependencies"},{"type":"unsafe_eval","detail":"Uses eval() with dynamic input","severity":"high","recommendation":"Avoid eval with variables. Use JSON.parse or structured dispatch instead."},{"type":"no_provenance","detail":"Package is not published with provenance attestations or trusted publishing. Published by: dmitricostenco","severity":"low","recommendation":"Enable npm provenance via GitHub Actions to provide a verifiable build-to-publish chain"}],"affected_servers":[],"verdict":"warn","severity":"high","summary":"prism-mcp-server updated from 13.0.1 to 13.1.1. Score changed 85/100 to 65/100 (-20). Risk: LOW to ELEVATED. 3 findings. (Backfilled May 6 after monitor-cron-only detection.)","detected_at":"2026-05-05T14:10:18+00:00","published_at":"2026-05-06T08:03:17.794434+00:00"},{"id":"AGENTSCORE-2026-0024","package":"@planu/cli","old_version":"3.2.0","new_version":"3.2.1","old_score":85,"new_score":65,"old_risk":"LOW","new_risk":"ELEVATED","findings":[{"type":"no_repository","detail":"Package has no repository link — source code is not verifiable","severity":"medium","recommendation":"Prefer packages with public source repositories"},{"type":"command_injection","detail":"Potential command injection: shell execution with template literal input","severity":"high","recommendation":"Sanitise all inputs to shell commands or use parameterised alternatives"},{"type":"no_provenance","detail":"Package is not published with provenance attestations or trusted publishing. Published by: planudev","severity":"low","recommendation":"Enable npm provenance via GitHub Actions to provide a verifiable build-to-publish chain"}],"affected_servers":[],"verdict":"warn","severity":"high","summary":"@planu/cli updated from 3.2.0 to 3.2.1. Score changed 85/100 to 65/100 (-20). Risk: LOW to ELEVATED. 3 findings.","detected_at":"2026-05-05T15:02:11.645+00:00","published_at":"2026-05-05T15:02:11.908446+00:00"},{"id":"AGENTSCORE-2026-0023","package":"@planu/cli","old_version":"3.1.3","new_version":"3.1.4","old_score":85,"new_score":65,"old_risk":"LOW","new_risk":"ELEVATED","findings":[{"type":"no_repository","detail":"Package has no repository link — source code is not verifiable","severity":"medium","recommendation":"Prefer packages with public source repositories"},{"type":"command_injection","detail":"Potential command injection: shell execution with template literal input","severity":"high","recommendation":"Sanitise all inputs to shell commands or use parameterised alternatives"},{"type":"no_provenance","detail":"Package is not published with provenance attestations or trusted publishing. Published by: planudev","severity":"low","recommendation":"Enable npm provenance via GitHub Actions to provide a verifiable build-to-publish chain"}],"affected_servers":[],"verdict":"warn","severity":"high","summary":"@planu/cli updated from 3.1.3 to 3.1.4. Score changed 85/100 to 65/100 (-20). Risk: LOW to ELEVATED. 3 findings.","detected_at":"2026-05-04T21:28:12.563+00:00","published_at":"2026-05-04T21:28:12.663965+00:00"},{"id":"AGENTSCORE-2026-0022","package":"entroly-wasm","old_version":"0.11.0","new_version":"0.12.0","old_score":95,"new_score":80,"old_risk":"LOW","new_risk":"MODERATE","findings":[{"type":"no_repository","detail":"Package has no repository link — source code is not verifiable","severity":"medium","recommendation":"Prefer packages with public source repositories"},{"type":"no_license","detail":"Package has no licence specified","severity":"low","recommendation":"Unlicensed code has unclear usage rights"},{"type":"no_provenance","detail":"Package is not published with provenance attestations or trusted publishing. Published by: adalako","severity":"low","recommendation":"Enable npm provenance via GitHub Actions to provide a verifiable build-to-publish chain"}],"affected_servers":[],"verdict":"allow","severity":"low","summary":"entroly-wasm updated from 0.11.0 to 0.12.0. Score changed 95/100 to 80/100 (-15). Risk: LOW to MODERATE. 3 findings.","detected_at":"2026-05-04T08:20:14.942+00:00","published_at":"2026-05-04T08:20:15.016654+00:00"},{"id":"AGENTSCORE-2026-0021","package":"javaperf","old_version":"1.2.2","new_version":"1.3.0","old_score":95,"new_score":80,"old_risk":"LOW","new_risk":"MODERATE","findings":[{"type":"command_injection","detail":"Potential command injection: shell execution with template literal input","severity":"high","recommendation":"Sanitise all inputs to shell commands or use parameterised alternatives"}],"affected_servers":[],"verdict":"warn","severity":"high","summary":"javaperf updated from 1.2.2 to 1.3.0. Score changed 95/100 to 80/100 (-15). Risk: LOW to MODERATE. 1 finding.","detected_at":"2026-05-02T19:28:09.049+00:00","published_at":"2026-05-02T19:28:09.318243+00:00"},{"id":"AGENTSCORE-2026-0020","package":"@staticn0va/wigolo","old_version":"0.6.6","new_version":"1.0.0","old_score":80,"new_score":70,"old_risk":"MODERATE","new_risk":"MODERATE","findings":[{"type":"excessive_dependencies","detail":"Package has 26 runtime dependencies (high attack surface)","severity":"medium","recommendation":"Prefer packages with fewer dependencies"},{"type":"command_injection","detail":"Potential command injection: shell execution with template literal input","severity":"high","recommendation":"Sanitise all inputs to shell commands or use parameterised alternatives"}],"affected_servers":[],"verdict":"warn","severity":"high","summary":"@staticn0va/wigolo updated from 0.6.6 to 1.0.0. Score changed 80/100 to 70/100 (-10). Risk: MODERATE to MODERATE. 2 findings.","detected_at":"2026-05-01T13:28:21.106+00:00","published_at":"2026-05-01T13:28:21.192365+00:00"},{"id":"AGENTSCORE-2026-0019","package":"@cg3/prior-mcp","old_version":"0.6.4","new_version":"0.7.0","old_score":100,"new_score":75,"old_risk":"LOW","new_risk":"MODERATE","findings":[{"type":"command_injection","detail":"Potential command injection: shell execution with template literal input","severity":"high","recommendation":"Sanitise all inputs to shell commands or use parameterised alternatives"},{"type":"no_provenance","detail":"Package is not published with provenance attestations or trusted publishing. Published by: cg3llc","severity":"low","recommendation":"Enable npm provenance via GitHub Actions to provide a verifiable build-to-publish chain"}],"affected_servers":[],"verdict":"warn","severity":"high","summary":"@cg3/prior-mcp updated from 0.6.4 to 0.7.0. Score changed 100/100 to 75/100 (-25). Risk: LOW to MODERATE. 2 findings.","detected_at":"2026-05-01T00:48:35.167+00:00","published_at":"2026-05-01T00:48:35.441444+00:00"},{"id":"AGENTSCORE-2026-0018","package":"@planu/cli","old_version":"2.12.0","new_version":"2.12.1","old_score":85,"new_score":65,"old_risk":"LOW","new_risk":"ELEVATED","findings":[{"type":"no_repository","detail":"Package has no repository link — source code is not verifiable","severity":"medium","recommendation":"Prefer packages with public source repositories"},{"type":"command_injection","detail":"Potential command injection: shell execution with template literal input","severity":"high","recommendation":"Sanitise all inputs to shell commands or use parameterised alternatives"},{"type":"no_provenance","detail":"Package is not published with provenance attestations or trusted publishing. Published by: planudev","severity":"low","recommendation":"Enable npm provenance via GitHub Actions to provide a verifiable build-to-publish chain"}],"affected_servers":[],"verdict":"warn","severity":"high","summary":"@planu/cli updated from 2.12.0 to 2.12.1. Score changed 85/100 to 65/100 (-20). Risk: LOW to ELEVATED. 3 findings.","detected_at":"2026-04-30T22:18:10.001+00:00","published_at":"2026-04-30T22:18:10.278135+00:00"},{"id":"AGENTSCORE-2026-0017","package":"prism-mcp-server","old_version":"11.6.0","new_version":"12.5.0","old_score":85,"new_score":65,"old_risk":"LOW","new_risk":"ELEVATED","findings":[{"type":"excessive_dependencies","detail":"Package has 23 runtime dependencies (high attack surface)","severity":"medium","recommendation":"Prefer packages with fewer dependencies"},{"type":"command_injection","detail":"Potential command injection: shell execution with template literal input","severity":"high","recommendation":"Sanitise all inputs to shell commands or use parameterised alternatives"},{"type":"no_provenance","detail":"Package is not published with provenance attestations or trusted publishing. Published by: dmitricostenco","severity":"low","recommendation":"Enable npm provenance via GitHub Actions to provide a verifiable build-to-publish chain"}],"affected_servers":[],"verdict":"warn","severity":"high","summary":"prism-mcp-server updated from 11.6.0 to 12.5.0. Score changed 85/100 to 65/100 (-20). Risk: LOW to ELEVATED. 3 findings.","detected_at":"2026-04-28T11:44:14.613+00:00","published_at":"2026-04-28T11:44:14.911597+00:00"},{"id":"AGENTSCORE-2026-0016","package":"@jtalk22/slack-mcp","old_version":"4.1.2","new_version":"4.2.0","old_score":90,"new_score":80,"old_risk":"LOW","new_risk":"MODERATE","findings":[{"type":"command_injection","detail":"Potential command injection: shell execution with template literal input","severity":"high","recommendation":"Sanitise all inputs to shell commands or use parameterised alternatives"}],"affected_servers":[],"verdict":"warn","severity":"high","summary":"@jtalk22/slack-mcp updated from 4.1.2 to 4.2.0. Score changed 90/100 to 80/100 (-10). Risk: LOW to MODERATE. 1 finding.","detected_at":"2026-04-26T15:46:08.758+00:00","published_at":"2026-04-26T15:46:09.005472+00:00"},{"id":"AGENTSCORE-2026-0015","package":"sverklo","old_version":"0.12.5","new_version":"0.16.0","old_score":80,"new_score":60,"old_risk":"MODERATE","new_risk":"ELEVATED","findings":[{"type":"command_injection","detail":"Potential command injection: shell execution with template literal input","severity":"high","recommendation":"Sanitise all inputs to shell commands or use parameterised alternatives"},{"type":"unsafe_eval","detail":"Uses eval() with dynamic input","severity":"high","recommendation":"Avoid eval with variables. Use JSON.parse or structured dispatch instead."}],"affected_servers":[],"verdict":"warn","severity":"high","summary":"sverklo updated from 0.12.5 to 0.16.0. Score changed 80/100 to 60/100 (-20). Risk: MODERATE to ELEVATED. 2 findings.","detected_at":"2026-04-25T19:56:12.587+00:00","published_at":"2026-04-25T19:56:12.67491+00:00"},{"id":"AGENTSCORE-2026-0014","package":"aidex-mcp","old_version":"1.17.1","new_version":"1.18.0","old_score":70,"new_score":60,"old_risk":"MODERATE","new_risk":"ELEVATED","findings":[{"type":"install_script","detail":"Package has 'postinstall' script: node scripts/postinstall.mjs","severity":"low","recommendation":"Install script detected but contains no obvious network calls"},{"type":"excessive_dependencies","detail":"Package has 21 runtime dependencies (high attack surface)","severity":"medium","recommendation":"Prefer packages with fewer dependencies"},{"type":"command_injection","detail":"Potential command injection: shell execution with template literal input","severity":"high","recommendation":"Sanitise all inputs to shell commands or use parameterised alternatives"},{"type":"no_provenance","detail":"Package is not published with provenance attestations or trusted publishing. Published by: uchalas","severity":"low","recommendation":"Enable npm provenance via GitHub Actions to provide a verifiable build-to-publish chain"}],"affected_servers":[],"verdict":"warn","severity":"high","summary":"aidex-mcp updated from 1.17.1 to 1.18.0. Score changed 70/100 to 60/100 (-10). Risk: MODERATE to ELEVATED. 4 findings.","detected_at":"2026-04-25T15:04:13.212+00:00","published_at":"2026-04-25T15:04:13.359604+00:00"},{"id":"AGENTSCORE-2026-0013","package":"vaultpilot-mcp","old_version":"0.7.0","new_version":"0.8.0","old_score":95,"new_score":85,"old_risk":"LOW","new_risk":"LOW","findings":[{"type":"install_script","detail":"Package has 'postinstall' script: patch-package","severity":"low","recommendation":"Install script detected but contains no obvious network calls"},{"type":"excessive_dependencies","detail":"Package has 21 runtime dependencies (high attack surface)","severity":"medium","recommendation":"Prefer packages with fewer dependencies"}],"affected_servers":[],"verdict":"allow","severity":"low","summary":"vaultpilot-mcp updated from 0.7.0 to 0.8.0. Score changed 95/100 to 85/100 (-10). Risk: LOW to LOW. 2 findings.","detected_at":"2026-04-25T14:32:10.586+00:00","published_at":"2026-04-25T14:32:10.696297+00:00"},{"id":"AGENTSCORE-2026-0012","package":"fa-mcp-sdk","old_version":null,"new_version":"0.4.71","old_score":null,"new_score":30,"old_risk":null,"new_risk":"HIGH","findings":[{"type":"hardcoded_secret","detail":"OpenAI/LiteLLM API key in package/config/local.yaml","severity":"critical","recommendation":"Do not install. Rotate the key."},{"type":"hardcoded_secret","detail":"Active Directory service-account password in package/config/local.yaml (two production domains)","severity":"critical","recommendation":"Do not install. Rotate the credential."},{"type":"hardcoded_secret","detail":"Consul ACL tokens for dev and prod in package/config/local.yaml","severity":"critical","recommendation":"Do not install. Rotate the tokens."},{"type":"hardcoded_secret","detail":"Postgres superuser password in package/config/local.yaml","severity":"critical","recommendation":"Do not install. Rotate the password."},{"type":"hardcoded_secret","detail":"JWT encryption key in package/config/local.yaml","severity":"high","recommendation":"Do not install. Rotate the key."}],"affected_servers":[],"verdict":"block","severity":"critical","summary":"Production credentials embedded in published npm tarball at package/config/local.yaml. Affected versions: 0.4.57 through 0.4.71 inclusive (latest at time of advisory). Six versions republished after private disclosure with the same file intact. The published file contains an OpenAI/LiteLLM API key, Active Directory service-account credentials for two production domains, Consul ACL tokens for dev and prod environments, a Postgres superuser password, and a JWT encryption key. Anyone running npm install fa-mcp-sdk or npx -y fa-mcp-sdk receives these values. The package is distributed as an MCP SDK, meaning agent-framework tooling typically pulls it without manual review. AgentScore disclosed privately to the maintainer on April 19, 20, and 22, 2026, and escalated to security@npmjs.com on April 22 after five new versions shipped without addressing the issue. Maintainer published a sanitized template at package/config/_local.yaml but never removed the original local.yaml. Recommendation: do not install. Rotate any credentials matching the maintainer organization that may have been pulled. CWE-798 (use of hard-coded credentials), CWE-540 (inclusion of sensitive information in source code).\n\nReferences:\n- Public disclosure on Dev.to: https://dev.to/michael_onyekwere/continuous-monitoring-caught-a-credential-leak-in-a-published-mcp-package-six-republishes-later-3app\n- Public class-level GitHub issue: https://github.com/Bazilio-san/fa-mcp-sdk/issues/3\n- Scan report: https://agentscores.xyz/report/fa-mcp-sdk\n- Disclosure timeline (this advisory): https://agentscores.xyz/security/advisories","detected_at":"2026-04-19T10:00:00+00:00","published_at":"2026-04-25T06:27:40.694+00:00"},{"id":"AGENTSCORE-2026-0011","package":"semiotic","old_version":"3.4.0","new_version":"3.4.1","old_score":100,"new_score":90,"old_risk":"LOW","new_risk":"LOW","findings":[{"type":"excessive_dependencies","detail":"Package has 21 runtime dependencies (high attack surface)","severity":"medium","recommendation":"Prefer packages with fewer dependencies"}],"affected_servers":[],"verdict":"allow","severity":"low","summary":"semiotic updated from 3.4.0 to 3.4.1. Score changed 100/100 to 90/100 (-10). Risk: LOW to LOW. 1 finding.","detected_at":"2026-04-23T15:38:11.355+00:00","published_at":"2026-04-23T15:38:11.42137+00:00"},{"id":"AGENTSCORE-2026-0010","package":"memorix","old_version":"1.0.7","new_version":"1.0.8","old_score":90,"new_score":80,"old_risk":"LOW","new_risk":"MODERATE","findings":[{"type":"excessive_dependencies","detail":"Package has 22 runtime dependencies (high attack surface)","severity":"medium","recommendation":"Prefer packages with fewer dependencies"},{"type":"unsafe_eval","detail":"Uses eval() with dynamic input (downgraded — mitigators detected in scope: test_fixture:test()","severity":"low","recommendation":"Avoid eval with variables. Use JSON.parse or structured dispatch instead.","mitigators_detected":["test("],"mitigation_categories":["test_fixture"],"severity_downgraded_from":"high"},{"type":"no_provenance","detail":"Package is not published with provenance attestations or trusted publishing. Published by: avids2","severity":"low","recommendation":"Enable npm provenance via GitHub Actions to provide a verifiable build-to-publish chain"}],"affected_servers":[],"verdict":"allow","severity":"low","summary":"memorix updated from 1.0.7 to 1.0.8. Score changed 90/100 to 80/100 (-10). Risk: LOW to MODERATE. 3 findings.","detected_at":"2026-04-23T15:04:13.321+00:00","published_at":"2026-04-23T15:04:13.451895+00:00"},{"id":"AGENTSCORE-2026-0009","package":"openchrome-mcp","old_version":"1.10.0","new_version":"1.10.1","old_score":95,"new_score":75,"old_risk":"LOW","new_risk":"MODERATE","findings":[{"type":"command_injection","detail":"Potential command injection: shell execution with template literal input","severity":"high","recommendation":"Sanitise all inputs to shell commands or use parameterised alternatives"},{"type":"no_provenance","detail":"Package is not published with provenance attestations or trusted publishing. Published by: shaun0927","severity":"low","recommendation":"Enable npm provenance via GitHub Actions to provide a verifiable build-to-publish chain"}],"affected_servers":[],"verdict":"warn","severity":"high","summary":"openchrome-mcp updated from 1.10.0 to 1.10.1. Score changed 95/100 to 75/100 (-20). Risk: LOW to MODERATE. 2 findings.","detected_at":"2026-04-23T01:38:09.97+00:00","published_at":"2026-04-23T01:38:10.041972+00:00"},{"id":"AGENTSCORE-2026-0008","package":"idea-manager","old_version":"2.4.5","new_version":"2.5.2","old_score":80,"new_score":60,"old_risk":"MODERATE","new_risk":"ELEVATED","findings":[{"type":"install_script","detail":"Package has 'postinstall' script: node bin/postinstall.js","severity":"low","recommendation":"Install script detected but contains no obvious network calls"},{"type":"excessive_dependencies","detail":"Package has 26 runtime dependencies (high attack surface)","severity":"medium","recommendation":"Prefer packages with fewer dependencies"},{"type":"command_injection","detail":"Potential command injection: shell execution with template literal input","severity":"high","recommendation":"Sanitise all inputs to shell commands or use parameterised alternatives"},{"type":"no_provenance","detail":"Package is not published with provenance attestations or trusted publishing. Published by: navskh","severity":"low","recommendation":"Enable npm provenance via GitHub Actions to provide a verifiable build-to-publish chain"}],"affected_servers":[],"verdict":"warn","severity":"high","summary":"idea-manager updated from 2.4.5 to 2.5.2. Score changed 80/100 to 60/100 (-20). Risk: MODERATE to ELEVATED. 4 findings.","detected_at":"2026-04-22T05:24:12.417+00:00","published_at":"2026-04-22T05:24:12.489471+00:00"},{"id":"AGENTSCORE-2026-0007","package":"@planu/cli","old_version":"1.83.0","new_version":"1.84.0","old_score":85,"new_score":65,"old_risk":"LOW","new_risk":"ELEVATED","findings":[{"type":"no_repository","detail":"Package has no repository link — source code is not verifiable","severity":"medium","recommendation":"Prefer packages with public source repositories"},{"type":"command_injection","detail":"Potential command injection: shell execution with template literal input","severity":"high","recommendation":"Sanitise all inputs to shell commands or use parameterised alternatives"},{"type":"no_provenance","detail":"Package is not published with provenance attestations or trusted publishing. Published by: planudev","severity":"low","recommendation":"Enable npm provenance via GitHub Actions to provide a verifiable build-to-publish chain"}],"affected_servers":[],"verdict":"warn","severity":"high","summary":"@planu/cli updated from 1.83.0 to 1.84.0. Score changed 85/100 to 65/100 (-20). Risk: LOW to ELEVATED. 3 findings.","detected_at":"2026-04-22T04:16:10.453+00:00","published_at":"2026-04-22T04:16:10.534747+00:00"},{"id":"AGENTSCORE-2026-0006","package":"vexp-cli","old_version":"2.0.11","new_version":"2.0.12","old_score":85,"new_score":65,"old_risk":"LOW","new_risk":"ELEVATED","findings":[{"type":"no_repository","detail":"Package has no repository link — source code is not verifiable","severity":"medium","recommendation":"Prefer packages with public source repositories"},{"type":"command_injection","detail":"Potential command injection: shell execution with template literal input","severity":"high","recommendation":"Sanitise all inputs to shell commands or use parameterised alternatives"},{"type":"no_provenance","detail":"Package is not published with provenance attestations or trusted publishing. Published by: vexp","severity":"low","recommendation":"Enable npm provenance via GitHub Actions to provide a verifiable build-to-publish chain"}],"affected_servers":[],"verdict":"warn","severity":"high","summary":"vexp-cli updated from 2.0.11 to 2.0.12. Score changed 85/100 to 65/100 (-20). Risk: LOW to ELEVATED. 3 findings.","detected_at":"2026-04-18T19:36:08.201+00:00","published_at":"2026-04-18T19:36:08.267218+00:00"},{"id":"AGENTSCORE-2026-0005","package":"@planu/cli","old_version":"1.68.0","new_version":"1.69.0","old_score":85,"new_score":65,"old_risk":"LOW","new_risk":"ELEVATED","findings":[{"type":"no_repository","detail":"Package has no repository link — source code is not verifiable","severity":"medium","recommendation":"Prefer packages with public source repositories"},{"type":"command_injection","detail":"Potential command injection: shell execution with template literal input","severity":"high","recommendation":"Sanitise all inputs to shell commands or use parameterised alternatives"},{"type":"no_provenance","detail":"Package is not published with provenance attestations or trusted publishing. Published by: planudev","severity":"low","recommendation":"Enable npm provenance via GitHub Actions to provide a verifiable build-to-publish chain"}],"affected_servers":[],"verdict":"warn","severity":"high","summary":"@planu/cli updated from 1.68.0 to 1.69.0. Score changed 85/100 to 65/100 (-20). Risk: LOW to ELEVATED. 3 findings.","detected_at":"2026-04-17T19:42:10.031+00:00","published_at":"2026-04-17T19:42:10.301235+00:00"}],"total":50,"feed_url":"https://agentscores.xyz/security/advisories/rss.xml"}