{"advisories":[{"id":"AGENTSCORE-2026-0041","package":"safari-mcp","old_version":"2.10.10","new_version":"2.11.0","old_score":70,"new_score":65,"old_risk":"MODERATE","new_risk":"ELEVATED","findings":[{"type":"install_script","detail":"Package has 'postinstall' script: node scripts/postinstall.cjs || true","severity":"low","recommendation":"Install script detected but contains no obvious network calls"},{"file":"package/scripts/postinstall.cjs","type":"command_injection","detail":"Potential command injection: shell execution with template literal input (downgraded — mitigators detected in scope: sanitizer:path.join, sanitizer:codesign)","severity":"low","recommendation":"Sanitise all inputs to shell commands or use parameterised alternatives","mitigators_detected":["path.join","codesign"],"mitigation_categories":["sanitizer"],"severity_downgraded_from":"high"},{"file":"package/extension/background.js","type":"unsafe_eval","detail":"Uses eval() with dynamic input","severity":"high","recommendation":"Avoid eval with variables. Use JSON.parse or structured dispatch instead."},{"type":"no_provenance","detail":"Package is not published with provenance attestations or trusted publishing. Published by: achiya","severity":"low","recommendation":"Enable npm provenance via GitHub Actions to provide a verifiable build-to-publish chain"}],"affected_servers":[],"verdict":"warn","severity":"high","summary":"safari-mcp updated from 2.10.10 to 2.11.0. Score changed 70/100 to 65/100 (-5). Risk: MODERATE to ELEVATED. 4 findings.","detected_at":"2026-05-18T06:30:23.233+00:00","published_at":"2026-05-18T06:30:23.286774+00:00"},{"id":"AGENTSCORE-2026-0040","package":"aiwg","old_version":"2026.5.7","new_version":"2026.5.8","old_score":95,"new_score":80,"old_risk":"LOW","new_risk":"MODERATE","findings":[{"file":"package/dist/src/config/cli.js","type":"command_injection","detail":"Potential command injection: shell execution with template literal input","severity":"high","recommendation":"Sanitise all inputs to shell commands or use parameterised alternatives"}],"affected_servers":[],"verdict":"warn","severity":"high","summary":"aiwg updated from 2026.5.7 to 2026.5.8. Score changed 95/100 to 80/100 (-15). Risk: LOW to MODERATE. 1 finding.","detected_at":"2026-05-18T05:24:11.014+00:00","published_at":"2026-05-18T05:24:11.068931+00:00"},{"id":"AGENTSCORE-2026-0039","package":"openchrome-mcp","old_version":"1.10.4","new_version":"1.12.2","old_score":75,"new_score":55,"old_risk":"MODERATE","new_risk":"ELEVATED","findings":[{"type":"command_injection","detail":"Potential command injection: shell execution with template literal input","severity":"high","recommendation":"Sanitise all inputs to shell commands or use parameterised alternatives"},{"type":"unsafe_eval","detail":"Uses eval() with dynamic input","severity":"high","recommendation":"Avoid eval with variables. Use JSON.parse or structured dispatch instead."},{"type":"no_provenance","detail":"Package is not published with provenance attestations or trusted publishing. Published by: shaun0927","severity":"low","recommendation":"Enable npm provenance via GitHub Actions to provide a verifiable build-to-publish chain"}],"affected_servers":[],"verdict":"warn","severity":"high","summary":"openchrome-mcp updated from 1.10.4 to 1.12.2. Score changed 75/100 to 55/100 (-20). Risk: MODERATE to ELEVATED. 3 findings.","detected_at":"2026-05-16T00:00:36.824+00:00","published_at":"2026-05-16T00:00:37.074815+00:00"},{"id":"AGENTSCORE-2026-0038","package":"@unerr-ai/unerr","old_version":"0.1.0","new_version":"0.1.1","old_score":55,"new_score":50,"old_risk":"ELEVATED","new_risk":"ELEVATED","findings":[{"type":"install_script","detail":"Package has 'postinstall' script: node scripts/postinstall.mjs || true","severity":"low","recommendation":"Install script detected but contains no obvious network calls"},{"type":"excessive_dependencies","detail":"Package has 45 runtime dependencies (high attack surface)","severity":"medium","recommendation":"Prefer packages with fewer dependencies"},{"type":"no_repository","detail":"Package has no repository link — source code is not verifiable","severity":"medium","recommendation":"Prefer packages with public source repositories"},{"type":"command_injection","detail":"Potential command injection: shell execution with template literal input","severity":"high","recommendation":"Sanitise all inputs to shell commands or use parameterised alternatives"},{"type":"no_provenance","detail":"Package is not published with provenance attestations or trusted publishing. Published by: jaswanth-unerr","severity":"low","recommendation":"Enable npm provenance via GitHub Actions to provide a verifiable build-to-publish chain"}],"affected_servers":[],"verdict":"warn","severity":"high","summary":"@unerr-ai/unerr updated from 0.1.0 to 0.1.1. Score changed 55/100 to 50/100 (-5). Risk: ELEVATED to ELEVATED. 5 findings.","detected_at":"2026-05-15T07:04:15.976+00:00","published_at":"2026-05-15T07:04:16.097148+00:00"},{"id":"AGENTSCORE-2026-0037","package":"@planu/cli","old_version":"3.8.0","new_version":"3.9.1","old_score":85,"new_score":65,"old_risk":"LOW","new_risk":"ELEVATED","findings":[{"type":"no_repository","detail":"Package has no repository link — source code is not verifiable","severity":"medium","recommendation":"Prefer packages with public source repositories"},{"type":"command_injection","detail":"Potential command injection: shell execution with template literal input","severity":"high","recommendation":"Sanitise all inputs to shell commands or use parameterised alternatives"},{"type":"no_provenance","detail":"Package is not published with provenance attestations or trusted publishing. Published by: planudev","severity":"low","recommendation":"Enable npm provenance via GitHub Actions to provide a verifiable build-to-publish chain"}],"affected_servers":[],"verdict":"warn","severity":"high","summary":"@planu/cli updated from 3.8.0 to 3.9.1. Score changed 85/100 to 65/100 (-20). Risk: LOW to ELEVATED. 3 findings.","detected_at":"2026-05-15T03:20:18.858+00:00","published_at":"2026-05-15T03:20:19.085451+00:00"},{"id":"AGENTSCORE-2026-0036","package":"novada-proxy-mcp","old_version":"1.8.2","new_version":"1.8.3","old_score":95,"new_score":85,"old_risk":"LOW","new_risk":"LOW","findings":[{"type":"no_repository","detail":"Package has no repository link — source code is not verifiable","severity":"medium","recommendation":"Prefer packages with public source repositories"},{"type":"no_provenance","detail":"Package is not published with provenance attestations or trusted publishing. Published by: tw260","severity":"low","recommendation":"Enable npm provenance via GitHub Actions to provide a verifiable build-to-publish chain"}],"affected_servers":[],"verdict":"allow","severity":"low","summary":"novada-proxy-mcp updated from 1.8.2 to 1.8.3. Score changed 95/100 to 85/100 (-10). Risk: LOW to LOW. 2 findings.","detected_at":"2026-05-15T00:40:16.795+00:00","published_at":"2026-05-15T00:40:16.865289+00:00"},{"id":"AGENTSCORE-2026-0035","package":"safari-mcp","old_version":"2.10.8","new_version":"2.10.9","old_score":70,"new_score":50,"old_risk":"MODERATE","new_risk":"ELEVATED","findings":[{"type":"install_script","detail":"Package has 'postinstall' script: node scripts/postinstall.cjs || true","severity":"low","recommendation":"Install script detected but contains no obvious network calls"},{"type":"command_injection","detail":"Potential command injection: shell execution with template literal input","severity":"high","recommendation":"Sanitise all inputs to shell commands or use parameterised alternatives"},{"type":"unsafe_eval","detail":"Uses eval() with dynamic input","severity":"high","recommendation":"Avoid eval with variables. Use JSON.parse or structured dispatch instead."},{"type":"no_provenance","detail":"Package is not published with provenance attestations or trusted publishing. Published by: achiya","severity":"low","recommendation":"Enable npm provenance via GitHub Actions to provide a verifiable build-to-publish chain"}],"affected_servers":[],"verdict":"warn","severity":"high","summary":"safari-mcp updated from 2.10.8 to 2.10.9. Score changed 70/100 to 50/100 (-20). Risk: MODERATE to ELEVATED. 4 findings.","detected_at":"2026-05-14T20:14:10.317+00:00","published_at":"2026-05-14T20:14:10.380175+00:00"},{"id":"AGENTSCORE-2026-0034","package":"@vibebrowser/mcp","old_version":"0.2.7","new_version":"0.2.8","old_score":100,"new_score":95,"old_risk":"LOW","new_risk":"LOW","findings":[{"type":"no_provenance","detail":"Package is not published with provenance attestations or trusted publishing. Published by: vibetechnologies","severity":"low","recommendation":"Enable npm provenance via GitHub Actions to provide a verifiable build-to-publish chain"}],"affected_servers":[],"verdict":"allow","severity":"low","summary":"@vibebrowser/mcp updated from 0.2.7 to 0.2.8. Score changed 100/100 to 95/100 (-5). Risk: LOW to LOW. 1 finding.","detected_at":"2026-05-14T08:14:08.26+00:00","published_at":"2026-05-14T08:14:08.310444+00:00"},{"id":"AGENTSCORE-2026-0033","package":"mcpbrowser","old_version":"0.3.52","new_version":"0.3.53","old_score":95,"new_score":75,"old_risk":"LOW","new_risk":"MODERATE","findings":[{"type":"command_injection","detail":"Potential command injection: shell execution with template literal input","severity":"high","recommendation":"Sanitise all inputs to shell commands or use parameterised alternatives"},{"type":"no_provenance","detail":"Package is not published with provenance attestations or trusted publishing. Published by: cherven","severity":"low","recommendation":"Enable npm provenance via GitHub Actions to provide a verifiable build-to-publish chain"}],"affected_servers":[],"verdict":"warn","severity":"high","summary":"mcpbrowser updated from 0.3.52 to 0.3.53. Score changed 95/100 to 75/100 (-20). Risk: LOW to MODERATE. 2 findings.","detected_at":"2026-05-13T22:48:08.506+00:00","published_at":"2026-05-13T22:48:08.563352+00:00"},{"id":"AGENTSCORE-2026-0032","package":"ninja-terminals","old_version":"2.3.1","new_version":"2.3.2","old_score":95,"new_score":75,"old_risk":"LOW","new_risk":"MODERATE","findings":[{"type":"command_injection","detail":"Potential command injection: shell execution with template literal input","severity":"high","recommendation":"Sanitise all inputs to shell commands or use parameterised alternatives"},{"type":"no_provenance","detail":"Package is not published with provenance attestations or trusted publishing. Published by: dmos82","severity":"low","recommendation":"Enable npm provenance via GitHub Actions to provide a verifiable build-to-publish chain"}],"affected_servers":[],"verdict":"warn","severity":"high","summary":"ninja-terminals updated from 2.3.1 to 2.3.2. Score changed 95/100 to 75/100 (-20). Risk: LOW to MODERATE. 2 findings.","detected_at":"2026-05-13T22:10:17.308+00:00","published_at":"2026-05-13T22:10:17.361352+00:00"},{"id":"AGENTSCORE-2026-0031","package":"@mcp-guardian/server","old_version":"2.3.12","new_version":"2.3.14","old_score":85,"new_score":80,"old_risk":"LOW","new_risk":"MODERATE","findings":[{"type":"excessive_dependencies","detail":"Package has 27 runtime dependencies (high attack surface)","severity":"medium","recommendation":"Prefer packages with fewer dependencies"},{"type":"command_injection","detail":"Potential command injection: shell execution with template literal input (downgraded — mitigators detected in scope: test_fixture:/prompt-injection-detector.js)","severity":"low","recommendation":"Sanitise all inputs to shell commands or use parameterised alternatives","mitigators_detected":["/prompt-injection-detector.js"],"mitigation_categories":["test_fixture"],"severity_downgraded_from":"high"},{"type":"no_provenance","detail":"Package is not published with provenance attestations or trusted publishing. Published by: rudraneel93","severity":"low","recommendation":"Enable npm provenance via GitHub Actions to provide a verifiable build-to-publish chain"}],"affected_servers":[],"verdict":"allow","severity":"low","summary":"@mcp-guardian/server updated from 2.3.12 to 2.3.14. Score changed 85/100 to 80/100 (-5). Risk: LOW to MODERATE. 3 findings.","detected_at":"2026-05-13T16:08:13.024+00:00","published_at":"2026-05-13T16:08:13.082508+00:00"},{"id":"AGENTSCORE-2026-0030","package":"browser-devtools-mcp","old_version":"0.6.13","new_version":"0.7.0","old_score":75,"new_score":60,"old_risk":"MODERATE","new_risk":"ELEVATED","findings":[{"type":"install_script","detail":"Package has 'postinstall' script: node postinstall.cjs","severity":"low","recommendation":"Install script detected but contains no obvious network calls"},{"type":"excessive_dependencies","detail":"Package has 26 runtime dependencies (high attack surface)","severity":"medium","recommendation":"Prefer packages with fewer dependencies"},{"type":"command_injection","detail":"Potential command injection: shell execution with template literal input","severity":"high","recommendation":"Sanitise all inputs to shell commands or use parameterised alternatives"},{"type":"no_provenance","detail":"Package is not published with provenance attestations or trusted publishing. Published by: serkan-ozal","severity":"low","recommendation":"Enable npm provenance via GitHub Actions to provide a verifiable build-to-publish chain"}],"affected_servers":[],"verdict":"warn","severity":"high","summary":"browser-devtools-mcp updated from 0.6.13 to 0.7.0. Score changed 75/100 to 60/100 (-15). Risk: MODERATE to ELEVATED. 4 findings.","detected_at":"2026-05-11T09:04:12.152+00:00","published_at":"2026-05-11T09:04:12.223845+00:00"},{"id":"AGENTSCORE-2026-0029","package":"cursor-memory","old_version":"1.0.3","new_version":"1.0.4","old_score":85,"new_score":80,"old_risk":"LOW","new_risk":"MODERATE","findings":[{"type":"install_script","detail":"Package has 'postinstall' script: node scripts/postinstall.cjs","severity":"low","recommendation":"Install script detected but contains no obvious network calls"},{"type":"install_script","detail":"Package has 'preinstall' script: node scripts/preinstall.cjs","severity":"low","recommendation":"Install script detected but contains no obvious network calls"},{"type":"command_injection","detail":"Potential command injection: shell execution with template literal input (downgraded — mitigators detected in scope: sanitizer:.exec(\"CREATE, sanitizer:db.exec()","severity":"low","recommendation":"Sanitise all inputs to shell commands or use parameterised alternatives","mitigators_detected":[".exec(\"CREATE","db.exec("],"mitigation_categories":["sanitizer"],"severity_downgraded_from":"high"},{"type":"no_provenance","detail":"Package is not published with provenance attestations or trusted publishing. Published by: tranhuucanh39","severity":"low","recommendation":"Enable npm provenance via GitHub Actions to provide a verifiable build-to-publish chain"}],"affected_servers":[],"verdict":"allow","severity":"low","summary":"cursor-memory updated from 1.0.3 to 1.0.4. Score changed 85/100 to 80/100 (-5). Risk: LOW to MODERATE. 4 findings.","detected_at":"2026-05-08T07:00:29.933+00:00","published_at":"2026-05-08T07:00:30.016018+00:00"},{"id":"AGENTSCORE-2026-0028","package":"@moneyforward_i/admina-mcp-server","old_version":"1.0.3","new_version":"1.0.5","old_score":95,"new_score":90,"old_risk":"LOW","new_risk":"LOW","findings":[{"type":"no_license","detail":"Package has no licence specified","severity":"low","recommendation":"Unlicensed code has unclear usage rights"},{"type":"no_provenance","detail":"Package is not published with provenance attestations or trusted publishing. Published by: priyanshbalyan","severity":"low","recommendation":"Enable npm provenance via GitHub Actions to provide a verifiable build-to-publish chain"}],"affected_servers":[],"verdict":"allow","severity":"low","summary":"@moneyforward_i/admina-mcp-server updated from 1.0.3 to 1.0.5. Score changed 95/100 to 90/100 (-5). Risk: LOW to LOW. 2 findings.","detected_at":"2026-05-08T05:44:09.159+00:00","published_at":"2026-05-08T05:44:09.214961+00:00"},{"id":"AGENTSCORE-2026-0027","package":"@voybio/ace-swarm","old_version":"2.4.0","new_version":"2.4.1","old_score":95,"new_score":75,"old_risk":"LOW","new_risk":"MODERATE","findings":[{"type":"command_injection","detail":"Potential command injection: shell execution with template literal input","severity":"high","recommendation":"Sanitise all inputs to shell commands or use parameterised alternatives"},{"type":"no_provenance","detail":"Package is not published with provenance attestations or trusted publishing. Published by: vedatonuryilmaz","severity":"low","recommendation":"Enable npm provenance via GitHub Actions to provide a verifiable build-to-publish chain"}],"affected_servers":[],"verdict":"warn","severity":"high","summary":"@voybio/ace-swarm updated from 2.4.0 to 2.4.1. Score changed 95/100 to 75/100 (-20). Risk: LOW to MODERATE. 2 findings.","detected_at":"2026-05-07T22:24:09.592+00:00","published_at":"2026-05-07T22:24:09.647915+00:00"},{"id":"AGENTSCORE-2026-0026","package":"codeslick-cli","old_version":"1.5.12","new_version":"1.6.0","old_score":85,"new_score":80,"old_risk":"LOW","new_risk":"MODERATE","findings":[{"type":"install_script","detail":"Package has 'postinstall' script: node postinstall.js","severity":"low","recommendation":"Install script detected but contains no obvious network calls"},{"type":"command_injection","detail":"Potential command injection: shell execution with template literal input (downgraded — mitigators detected in scope: sanitizer:sanitize, sanitizer:execFile)","severity":"low","recommendation":"Sanitise all inputs to shell commands or use parameterised alternatives","mitigators_detected":["sanitize","execFile","spawn('process-payment', [","test("],"mitigation_categories":["sanitizer","test_fixture"],"severity_downgraded_from":"high"},{"type":"unsafe_eval","detail":"Uses eval() with dynamic input (downgraded — mitigators detected in scope: sanitizer:execFile)","severity":"low","recommendation":"Avoid eval with variables. Use JSON.parse or structured dispatch instead.","mitigators_detected":["execFile"],"mitigation_categories":["sanitizer"],"severity_downgraded_from":"high"},{"type":"no_provenance","detail":"Package is not published with provenance attestations or trusted publishing. Published by: vitorlourenco","severity":"low","recommendation":"Enable npm provenance via GitHub Actions to provide a verifiable build-to-publish chain"}],"affected_servers":[],"verdict":"allow","severity":"low","summary":"codeslick-cli updated from 1.5.12 to 1.6.0. Score changed 85/100 to 80/100 (-5). Risk: LOW to MODERATE. 4 findings.","detected_at":"2026-05-06T13:40:16.807+00:00","published_at":"2026-05-06T13:40:16.879943+00:00"},{"id":"AGENTSCORE-2026-0025","package":"prism-mcp-server","old_version":"13.0.1","new_version":"13.1.1","old_score":85,"new_score":65,"old_risk":"LOW","new_risk":"ELEVATED","findings":[{"type":"excessive_dependencies","detail":"Package has 23 runtime dependencies (high attack surface)","severity":"medium","recommendation":"Prefer packages with fewer dependencies"},{"type":"unsafe_eval","detail":"Uses eval() with dynamic input","severity":"high","recommendation":"Avoid eval with variables. Use JSON.parse or structured dispatch instead."},{"type":"no_provenance","detail":"Package is not published with provenance attestations or trusted publishing. Published by: dmitricostenco","severity":"low","recommendation":"Enable npm provenance via GitHub Actions to provide a verifiable build-to-publish chain"}],"affected_servers":[],"verdict":"warn","severity":"high","summary":"prism-mcp-server updated from 13.0.1 to 13.1.1. Score changed 85/100 to 65/100 (-20). Risk: LOW to ELEVATED. 3 findings. (Backfilled May 6 after monitor-cron-only detection.)","detected_at":"2026-05-05T14:10:18+00:00","published_at":"2026-05-06T08:03:17.794434+00:00"},{"id":"AGENTSCORE-2026-0024","package":"@planu/cli","old_version":"3.2.0","new_version":"3.2.1","old_score":85,"new_score":65,"old_risk":"LOW","new_risk":"ELEVATED","findings":[{"type":"no_repository","detail":"Package has no repository link — source code is not verifiable","severity":"medium","recommendation":"Prefer packages with public source repositories"},{"type":"command_injection","detail":"Potential command injection: shell execution with template literal input","severity":"high","recommendation":"Sanitise all inputs to shell commands or use parameterised alternatives"},{"type":"no_provenance","detail":"Package is not published with provenance attestations or trusted publishing. Published by: planudev","severity":"low","recommendation":"Enable npm provenance via GitHub Actions to provide a verifiable build-to-publish chain"}],"affected_servers":[],"verdict":"warn","severity":"high","summary":"@planu/cli updated from 3.2.0 to 3.2.1. Score changed 85/100 to 65/100 (-20). Risk: LOW to ELEVATED. 3 findings.","detected_at":"2026-05-05T15:02:11.645+00:00","published_at":"2026-05-05T15:02:11.908446+00:00"},{"id":"AGENTSCORE-2026-0023","package":"@planu/cli","old_version":"3.1.3","new_version":"3.1.4","old_score":85,"new_score":65,"old_risk":"LOW","new_risk":"ELEVATED","findings":[{"type":"no_repository","detail":"Package has no repository link — source code is not verifiable","severity":"medium","recommendation":"Prefer packages with public source repositories"},{"type":"command_injection","detail":"Potential command injection: shell execution with template literal input","severity":"high","recommendation":"Sanitise all inputs to shell commands or use parameterised alternatives"},{"type":"no_provenance","detail":"Package is not published with provenance attestations or trusted publishing. Published by: planudev","severity":"low","recommendation":"Enable npm provenance via GitHub Actions to provide a verifiable build-to-publish chain"}],"affected_servers":[],"verdict":"warn","severity":"high","summary":"@planu/cli updated from 3.1.3 to 3.1.4. Score changed 85/100 to 65/100 (-20). Risk: LOW to ELEVATED. 3 findings.","detected_at":"2026-05-04T21:28:12.563+00:00","published_at":"2026-05-04T21:28:12.663965+00:00"},{"id":"AGENTSCORE-2026-0022","package":"entroly-wasm","old_version":"0.11.0","new_version":"0.12.0","old_score":95,"new_score":80,"old_risk":"LOW","new_risk":"MODERATE","findings":[{"type":"no_repository","detail":"Package has no repository link — source code is not verifiable","severity":"medium","recommendation":"Prefer packages with public source repositories"},{"type":"no_license","detail":"Package has no licence specified","severity":"low","recommendation":"Unlicensed code has unclear usage rights"},{"type":"no_provenance","detail":"Package is not published with provenance attestations or trusted publishing. Published by: adalako","severity":"low","recommendation":"Enable npm provenance via GitHub Actions to provide a verifiable build-to-publish chain"}],"affected_servers":[],"verdict":"allow","severity":"low","summary":"entroly-wasm updated from 0.11.0 to 0.12.0. Score changed 95/100 to 80/100 (-15). Risk: LOW to MODERATE. 3 findings.","detected_at":"2026-05-04T08:20:14.942+00:00","published_at":"2026-05-04T08:20:15.016654+00:00"},{"id":"AGENTSCORE-2026-0021","package":"javaperf","old_version":"1.2.2","new_version":"1.3.0","old_score":95,"new_score":80,"old_risk":"LOW","new_risk":"MODERATE","findings":[{"type":"command_injection","detail":"Potential command injection: shell execution with template literal input","severity":"high","recommendation":"Sanitise all inputs to shell commands or use parameterised alternatives"}],"affected_servers":[],"verdict":"warn","severity":"high","summary":"javaperf updated from 1.2.2 to 1.3.0. Score changed 95/100 to 80/100 (-15). Risk: LOW to MODERATE. 1 finding.","detected_at":"2026-05-02T19:28:09.049+00:00","published_at":"2026-05-02T19:28:09.318243+00:00"},{"id":"AGENTSCORE-2026-0020","package":"@staticn0va/wigolo","old_version":"0.6.6","new_version":"1.0.0","old_score":80,"new_score":70,"old_risk":"MODERATE","new_risk":"MODERATE","findings":[{"type":"excessive_dependencies","detail":"Package has 26 runtime dependencies (high attack surface)","severity":"medium","recommendation":"Prefer packages with fewer dependencies"},{"type":"command_injection","detail":"Potential command injection: shell execution with template literal input","severity":"high","recommendation":"Sanitise all inputs to shell commands or use parameterised alternatives"}],"affected_servers":[],"verdict":"warn","severity":"high","summary":"@staticn0va/wigolo updated from 0.6.6 to 1.0.0. Score changed 80/100 to 70/100 (-10). Risk: MODERATE to MODERATE. 2 findings.","detected_at":"2026-05-01T13:28:21.106+00:00","published_at":"2026-05-01T13:28:21.192365+00:00"},{"id":"AGENTSCORE-2026-0019","package":"@cg3/prior-mcp","old_version":"0.6.4","new_version":"0.7.0","old_score":100,"new_score":75,"old_risk":"LOW","new_risk":"MODERATE","findings":[{"type":"command_injection","detail":"Potential command injection: shell execution with template literal input","severity":"high","recommendation":"Sanitise all inputs to shell commands or use parameterised alternatives"},{"type":"no_provenance","detail":"Package is not published with provenance attestations or trusted publishing. Published by: cg3llc","severity":"low","recommendation":"Enable npm provenance via GitHub Actions to provide a verifiable build-to-publish chain"}],"affected_servers":[],"verdict":"warn","severity":"high","summary":"@cg3/prior-mcp updated from 0.6.4 to 0.7.0. Score changed 100/100 to 75/100 (-25). Risk: LOW to MODERATE. 2 findings.","detected_at":"2026-05-01T00:48:35.167+00:00","published_at":"2026-05-01T00:48:35.441444+00:00"},{"id":"AGENTSCORE-2026-0018","package":"@planu/cli","old_version":"2.12.0","new_version":"2.12.1","old_score":85,"new_score":65,"old_risk":"LOW","new_risk":"ELEVATED","findings":[{"type":"no_repository","detail":"Package has no repository link — source code is not verifiable","severity":"medium","recommendation":"Prefer packages with public source repositories"},{"type":"command_injection","detail":"Potential command injection: shell execution with template literal input","severity":"high","recommendation":"Sanitise all inputs to shell commands or use parameterised alternatives"},{"type":"no_provenance","detail":"Package is not published with provenance attestations or trusted publishing. Published by: planudev","severity":"low","recommendation":"Enable npm provenance via GitHub Actions to provide a verifiable build-to-publish chain"}],"affected_servers":[],"verdict":"warn","severity":"high","summary":"@planu/cli updated from 2.12.0 to 2.12.1. Score changed 85/100 to 65/100 (-20). Risk: LOW to ELEVATED. 3 findings.","detected_at":"2026-04-30T22:18:10.001+00:00","published_at":"2026-04-30T22:18:10.278135+00:00"},{"id":"AGENTSCORE-2026-0017","package":"prism-mcp-server","old_version":"11.6.0","new_version":"12.5.0","old_score":85,"new_score":65,"old_risk":"LOW","new_risk":"ELEVATED","findings":[{"type":"excessive_dependencies","detail":"Package has 23 runtime dependencies (high attack surface)","severity":"medium","recommendation":"Prefer packages with fewer dependencies"},{"type":"command_injection","detail":"Potential command injection: shell execution with template literal input","severity":"high","recommendation":"Sanitise all inputs to shell commands or use parameterised alternatives"},{"type":"no_provenance","detail":"Package is not published with provenance attestations or trusted publishing. Published by: dmitricostenco","severity":"low","recommendation":"Enable npm provenance via GitHub Actions to provide a verifiable build-to-publish chain"}],"affected_servers":[],"verdict":"warn","severity":"high","summary":"prism-mcp-server updated from 11.6.0 to 12.5.0. Score changed 85/100 to 65/100 (-20). Risk: LOW to ELEVATED. 3 findings.","detected_at":"2026-04-28T11:44:14.613+00:00","published_at":"2026-04-28T11:44:14.911597+00:00"},{"id":"AGENTSCORE-2026-0016","package":"@jtalk22/slack-mcp","old_version":"4.1.2","new_version":"4.2.0","old_score":90,"new_score":80,"old_risk":"LOW","new_risk":"MODERATE","findings":[{"type":"command_injection","detail":"Potential command injection: shell execution with template literal input","severity":"high","recommendation":"Sanitise all inputs to shell commands or use parameterised alternatives"}],"affected_servers":[],"verdict":"warn","severity":"high","summary":"@jtalk22/slack-mcp updated from 4.1.2 to 4.2.0. Score changed 90/100 to 80/100 (-10). Risk: LOW to MODERATE. 1 finding.","detected_at":"2026-04-26T15:46:08.758+00:00","published_at":"2026-04-26T15:46:09.005472+00:00"},{"id":"AGENTSCORE-2026-0015","package":"sverklo","old_version":"0.12.5","new_version":"0.16.0","old_score":80,"new_score":60,"old_risk":"MODERATE","new_risk":"ELEVATED","findings":[{"type":"command_injection","detail":"Potential command injection: shell execution with template literal input","severity":"high","recommendation":"Sanitise all inputs to shell commands or use parameterised alternatives"},{"type":"unsafe_eval","detail":"Uses eval() with dynamic input","severity":"high","recommendation":"Avoid eval with variables. Use JSON.parse or structured dispatch instead."}],"affected_servers":[],"verdict":"warn","severity":"high","summary":"sverklo updated from 0.12.5 to 0.16.0. Score changed 80/100 to 60/100 (-20). Risk: MODERATE to ELEVATED. 2 findings.","detected_at":"2026-04-25T19:56:12.587+00:00","published_at":"2026-04-25T19:56:12.67491+00:00"},{"id":"AGENTSCORE-2026-0014","package":"aidex-mcp","old_version":"1.17.1","new_version":"1.18.0","old_score":70,"new_score":60,"old_risk":"MODERATE","new_risk":"ELEVATED","findings":[{"type":"install_script","detail":"Package has 'postinstall' script: node scripts/postinstall.mjs","severity":"low","recommendation":"Install script detected but contains no obvious network calls"},{"type":"excessive_dependencies","detail":"Package has 21 runtime dependencies (high attack surface)","severity":"medium","recommendation":"Prefer packages with fewer dependencies"},{"type":"command_injection","detail":"Potential command injection: shell execution with template literal input","severity":"high","recommendation":"Sanitise all inputs to shell commands or use parameterised alternatives"},{"type":"no_provenance","detail":"Package is not published with provenance attestations or trusted publishing. Published by: uchalas","severity":"low","recommendation":"Enable npm provenance via GitHub Actions to provide a verifiable build-to-publish chain"}],"affected_servers":[],"verdict":"warn","severity":"high","summary":"aidex-mcp updated from 1.17.1 to 1.18.0. Score changed 70/100 to 60/100 (-10). Risk: MODERATE to ELEVATED. 4 findings.","detected_at":"2026-04-25T15:04:13.212+00:00","published_at":"2026-04-25T15:04:13.359604+00:00"},{"id":"AGENTSCORE-2026-0013","package":"vaultpilot-mcp","old_version":"0.7.0","new_version":"0.8.0","old_score":95,"new_score":85,"old_risk":"LOW","new_risk":"LOW","findings":[{"type":"install_script","detail":"Package has 'postinstall' script: patch-package","severity":"low","recommendation":"Install script detected but contains no obvious network calls"},{"type":"excessive_dependencies","detail":"Package has 21 runtime dependencies (high attack surface)","severity":"medium","recommendation":"Prefer packages with fewer dependencies"}],"affected_servers":[],"verdict":"allow","severity":"low","summary":"vaultpilot-mcp updated from 0.7.0 to 0.8.0. Score changed 95/100 to 85/100 (-10). Risk: LOW to LOW. 2 findings.","detected_at":"2026-04-25T14:32:10.586+00:00","published_at":"2026-04-25T14:32:10.696297+00:00"},{"id":"AGENTSCORE-2026-0012","package":"fa-mcp-sdk","old_version":null,"new_version":"0.4.71","old_score":null,"new_score":30,"old_risk":null,"new_risk":"HIGH","findings":[{"type":"hardcoded_secret","detail":"OpenAI/LiteLLM API key in package/config/local.yaml","severity":"critical","recommendation":"Do not install. Rotate the key."},{"type":"hardcoded_secret","detail":"Active Directory service-account password in package/config/local.yaml (two production domains)","severity":"critical","recommendation":"Do not install. Rotate the credential."},{"type":"hardcoded_secret","detail":"Consul ACL tokens for dev and prod in package/config/local.yaml","severity":"critical","recommendation":"Do not install. Rotate the tokens."},{"type":"hardcoded_secret","detail":"Postgres superuser password in package/config/local.yaml","severity":"critical","recommendation":"Do not install. Rotate the password."},{"type":"hardcoded_secret","detail":"JWT encryption key in package/config/local.yaml","severity":"high","recommendation":"Do not install. Rotate the key."}],"affected_servers":[],"verdict":"block","severity":"critical","summary":"Production credentials embedded in published npm tarball at package/config/local.yaml. Affected versions: 0.4.57 through 0.4.71 inclusive (latest at time of advisory). Six versions republished after private disclosure with the same file intact. The published file contains an OpenAI/LiteLLM API key, Active Directory service-account credentials for two production domains, Consul ACL tokens for dev and prod environments, a Postgres superuser password, and a JWT encryption key. Anyone running npm install fa-mcp-sdk or npx -y fa-mcp-sdk receives these values. The package is distributed as an MCP SDK, meaning agent-framework tooling typically pulls it without manual review. AgentScore disclosed privately to the maintainer on April 19, 20, and 22, 2026, and escalated to security@npmjs.com on April 22 after five new versions shipped without addressing the issue. Maintainer published a sanitized template at package/config/_local.yaml but never removed the original local.yaml. Recommendation: do not install. Rotate any credentials matching the maintainer organization that may have been pulled. CWE-798 (use of hard-coded credentials), CWE-540 (inclusion of sensitive information in source code).\n\nReferences:\n- Public disclosure on Dev.to: https://dev.to/michael_onyekwere/continuous-monitoring-caught-a-credential-leak-in-a-published-mcp-package-six-republishes-later-3app\n- Public class-level GitHub issue: https://github.com/Bazilio-san/fa-mcp-sdk/issues/3\n- Scan report: https://agentscores.xyz/report/fa-mcp-sdk\n- Disclosure timeline (this advisory): https://agentscores.xyz/security/advisories","detected_at":"2026-04-19T10:00:00+00:00","published_at":"2026-04-25T06:27:40.694+00:00"},{"id":"AGENTSCORE-2026-0011","package":"semiotic","old_version":"3.4.0","new_version":"3.4.1","old_score":100,"new_score":90,"old_risk":"LOW","new_risk":"LOW","findings":[{"type":"excessive_dependencies","detail":"Package has 21 runtime dependencies (high attack surface)","severity":"medium","recommendation":"Prefer packages with fewer dependencies"}],"affected_servers":[],"verdict":"allow","severity":"low","summary":"semiotic updated from 3.4.0 to 3.4.1. Score changed 100/100 to 90/100 (-10). Risk: LOW to LOW. 1 finding.","detected_at":"2026-04-23T15:38:11.355+00:00","published_at":"2026-04-23T15:38:11.42137+00:00"},{"id":"AGENTSCORE-2026-0010","package":"memorix","old_version":"1.0.7","new_version":"1.0.8","old_score":90,"new_score":80,"old_risk":"LOW","new_risk":"MODERATE","findings":[{"type":"excessive_dependencies","detail":"Package has 22 runtime dependencies (high attack surface)","severity":"medium","recommendation":"Prefer packages with fewer dependencies"},{"type":"unsafe_eval","detail":"Uses eval() with dynamic input (downgraded — mitigators detected in scope: test_fixture:test()","severity":"low","recommendation":"Avoid eval with variables. Use JSON.parse or structured dispatch instead.","mitigators_detected":["test("],"mitigation_categories":["test_fixture"],"severity_downgraded_from":"high"},{"type":"no_provenance","detail":"Package is not published with provenance attestations or trusted publishing. Published by: avids2","severity":"low","recommendation":"Enable npm provenance via GitHub Actions to provide a verifiable build-to-publish chain"}],"affected_servers":[],"verdict":"allow","severity":"low","summary":"memorix updated from 1.0.7 to 1.0.8. Score changed 90/100 to 80/100 (-10). Risk: LOW to MODERATE. 3 findings.","detected_at":"2026-04-23T15:04:13.321+00:00","published_at":"2026-04-23T15:04:13.451895+00:00"},{"id":"AGENTSCORE-2026-0009","package":"openchrome-mcp","old_version":"1.10.0","new_version":"1.10.1","old_score":95,"new_score":75,"old_risk":"LOW","new_risk":"MODERATE","findings":[{"type":"command_injection","detail":"Potential command injection: shell execution with template literal input","severity":"high","recommendation":"Sanitise all inputs to shell commands or use parameterised alternatives"},{"type":"no_provenance","detail":"Package is not published with provenance attestations or trusted publishing. Published by: shaun0927","severity":"low","recommendation":"Enable npm provenance via GitHub Actions to provide a verifiable build-to-publish chain"}],"affected_servers":[],"verdict":"warn","severity":"high","summary":"openchrome-mcp updated from 1.10.0 to 1.10.1. Score changed 95/100 to 75/100 (-20). Risk: LOW to MODERATE. 2 findings.","detected_at":"2026-04-23T01:38:09.97+00:00","published_at":"2026-04-23T01:38:10.041972+00:00"},{"id":"AGENTSCORE-2026-0008","package":"idea-manager","old_version":"2.4.5","new_version":"2.5.2","old_score":80,"new_score":60,"old_risk":"MODERATE","new_risk":"ELEVATED","findings":[{"type":"install_script","detail":"Package has 'postinstall' script: node bin/postinstall.js","severity":"low","recommendation":"Install script detected but contains no obvious network calls"},{"type":"excessive_dependencies","detail":"Package has 26 runtime dependencies (high attack surface)","severity":"medium","recommendation":"Prefer packages with fewer dependencies"},{"type":"command_injection","detail":"Potential command injection: shell execution with template literal input","severity":"high","recommendation":"Sanitise all inputs to shell commands or use parameterised alternatives"},{"type":"no_provenance","detail":"Package is not published with provenance attestations or trusted publishing. Published by: navskh","severity":"low","recommendation":"Enable npm provenance via GitHub Actions to provide a verifiable build-to-publish chain"}],"affected_servers":[],"verdict":"warn","severity":"high","summary":"idea-manager updated from 2.4.5 to 2.5.2. Score changed 80/100 to 60/100 (-20). Risk: MODERATE to ELEVATED. 4 findings.","detected_at":"2026-04-22T05:24:12.417+00:00","published_at":"2026-04-22T05:24:12.489471+00:00"},{"id":"AGENTSCORE-2026-0007","package":"@planu/cli","old_version":"1.83.0","new_version":"1.84.0","old_score":85,"new_score":65,"old_risk":"LOW","new_risk":"ELEVATED","findings":[{"type":"no_repository","detail":"Package has no repository link — source code is not verifiable","severity":"medium","recommendation":"Prefer packages with public source repositories"},{"type":"command_injection","detail":"Potential command injection: shell execution with template literal input","severity":"high","recommendation":"Sanitise all inputs to shell commands or use parameterised alternatives"},{"type":"no_provenance","detail":"Package is not published with provenance attestations or trusted publishing. Published by: planudev","severity":"low","recommendation":"Enable npm provenance via GitHub Actions to provide a verifiable build-to-publish chain"}],"affected_servers":[],"verdict":"warn","severity":"high","summary":"@planu/cli updated from 1.83.0 to 1.84.0. Score changed 85/100 to 65/100 (-20). Risk: LOW to ELEVATED. 3 findings.","detected_at":"2026-04-22T04:16:10.453+00:00","published_at":"2026-04-22T04:16:10.534747+00:00"},{"id":"AGENTSCORE-2026-0006","package":"vexp-cli","old_version":"2.0.11","new_version":"2.0.12","old_score":85,"new_score":65,"old_risk":"LOW","new_risk":"ELEVATED","findings":[{"type":"no_repository","detail":"Package has no repository link — source code is not verifiable","severity":"medium","recommendation":"Prefer packages with public source repositories"},{"type":"command_injection","detail":"Potential command injection: shell execution with template literal input","severity":"high","recommendation":"Sanitise all inputs to shell commands or use parameterised alternatives"},{"type":"no_provenance","detail":"Package is not published with provenance attestations or trusted publishing. Published by: vexp","severity":"low","recommendation":"Enable npm provenance via GitHub Actions to provide a verifiable build-to-publish chain"}],"affected_servers":[],"verdict":"warn","severity":"high","summary":"vexp-cli updated from 2.0.11 to 2.0.12. Score changed 85/100 to 65/100 (-20). Risk: LOW to ELEVATED. 3 findings.","detected_at":"2026-04-18T19:36:08.201+00:00","published_at":"2026-04-18T19:36:08.267218+00:00"},{"id":"AGENTSCORE-2026-0005","package":"@planu/cli","old_version":"1.68.0","new_version":"1.69.0","old_score":85,"new_score":65,"old_risk":"LOW","new_risk":"ELEVATED","findings":[{"type":"no_repository","detail":"Package has no repository link — source code is not verifiable","severity":"medium","recommendation":"Prefer packages with public source repositories"},{"type":"command_injection","detail":"Potential command injection: shell execution with template literal input","severity":"high","recommendation":"Sanitise all inputs to shell commands or use parameterised alternatives"},{"type":"no_provenance","detail":"Package is not published with provenance attestations or trusted publishing. Published by: planudev","severity":"low","recommendation":"Enable npm provenance via GitHub Actions to provide a verifiable build-to-publish chain"}],"affected_servers":[],"verdict":"warn","severity":"high","summary":"@planu/cli updated from 1.68.0 to 1.69.0. Score changed 85/100 to 65/100 (-20). Risk: LOW to ELEVATED. 3 findings.","detected_at":"2026-04-17T19:42:10.031+00:00","published_at":"2026-04-17T19:42:10.301235+00:00"},{"id":"AGENTSCORE-2026-0004","package":"@opentabs-dev/mcp-server","old_version":"0.0.94","new_version":"0.0.95","old_score":85,"new_score":65,"old_risk":"LOW","new_risk":"ELEVATED","findings":[{"type":"no_repository","detail":"Package has no repository link — source code is not verifiable","severity":"medium","recommendation":"Prefer packages with public source repositories"},{"type":"command_injection","detail":"Potential command injection: shell execution with template literal input","severity":"high","recommendation":"Sanitise all inputs to shell commands or use parameterised alternatives"},{"type":"no_provenance","detail":"Package is not published with provenance attestations or trusted publishing. Published by: opentabs-dev-admin","severity":"low","recommendation":"Enable npm provenance via GitHub Actions to provide a verifiable build-to-publish chain"}],"affected_servers":["@opentabs-dev/cli"],"verdict":"warn","severity":"high","summary":"@opentabs-dev/mcp-server updated from 0.0.94 to 0.0.95. Score changed 85/100 to 65/100 (-20). Risk: LOW to ELEVATED. 3 findings.","detected_at":"2026-04-13T14:04:09.176+00:00","published_at":"2026-04-13T14:04:09.281636+00:00"},{"id":"AGENTSCORE-2026-0003","package":"local-mcp","old_version":"3.0.49","new_version":"3.0.50","old_score":90,"new_score":70,"old_risk":"LOW","new_risk":"MODERATE","findings":[{"type":"install_script","detail":"Package has 'postinstall' script: node postinstall.js","severity":"low","recommendation":"Install script detected but contains no obvious network calls"},{"type":"command_injection","detail":"Potential command injection: shell execution with template literal input","severity":"high","recommendation":"Sanitise all inputs to shell commands or use parameterised alternatives"},{"type":"no_provenance","detail":"Package is not published with provenance attestations or trusted publishing. Published by: lanchuske","severity":"low","recommendation":"Enable npm provenance via GitHub Actions to provide a verifiable build-to-publish chain"}],"affected_servers":[],"verdict":"warn","severity":"high","summary":"local-mcp updated from 3.0.49 to 3.0.50. Score changed 90/100 to 70/100 (-20). Risk: LOW to MODERATE. 3 findings.","detected_at":"2026-04-11T17:42:08.145+00:00","published_at":"2026-04-11T17:42:08.408468+00:00"},{"id":"AGENTSCORE-2026-0002","package":"agent-recall-mcp","old_version":"3.3.3","new_version":"3.3.4","old_score":95,"new_score":85,"old_risk":"LOW","new_risk":"LOW","findings":[{"type":"no_repository","detail":"Package has no repository link — source code is not verifiable","severity":"medium","recommendation":"Prefer packages with public source repositories"},{"type":"no_provenance","detail":"Package is not published with provenance attestations or trusted publishing. Published by: tw260","severity":"low","recommendation":"Enable npm provenance via GitHub Actions to provide a verifiable build-to-publish chain"}],"affected_servers":[],"verdict":"allow","severity":"low","summary":"agent-recall-mcp updated from 3.3.3 to 3.3.4. Score changed 95/100 to 85/100 (-10). Risk: LOW to LOW. 2 findings.","detected_at":"2026-04-10T08:38:08.148+00:00","published_at":"2026-04-10T08:38:08.213009+00:00"},{"id":"AGENTSCORE-2026-0001","package":"@agenttrust/mcp-server","old_version":"1.1.1","new_version":"1.2.0","old_score":95,"new_score":85,"old_risk":"LOW","new_risk":"LOW","findings":[{"type":"no_repository","detail":"Package has no repository link — source code is not verifiable","severity":"medium","recommendation":"Prefer packages with public source repositories"},{"type":"no_provenance","detail":"Package is not published with provenance attestations or trusted publishing. Published by: agenttrust","severity":"low","recommendation":"Enable npm provenance via GitHub Actions to provide a verifiable build-to-publish chain"}],"affected_servers":[],"verdict":"allow","severity":"low","summary":"@agenttrust/mcp-server updated from 1.1.1 to 1.2.0. Score changed 95/100 to 85/100 (-10). Risk: LOW to LOW. 2 findings.","detected_at":"2026-04-09T21:28:10.265+00:00","published_at":"2026-04-09T21:28:10.349909+00:00"}],"total":41,"feed_url":"https://agentscores.xyz/security/advisories/rss.xml"}