AGENTSCORE-2026-0003
MCP package: local-mcp
Published 4/11/2026 · 3.0.49 → 3.0.50
local-mcp updated from 3.0.49 to 3.0.50. Score changed 90/100 to 70/100 (-20). Risk: LOW to MODERATE. 3 findings.
90 → 70
Score
LOW → MODERATE
Risk
WARN
Verdict
Findings
- low install_script: Package has 'postinstall' script: node postinstall.js
- high command_injection: Potential command injection: shell execution with template literal input
- low no_provenance: Package is not published with provenance attestations or trusted publishing. Published by: lanchuske