AGENTSCORE-2026-0026
MCP package: codeslick-cli
Published 5/6/2026 · 1.5.12 → 1.6.0
codeslick-cli updated from 1.5.12 to 1.6.0. Score changed 85/100 to 80/100 (-5). Risk: LOW to MODERATE. 4 findings.
85 → 80
Score
LOW → MODERATE
Risk
ALLOW
Verdict
Findings
- low install_script: Package has 'postinstall' script: node postinstall.js
- low command_injection: Potential command injection: shell execution with template literal input (downgraded — mitigators detected in scope: sanitizer:sanitize, sanitizer:execFile)
- low unsafe_eval: Uses eval() with dynamic input (downgraded — mitigators detected in scope: sanitizer:execFile)
- low no_provenance: Package is not published with provenance attestations or trusted publishing. Published by: vitorlourenco