AGENTSCORE-2026-0029
MCP package: cursor-memory
Published 5/8/2026 · 1.0.3 → 1.0.4
cursor-memory updated from 1.0.3 to 1.0.4. Score changed 85/100 to 80/100 (-5). Risk: LOW to MODERATE. 4 findings.
85 → 80
Score
LOW → MODERATE
Risk
ALLOW
Verdict
Findings
- low install_script: Package has 'postinstall' script: node scripts/postinstall.cjs
- low install_script: Package has 'preinstall' script: node scripts/preinstall.cjs
- low command_injection: Potential command injection: shell execution with template literal input (downgraded — mitigators detected in scope: sanitizer:.exec("CREATE, sanitizer:db.exec()
- low no_provenance: Package is not published with provenance attestations or trusted publishing. Published by: tranhuucanh39