high

AGENTSCORE-2026-0046

Name: AgentScore MCP Package Security Scan Dataset
Creator: AgentScore

MCP package: mneme-ai

Published 5/19/2026 · 2.12.0 → 2.19.75

mneme-ai updated from 2.12.0 to 2.19.75. Score changed 90/100 to 50/100 (-40). Risk: LOW to ELEVATED. 4 findings.

90 → 50

Score

LOW → ELEVATED

Risk

WARN

Verdict

Findings

low install_script: Package has 'postinstall' script: node bin/postinstall-mneme-lite.cjs
high install_script: Package has 'preinstall' script: node -e "try{const fs=require('node:fs');const path=require('node:path');const os=require('node:os');const{spawnSync}=require('node:child_process');const crypto=require('node:crypto');const w=process.
high command_injection: Potential command injection: shell execution with template literal input
low no_provenance: Package is not published with provenance attestations or trusted publishing. Published by: mneme_npm