AGENTSCORE-2026-0048
MCP package: @mcp-guardian/server
Published 5/20/2026 · 2.4.1 → 2.9.0
@mcp-guardian/server updated from 2.4.1 to 2.9.0. Score changed 85/100 to 55/100 (-30). Risk: LOW to ELEVATED. 5 findings.
85 → 55
Score
LOW → ELEVATED
Risk
WARN
Verdict
Findings
- low install_script: Package has 'postinstall' script: node scripts/postinstall-windows.cjs
- medium excessive_dependencies: Package has 27 runtime dependencies (high attack surface)
- high command_injection: Potential command injection: shell execution with template literal input
- low unsafe_eval: Uses eval() with dynamic input (downgraded — mitigators detected in scope: test_fixture:.test.ts, documentation_context:```bash )
- low no_provenance: Package is not published with provenance attestations or trusted publishing. Published by: rudraneel93