AGENTSCORE-2026-0058
MCP package: vidlens-mcp
Published 5/28/2026 · 1.2.9 → 1.3.0
vidlens-mcp updated from 1.2.9 to 1.3.0. Score changed 75/100 to 55/100 (-20). Risk: MODERATE to ELEVATED. 3 findings.
75 → 55
Score
MODERATE → ELEVATED
Risk
WARN
Verdict
Findings
- high install_script: Package has 'postinstall' script: node -e "console.log('\nVidLens MCP installed. From a checkout run: npm run setup. For the global command run: npm install -g .\n')"
- high command_injection: Potential command injection: shell execution with template literal input
- low no_provenance: Package is not published with provenance attestations or trusted publishing. Published by: thatsrajan