high

AGENTSCORE-2026-0068

Name: AgentScore MCP Package Security Scan Dataset
Creator: AgentScore

Published 6/22/2026 · 0.3.2 → 0.3.4

@unerr-ai/unerr updated from 0.3.2 to 0.3.4. Score changed 65/100 to 60/100 (-5). Risk: ELEVATED to ELEVATED. 4 findings.

65 → 60

Score

ELEVATED → ELEVATED

Risk

WARN

Verdict

Findings

low install_script: Package has 'postinstall' script: test -d vendor/contracts/src && NODE_AUTH_TOKEN=${NODE_AUTH_TOKEN:-} pnpm -C vendor/contracts install --ignore-workspace --prefer-offline && NODE_AUTH_TOKEN=${NODE_AUTH_TOKEN:-} pnpm -C vendor/contrac
medium excessive_dependencies: Package has 40 runtime dependencies (high attack surface)
high command_injection: Potential command injection: shell execution with template literal input
low no_provenance: Package is not published with provenance attestations or trusted publishing. Published by: jaswanth-unerr