high

AGENTSCORE-2026-0071

Name: AgentScore MCP Package Security Scan Dataset
Creator: AgentScore

Published 6/27/2026 · 0.4.10 → 0.5.0

slashvibe-mcp updated from 0.4.10 to 0.5.0. Score changed 90/100 to 65/100 (-25). Risk: LOW to ELEVATED. 3 findings.

90 → 65

Score

LOW → ELEVATED

Risk

WARN

Verdict

Findings

medium hardcoded_secret: Hardcoded secret found (AWS key, OpenAI key, GitHub token, or npm token) (downgraded — mitigators detected in scope: test_fixture:// TEST, test_fixture:abcdef)
high command_injection: Potential command injection: shell execution with template literal input
low no_provenance: Package is not published with provenance attestations or trusted publishing. Published by: brightseth