AgentScore is for sale. View the assets and acquisition details →
low

AGENTSCORE-2026-0072

MCP package: @firfi/huly-mcp

Published 6/30/2026 · 0.44.00.44.3

@firfi/huly-mcp updated from 0.44.0 to 0.44.3. Score changed 90/100 to 80/100 (-10). Risk: LOW to MODERATE. 3 findings.

9080
Score
LOWMODERATE
Risk
ALLOW
Verdict

Findings

  • medium excessive_dependencies: Package has 21 runtime dependencies (high attack surface)
  • low command_injection: Potential command injection: shell execution with template literal input (downgraded — mitigators detected in scope: sanitizer:.exec(` PRAGMA, sanitizer:db.exec()
  • low no_provenance: Package is not published with provenance attestations or trusted publishing. Published by: firfi