📦
Historique des audits
nextjs-devtools - 4 audits
Version de l’audit 4
Dernier Risque faibleJan 21, 2026, 04:18 PM
Legitimate Next.js development tooling. Static analyzer flagged Python f-strings as cryptographic patterns and subprocess.Popen as dangerous. These are false positives. The skill spawns a trusted MCP server package for Next.js inspection utilities.
4
Fichiers analysés
1,412
Lignes analysées
5
résultats
claude
Audité par
Problèmes à risque faible (2)
External command execution
The skill spawns the Next.js devtools MCP server process using subprocess.Popen and npx. This is legitimate behavior for an MCP client skill, spawning trusted npm package 'next-devtools-mcp@latest'. Arguments come from skill configuration, not user input.
HTTP network access
The MCP client uses urllib for HTTP transport to communicate with MCP servers. This is standard MCP protocol behavior and expected for skills that use HTTP transport.
Facteurs de risque
⚙️ Commandes externes (2)
🌐 Accès réseau (2)
📁 Accès au système de fichiers (1)
Version de l’audit 3
Risque moyenJan 16, 2026, 12:50 PM
AI analysis failed after multiple attempts - MANUAL REVIEW REQUIRED before publishing. This skill cannot be auto-published until reviewed by a human.
4
Fichiers analysés
859
Lignes analysées
3
résultats
claude
Audité par
Aucun problème de sécurité trouvé
Facteurs de risque
⚙️ Commandes externes (30)
scripts/mcp-client.py:191 scripts/mcp-client.py:204 scripts/mcp-client.py:348 scripts/mcp-client.py:371 scripts/mcp-client.py:371 scripts/mcp-client.py:377-379 scripts/start-server.sh:1 skill-report.json:82 skill-report.json:82 skill-report.json:82 skill-report.json:82-95 SKILL.md:15-23 SKILL.md:23-29 SKILL.md:29-30 SKILL.md:30-31 SKILL.md:31-32 SKILL.md:32-33 SKILL.md:33-39 SKILL.md:39-50 SKILL.md:50-54 SKILL.md:54-64 SKILL.md:64-68 SKILL.md:68-72 SKILL.md:72-80 SKILL.md:80-84 SKILL.md:84-88 SKILL.md:88-90 SKILL.md:90-94 SKILL.md:94-100 SKILL.md:100-102
🌐 Accès réseau (13)
scripts/mcp-client.py:146 scripts/mcp-client.py:271 scripts/mcp-client.py:314 scripts/mcp-client.py:323 scripts/mcp-client.py:328 scripts/mcp-client.py:333 scripts/mcp-client.py:33 scripts/mcp-client.py:10 scripts/mcp-client.py:16 scripts/mcp-client.py:20 scripts/mcp-client.py:23 scripts/start-server.sh:10 skill-report.json:6
📁 Accès au système de fichiers (1)
Motifs détectés
Python subprocess.PopenRuby/shell backtick executionHTTP client libraryPython HTTP librariesHardcoded URLWeak cryptographic algorithmSystem reconnaissanceUnix shell invocationHidden file access
Version de l’audit 2
Risque moyenJan 16, 2026, 12:50 PM
AI analysis failed after multiple attempts - MANUAL REVIEW REQUIRED before publishing. This skill cannot be auto-published until reviewed by a human.
4
Fichiers analysés
859
Lignes analysées
3
résultats
claude
Audité par
Aucun problème de sécurité trouvé
Facteurs de risque
⚙️ Commandes externes (30)
scripts/mcp-client.py:191 scripts/mcp-client.py:204 scripts/mcp-client.py:348 scripts/mcp-client.py:371 scripts/mcp-client.py:371 scripts/mcp-client.py:377-379 scripts/start-server.sh:1 skill-report.json:82 skill-report.json:82 skill-report.json:82 skill-report.json:82-95 SKILL.md:15-23 SKILL.md:23-29 SKILL.md:29-30 SKILL.md:30-31 SKILL.md:31-32 SKILL.md:32-33 SKILL.md:33-39 SKILL.md:39-50 SKILL.md:50-54 SKILL.md:54-64 SKILL.md:64-68 SKILL.md:68-72 SKILL.md:72-80 SKILL.md:80-84 SKILL.md:84-88 SKILL.md:88-90 SKILL.md:90-94 SKILL.md:94-100 SKILL.md:100-102
🌐 Accès réseau (13)
scripts/mcp-client.py:146 scripts/mcp-client.py:271 scripts/mcp-client.py:314 scripts/mcp-client.py:323 scripts/mcp-client.py:328 scripts/mcp-client.py:333 scripts/mcp-client.py:33 scripts/mcp-client.py:10 scripts/mcp-client.py:16 scripts/mcp-client.py:20 scripts/mcp-client.py:23 scripts/start-server.sh:10 skill-report.json:6
📁 Accès au système de fichiers (1)
Motifs détectés
Python subprocess.PopenRuby/shell backtick executionHTTP client libraryPython HTTP librariesHardcoded URLWeak cryptographic algorithmSystem reconnaissanceUnix shell invocationHidden file access
Version de l’audit 1
Risque moyenJan 10, 2026, 09:36 AM
This skill provides Next.js development tooling through an MCP client that connects to the next-devtools-mcp server. It includes a generic MCP client script capable of executing user-provided commands via subprocess and shell, which is necessary for MCP functionality but introduces execution risk. All capabilities align with the stated purpose of Next.js development tooling.
3
Fichiers analysés
605
Lignes analysées
5
résultats
claude
Audité par
Problèmes à risque moyen (1)
Subprocess shell execution with user-provided commands
The StdioTransport class in mcp-client.py uses subprocess.Popen with shell=True to execute commands (line 204-212). The command is passed via the --stdio/-s CLI argument. While this is necessary for MCP stdio transport functionality, shell=True can enable command injection if input is not properly validated. An attacker who controls the command argument could execute arbitrary shell commands.
Relevant code:
```python
self._process = subprocess.Popen(
self.command,
shell=True,
stdin=subprocess.PIPE,
stdout=subprocess.PIPE,
stderr=subprocess.PIPE,
text=True,
bufsize=1
)
```
Problèmes à risque faible (1)
Downloads and executes npm package at runtime
The start-server.sh script executes `npx next-devtools-mcp@latest` which downloads and runs an external npm package. While this is expected behavior for MCP tooling, it involves dynamic code execution from npm registry without integrity verification. Users should only install trusted packages.