📦
История аудитов
nextjs-devtools - 4 аудиты
Версия аудита 4
Последняя Низкий рискJan 21, 2026, 04:18 PM
Legitimate Next.js development tooling. Static analyzer flagged Python f-strings as cryptographic patterns and subprocess.Popen as dangerous. These are false positives. The skill spawns a trusted MCP server package for Next.js inspection utilities.
4
Просканировано файлов
1,412
Проанализировано строк
5
находки
claude
Проверено
Проблемы низкого риска (2)
External command execution
The skill spawns the Next.js devtools MCP server process using subprocess.Popen and npx. This is legitimate behavior for an MCP client skill, spawning trusted npm package 'next-devtools-mcp@latest'. Arguments come from skill configuration, not user input.
HTTP network access
The MCP client uses urllib for HTTP transport to communicate with MCP servers. This is standard MCP protocol behavior and expected for skills that use HTTP transport.
Факторы риска
⚙️ Внешние команды (2)
🌐 Доступ к сети (2)
📁 Доступ к файловой системе (1)
Версия аудита 3
Средний рискJan 16, 2026, 12:50 PM
AI analysis failed after multiple attempts - MANUAL REVIEW REQUIRED before publishing. This skill cannot be auto-published until reviewed by a human.
4
Просканировано файлов
859
Проанализировано строк
3
находки
claude
Проверено
Проблем безопасности не найдено
Факторы риска
⚙️ Внешние команды (30)
scripts/mcp-client.py:191 scripts/mcp-client.py:204 scripts/mcp-client.py:348 scripts/mcp-client.py:371 scripts/mcp-client.py:371 scripts/mcp-client.py:377-379 scripts/start-server.sh:1 skill-report.json:82 skill-report.json:82 skill-report.json:82 skill-report.json:82-95 SKILL.md:15-23 SKILL.md:23-29 SKILL.md:29-30 SKILL.md:30-31 SKILL.md:31-32 SKILL.md:32-33 SKILL.md:33-39 SKILL.md:39-50 SKILL.md:50-54 SKILL.md:54-64 SKILL.md:64-68 SKILL.md:68-72 SKILL.md:72-80 SKILL.md:80-84 SKILL.md:84-88 SKILL.md:88-90 SKILL.md:90-94 SKILL.md:94-100 SKILL.md:100-102
🌐 Доступ к сети (13)
scripts/mcp-client.py:146 scripts/mcp-client.py:271 scripts/mcp-client.py:314 scripts/mcp-client.py:323 scripts/mcp-client.py:328 scripts/mcp-client.py:333 scripts/mcp-client.py:33 scripts/mcp-client.py:10 scripts/mcp-client.py:16 scripts/mcp-client.py:20 scripts/mcp-client.py:23 scripts/start-server.sh:10 skill-report.json:6
📁 Доступ к файловой системе (1)
Обнаруженные паттерны
Python subprocess.PopenRuby/shell backtick executionHTTP client libraryPython HTTP librariesHardcoded URLWeak cryptographic algorithmSystem reconnaissanceUnix shell invocationHidden file access
Версия аудита 2
Средний рискJan 16, 2026, 12:50 PM
AI analysis failed after multiple attempts - MANUAL REVIEW REQUIRED before publishing. This skill cannot be auto-published until reviewed by a human.
4
Просканировано файлов
859
Проанализировано строк
3
находки
claude
Проверено
Проблем безопасности не найдено
Факторы риска
⚙️ Внешние команды (30)
scripts/mcp-client.py:191 scripts/mcp-client.py:204 scripts/mcp-client.py:348 scripts/mcp-client.py:371 scripts/mcp-client.py:371 scripts/mcp-client.py:377-379 scripts/start-server.sh:1 skill-report.json:82 skill-report.json:82 skill-report.json:82 skill-report.json:82-95 SKILL.md:15-23 SKILL.md:23-29 SKILL.md:29-30 SKILL.md:30-31 SKILL.md:31-32 SKILL.md:32-33 SKILL.md:33-39 SKILL.md:39-50 SKILL.md:50-54 SKILL.md:54-64 SKILL.md:64-68 SKILL.md:68-72 SKILL.md:72-80 SKILL.md:80-84 SKILL.md:84-88 SKILL.md:88-90 SKILL.md:90-94 SKILL.md:94-100 SKILL.md:100-102
🌐 Доступ к сети (13)
scripts/mcp-client.py:146 scripts/mcp-client.py:271 scripts/mcp-client.py:314 scripts/mcp-client.py:323 scripts/mcp-client.py:328 scripts/mcp-client.py:333 scripts/mcp-client.py:33 scripts/mcp-client.py:10 scripts/mcp-client.py:16 scripts/mcp-client.py:20 scripts/mcp-client.py:23 scripts/start-server.sh:10 skill-report.json:6
📁 Доступ к файловой системе (1)
Обнаруженные паттерны
Python subprocess.PopenRuby/shell backtick executionHTTP client libraryPython HTTP librariesHardcoded URLWeak cryptographic algorithmSystem reconnaissanceUnix shell invocationHidden file access
Версия аудита 1
Средний рискJan 10, 2026, 09:36 AM
This skill provides Next.js development tooling through an MCP client that connects to the next-devtools-mcp server. It includes a generic MCP client script capable of executing user-provided commands via subprocess and shell, which is necessary for MCP functionality but introduces execution risk. All capabilities align with the stated purpose of Next.js development tooling.
3
Просканировано файлов
605
Проанализировано строк
5
находки
claude
Проверено
Проблемы среднего риска (1)
Subprocess shell execution with user-provided commands
The StdioTransport class in mcp-client.py uses subprocess.Popen with shell=True to execute commands (line 204-212). The command is passed via the --stdio/-s CLI argument. While this is necessary for MCP stdio transport functionality, shell=True can enable command injection if input is not properly validated. An attacker who controls the command argument could execute arbitrary shell commands.
Relevant code:
```python
self._process = subprocess.Popen(
self.command,
shell=True,
stdin=subprocess.PIPE,
stdout=subprocess.PIPE,
stderr=subprocess.PIPE,
text=True,
bufsize=1
)
```
Проблемы низкого риска (1)
Downloads and executes npm package at runtime
The start-server.sh script executes `npx next-devtools-mcp@latest` which downloads and runs an external npm package. While this is expected behavior for MCP tooling, it involves dynamic code execution from npm registry without integrity verification. Users should only install trusted packages.