История аудитов - fetching-library-docs

Версия аудита 5

Последняя Безопасно

Jan 16, 2026, 06:26 PM

All 236 static findings are false positives. The scanner misinterpreted documentation code examples as executing code, hash symbols as cryptographic algorithms, and legitimate MCP infrastructure code as dangerous patterns. The skill is a benign documentation fetcher that uses hardcoded commands to communicate with known MCP servers.

12

Просканировано файлов

1,722

Проанализировано строк

1

находки

claude

Проверено

Проблем безопасности не найдено

Факторы риска

⚡ Содержит скрипты (3)

scripts/fetch-docs.sh:1-207 scripts/fetch-raw.sh:1-38 scripts/mcp-client.py:1-490

Версия аудита 4

Безопасно

Jan 16, 2026, 06:26 PM

All 236 static findings are false positives. The scanner misinterpreted documentation code examples as executing code, hash symbols as cryptographic algorithms, and legitimate MCP infrastructure code as dangerous patterns. The skill is a benign documentation fetcher that uses hardcoded commands to communicate with known MCP servers.

12

Просканировано файлов

1,722

Проанализировано строк

1

находки

claude

Проверено

Проблем безопасности не найдено

Факторы риска

⚡ Содержит скрипты (3)

scripts/fetch-docs.sh:1-207 scripts/fetch-raw.sh:1-38 scripts/mcp-client.py:1-490

Версия аудита 3

Низкий риск

Jan 10, 2026, 10:37 AM

Legitimate documentation fetcher using Context7 MCP. Contains shell scripts and subprocess execution for MCP server communication. Minor concerns around library name handling in shell commands but purpose matches behavior. No credential or sensitive data access attempts.

11

Просканировано файлов

1,363

Проанализировано строк

6

находки

claude

Проверено

Проблемы среднего риска (1)

scripts/fetch-docs.sh:93-96

Shell injection via library name parameter

Library name is passed to subprocess without full sanitization in fetch-docs.sh line 93-96. The command constructs a JSON payload with the library name embedded in a shell-executed string. While basic escaping is present, a specially crafted library name could potentially inject shell commands. The vulnerable pattern: python3 "$SCRIPT_DIR/mcp-client.py" call -s "npx -y @upstash/context7-mcp" -t resolve-library-id -p "{\"libraryName\": \"$LIBRARY_NAME\"}"

Проблемы низкого риска (2)

scripts/mcp-client.py:204-212

Subprocess with shell=True for stdio transport

mcp-client.py uses subprocess.Popen with shell=True for stdio transport at line 204. This is standard for MCP servers but creates an attack surface. The shell=True flag allows command injection if input is not properly sanitized. Code: self._process = subprocess.Popen(self.command, shell=True, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE, text=True, bufsize=1)

scripts/start-server.sh:6-16

PID file creation in /tmp directory

start-server.sh creates PID files in /tmp with predictable names at line 6 and 16. While not a critical vulnerability, PID files in /tmp with world-writable permissions could potentially be exploited in certain scenarios. Pattern: PID_FILE="/tmp/context7-mcp-${PORT}.pid"

Факторы риска

⚡ Содержит скрипты (5)

scripts/fetch-docs.sh:1-207 scripts/mcp-client.py:1-490 scripts/extract-code-blocks.sh:1-56 scripts/extract-signatures.sh:1-42 scripts/extract-notes.sh:1-12

⚙️ Внешние команды (3)

scripts/start-server.sh:15 scripts/fetch-raw.sh:35 scripts/mcp-client.py:204-212

🌐 Доступ к сети (2)

scripts/mcp-client.py:146-182 scripts/fetch-raw.sh:1-38

Версия аудита 2

Низкий риск

Jan 10, 2026, 10:37 AM

Legitimate documentation fetcher using Context7 MCP. Contains shell scripts and subprocess execution for MCP server communication. Minor concerns around library name handling in shell commands but purpose matches behavior. No credential or sensitive data access attempts.

11

Просканировано файлов

1,363

Проанализировано строк

6

находки

claude

Проверено

Проблемы среднего риска (1)

scripts/fetch-docs.sh:93-96

Shell injection via library name parameter

Library name is passed to subprocess without full sanitization in fetch-docs.sh line 93-96. The command constructs a JSON payload with the library name embedded in a shell-executed string. While basic escaping is present, a specially crafted library name could potentially inject shell commands. The vulnerable pattern: python3 "$SCRIPT_DIR/mcp-client.py" call -s "npx -y @upstash/context7-mcp" -t resolve-library-id -p "{\"libraryName\": \"$LIBRARY_NAME\"}"

Проблемы низкого риска (2)

scripts/mcp-client.py:204-212

Subprocess with shell=True for stdio transport

mcp-client.py uses subprocess.Popen with shell=True for stdio transport at line 204. This is standard for MCP servers but creates an attack surface. The shell=True flag allows command injection if input is not properly sanitized. Code: self._process = subprocess.Popen(self.command, shell=True, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE, text=True, bufsize=1)

scripts/start-server.sh:6-16

PID file creation in /tmp directory

start-server.sh creates PID files in /tmp with predictable names at line 6 and 16. While not a critical vulnerability, PID files in /tmp with world-writable permissions could potentially be exploited in certain scenarios. Pattern: PID_FILE="/tmp/context7-mcp-${PORT}.pid"

Факторы риска

⚡ Содержит скрипты (5)

scripts/fetch-docs.sh:1-207 scripts/mcp-client.py:1-490 scripts/extract-code-blocks.sh:1-56 scripts/extract-signatures.sh:1-42 scripts/extract-notes.sh:1-12

⚙️ Внешние команды (3)

scripts/start-server.sh:15 scripts/fetch-raw.sh:35 scripts/mcp-client.py:204-212

🌐 Доступ к сети (2)

scripts/mcp-client.py:146-182 scripts/fetch-raw.sh:1-38

Версия аудита 1

Низкий риск

Jan 10, 2026, 10:37 AM

Legitimate documentation fetcher using Context7 MCP. Contains shell scripts and subprocess execution for MCP server communication. Minor concerns around library name handling in shell commands but purpose matches behavior. No credential or sensitive data access attempts.

11

Просканировано файлов

1,363

Проанализировано строк

6

находки

claude

Проверено

Проблемы среднего риска (1)

scripts/fetch-docs.sh:93-96

Shell injection via library name parameter

Library name is passed to subprocess without full sanitization in fetch-docs.sh line 93-96. The command constructs a JSON payload with the library name embedded in a shell-executed string. While basic escaping is present, a specially crafted library name could potentially inject shell commands. The vulnerable pattern: python3 "$SCRIPT_DIR/mcp-client.py" call -s "npx -y @upstash/context7-mcp" -t resolve-library-id -p "{\"libraryName\": \"$LIBRARY_NAME\"}"

Проблемы низкого риска (2)

scripts/mcp-client.py:204-212

Subprocess with shell=True for stdio transport

mcp-client.py uses subprocess.Popen with shell=True for stdio transport at line 204. This is standard for MCP servers but creates an attack surface. The shell=True flag allows command injection if input is not properly sanitized. Code: self._process = subprocess.Popen(self.command, shell=True, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE, text=True, bufsize=1)

scripts/start-server.sh:6-16

PID file creation in /tmp directory

start-server.sh creates PID files in /tmp with predictable names at line 6 and 16. While not a critical vulnerability, PID files in /tmp with world-writable permissions could potentially be exploited in certain scenarios. Pattern: PID_FILE="/tmp/context7-mcp-${PORT}.pid"

Факторы риска

⚡ Содержит скрипты (5)

scripts/fetch-docs.sh:1-207 scripts/mcp-client.py:1-490 scripts/extract-code-blocks.sh:1-56 scripts/extract-signatures.sh:1-42 scripts/extract-notes.sh:1-12

⚙️ Внешние команды (3)

scripts/start-server.sh:15 scripts/fetch-raw.sh:35 scripts/mcp-client.py:204-212

🌐 Доступ к сети (2)

scripts/mcp-client.py:146-182 scripts/fetch-raw.sh:1-38