aevum-mcp

v0.7.1 suspicious
4.0
Medium Risk

Aevum — MCP server exposing the five functions as tools.

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package has a moderate risk score due to potential shell execution risks and incomplete metadata. It is not conclusively malicious but warrants further scrutiny.

  • Shell risk detection indicating potential for executing arbitrary commands
  • Incomplete maintainer information and potentially inactive account
Per-check LLM notes
  • Network: No network calls were detected, reducing immediate risk.
  • Shell: Detection of shell execution patterns may indicate potential for executing arbitrary commands, which could be used for malicious purposes.
  • Obfuscation: No obfuscation patterns detected, indicating low risk of malicious intent related to code obfuscation.
  • Credentials: No credential harvesting patterns detected, suggesting the package does not engage in suspicious activities related to secret or credential theft.
  • Metadata: The maintainer's author name is missing and the account seems new or inactive, raising some suspicion but not conclusive evidence of malice.

🔬 Heuristic Checks

Outbound Network Calls

No suspicious network call patterns found

Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution score 8.0

Found 4 shell execution pattern(s)

  • (env_extra or {})} return subprocess.run( INTERCEPTOR_CMD, input=json.dumps(payload),
  • (env_extra or {})} return subprocess.run( INTERCEPTOR_CMD, input=raw_input, c
  • _URL", None) result = subprocess.run( INTERCEPTOR_CMD, input=json.dumps({
  • T_DB", None) result = subprocess.run( INTERCEPTOR_CMD, input=json.dumps({
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History

Repository aevum-labs/aevum appears legitimate

Maintainer History score 4.0

2 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with aevum-mcp 
Create a fully-functional mini-application named 'MCPTool' that leverages the 'aevum-mcp' package to provide users with a simple yet powerful interface for interacting with an MCP server. This application will serve as a tool for developers and system administrators to manage their MCP server more efficiently. Here are the steps and features you need to include:

1. **Setup**: Begin by installing the 'aevum-mcp' package using pip. Ensure your development environment is set up properly for Python.
2. **Authentication**: Implement a secure authentication mechanism to allow only authorized users to access the MCP server functionalities through the app.
3. **Main Menu**: Develop a user-friendly main menu that lists all the available commands exposed by the 'aevum-mcp' package. These commands should correspond to the five core functions of the MCP server.
4. **Command Execution**: Each command listed in the main menu should execute the corresponding function from the 'aevum-mcp' package when selected. For example, if one of the functions is to 'start a service', clicking on it should trigger the start service function provided by the package.
5. **Logging and History**: Integrate logging functionality to record all interactions with the MCP server through the application. Users should be able to review these logs to track changes made over time.
6. **Configuration Management**: Allow users to configure settings related to their MCP server directly through the application. This includes setting up initial configurations, updating existing ones, and viewing current configurations.
7. **Help and Documentation**: Include a help section within the application that provides brief descriptions of each command and how they interact with the MCP server. This documentation should also guide users on best practices for using the application effectively.
8. **Testing**: Finally, ensure thorough testing of all features to guarantee smooth operation and reliability of the application.

This project aims to streamline the management of MCP servers, making it easier for users to perform necessary tasks without needing to manually interact with the server's command-line interface.