ai-vault-mcp

v0.1.9 suspicious
4.0
Medium Risk

MCP server that gives AI clients direct access to your local filesystem — save, find, and organize files using natural language

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits moderate obfuscation and has an author with incomplete metadata, raising concerns about its legitimacy and intentions.

  • moderate obfuscation risk
  • incomplete author metadata
Per-check LLM notes
  • Network: The network call pattern suggests the package may be performing legitimate HTTP requests, possibly to interact with an API or service like Vault, but further investigation is needed.
  • Shell: No shell execution patterns detected, indicating low risk of direct system command execution from the package.
  • Obfuscation: The use of base64 decoding may indicate an attempt to hide code logic, but it could also be used for legitimate purposes such as data encryption.
  • Credentials: No clear patterns indicative of credential harvesting were detected.
  • Metadata: The package shows some red flags with an author having a missing name and a new account, but no clear malicious intent is evident from the provided metadata.

📦 Package Quality Overall: Low (4.6/10)

✦ High Test Suite 9.0

Test suite present — 1 test file(s) found

  • Test runner config found: pyproject.toml
  • 1 test file(s) detected (e.g. test_server.py)
◈ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (4521 chars)
○ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 17 type-annotated function signatures detected in source
○ Low Multiple Contributors 2.0

Single-author or unverifiable project

  • 1 unique contributor(s) across 5 commits in yashderasari/vault
  • Single author with few commits — possibly a personal or throwaway project

🔬 Heuristic Checks

Outbound Network Calls score 1.5

Found 1 network call pattern(s)

  • d try: async with httpx.AsyncClient(follow_redirects=False, timeout=60) as client: #
Code Obfuscation score 2.0

Found 1 obfuscation pattern(s)

  • ) try: data = base64.b64decode(content_base64) except Exception as e: return f"
Shell / Subprocess Execution

No shell execution patterns detected

Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

Email domain looks legitimate: gmail.com>

Suspicious Page Links

All external links appear legitimate

Git Repository History score 2.5

Git history flags: Repository has zero stars and zero forks

  • Repository has zero stars and zero forks
Maintainer History score 4.0

2 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with ai-vault-mcp 
Create a personal file management assistant named 'FileSage' using the Python package 'ai-vault-mcp'. This application will enable users to interact with their local filesystem through natural language commands, allowing them to save, find, and organize files effortlessly. Here’s a step-by-step guide on how to develop this application:

1. **Setup**: Install the necessary packages including 'ai-vault-mcp' and any other dependencies required for the application.
2. **User Interface**: Design a simple yet effective user interface where users can input commands. This could be a command-line interface or a graphical user interface (GUI).
3. **Command Parsing**: Implement a feature that parses user inputs into commands that 'ai-vault-mcp' can understand. For example, converting 'Find all my photos from last year' into a query that searches the filesystem for images taken within the last year.
4. **Integration with ai-vault-mcp**: Use 'ai-vault-mcp' to handle the execution of these commands. Ensure that the application can securely interact with the local filesystem as directed by the parsed commands.
5. **Feedback Mechanism**: Develop a feedback system that informs users about the success or failure of their commands. If a file is found or saved, provide confirmation messages; if not, suggest possible reasons why the operation might have failed.
6. **Advanced Features**: Consider adding advanced features such as file tagging, automatic organization of files based on content type, and integration with cloud storage services for backup purposes.
7. **Security Measures**: Since the application interacts with the local filesystem, ensure robust security measures are in place to protect user data.
8. **Testing**: Rigorously test the application under various scenarios to ensure it works as expected.
9. **Documentation**: Provide comprehensive documentation for both users and developers, explaining how to install, use, and extend the application.

By following these steps, you'll create a powerful tool that simplifies file management tasks through natural language interaction.