algovoi-mcp

v1.7.0 suspicious
4.0
Medium Risk

MCP server for AlgoVoi — create crypto payment links, verify payments, probe MPP endpoints (including MPP subscription lifecycle), screen recipients, compliance trust queries, and generate MPP / x402 challenges from any MCP client. Supports 29 tools across all 8 AlgoVoi chains: Algorand, VOI, Hedera, Stellar, Base, Solana, Tempo, and ARC testnet. Selectable response model via ALGOVOI_MODE: 'substrate' (AlgoVoi signed receipts) or 'standard' (bare x402/MPP/AP2).

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package shows signs of potential obfuscation and there's uncertainty regarding the legitimacy of its source due to missing git repository and limited maintainer activity.

  • Potential obfuscation via base64 decoding and JSON loading
  • Missing git repository and single package by maintainer
Per-check LLM notes
  • Obfuscation: The usage of base64 decoding and JSON loading suggests potential obfuscation or encryption of data, but it could also be part of normal functionality for handling encoded strings.
  • Credentials: No clear patterns indicating credential harvesting were found, but further investigation into the context of how these functions are used would be necessary.
  • Metadata: The package has no typosquatting or email domain flags, but the git repository is not found and the maintainer has only one package on PyPI, which raises some suspicion.

📦 Package Quality Overall: Low (4.4/10)

✦ High Test Suite 9.0

Test suite present — 1 test file(s) found

  • Test runner config found: pyproject.toml
  • 1 test file(s) detected (e.g. test_tools.py)
◈ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (3265 chars)
○ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 68 type-annotated function signatures detected in source
○ Low Multiple Contributors 1.0

Could not retrieve contributor data from GitHub

  • GitHub API error: 404

🔬 Heuristic Checks

Outbound Network Calls

No suspicious network call patterns found

Code Obfuscation score 8.0

Found 4 obfuscation pattern(s)

  • try: decoded = base64.b64decode(proof + "==").decode("utf-8") data = json.loads
  • decoded = json.loads(base64.b64decode(padded).decode("utf-8")) result["challenge"] =
  • decoded = json.loads(base64.b64decode(out["headers"]["X-Payment-Required"])) assert decode
  • mandate = json.loads(base64.b64decode(out["mandate_b64"])) assert mandate["payee"]["addres
Shell / Subprocess Execution

No shell execution patterns detected

Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History score 3.0

Repository not found (deleted or private)

  • Repository not found (deleted or private)
Maintainer History score 2.0

1 maintainer concern(s) found

  • Author "AlgoVoi" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with algovoi-mcp 
Create a Python-based mini-application that leverages the 'algovoi-mcp' package to manage cryptocurrency payments and subscriptions across multiple blockchain networks. This application will serve as a user-friendly interface for generating payment links, verifying payments, probing Multi-Purpose Payment (MPP) endpoints, and handling the lifecycle of MPP subscriptions. Additionally, it will provide functionality for screening recipients and performing compliance trust queries.

### Application Features:
- **Generate Payment Links:** Users can input recipient addresses and desired amounts to generate secure payment links for various cryptocurrencies supported by AlgoVoi (Algorand, VOI, Hedera, Stellar, Base, Solana, Tempo, and ARC testnet).
- **Payment Verification:** Once a payment is made, users can submit a transaction ID to verify if the payment has been successfully received.
- **MPP Endpoint Probing:** The application will allow users to check the status of MPP endpoints and ensure they are operational before initiating transactions.
- **Subscription Management:** For recurring payments, the app should support creating, managing, and canceling MPP subscriptions.
- **Recipient Screening:** Users can screen potential recipients for any compliance issues before sending funds.
- **Compliance Trust Queries:** The app should enable users to perform trust queries to ensure compliance with regulatory requirements.
- **Response Model Selection:** Users should have the option to select between 'substrate' (AlgoVoi signed receipts) and 'standard' (bare x402/MPP/AP2) models for responses.

### Steps to Build the Application:
1. **Setup Environment:** Install necessary Python packages including 'algovoi-mcp'.
2. **User Interface Design:** Develop a simple command-line interface (CLI) or a basic web interface using Flask for user interaction.
3. **Integration with 'algovoi-mcp':** Use the 'algovoi-mcp' package to handle backend operations such as generating payment links, verifying payments, and managing MPP endpoints.
4. **Implement Core Features:** Implement each of the outlined features using functions provided by 'algovoi-mcp'. Ensure that the application supports all 29 tools across the 8 supported blockchain networks.
5. **Testing:** Thoroughly test the application with different scenarios to ensure reliability and security.
6. **Documentation:** Write comprehensive documentation detailing how to use the application and integrate it into existing workflows.
7. **Deployment:** Deploy the application on a server or cloud platform for public access.

This project aims to showcase the versatility and power of 'algovoi-mcp' while providing a practical tool for managing cryptocurrency transactions and subscriptions.

💬 Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!