allstar-mcp

v0.1.2 suspicious
6.0
Medium Risk

MCP server for AllStar Link — wraps ASL3-API REST endpoints as MCP tools for AI agent control of amateur radio nodes

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package is deemed suspicious due to its metadata risks, including suspicious links and low repository activity from a new author. While there are no immediate signs of malicious activity within the code, the potential for unauthorized network interactions poses a moderate risk.

  • High metadata risk
  • Potential for unauthorized network activities
Per-check LLM notes
  • Network: The network call patterns indicate the package makes HTTP requests to external services, which could be legitimate for API calls but may also pose risks if not properly secured or if used for unauthorized activities.
  • Shell: No shell execution patterns were detected, suggesting low risk for direct system command execution.
  • Obfuscation: No obfuscation patterns detected, indicating low risk.
  • Credentials: No credential harvesting patterns detected, indicating low risk.
  • Metadata: The package shows several red flags including suspicious links, low repository activity, and a newly registered author with no history.

📦 Package Quality Overall: Medium (5.0/10)

✦ High Test Suite 9.0

Test suite present — 1 test file(s) found

  • Test runner config found: pyproject.toml
  • 1 test file(s) detected (e.g. test_server.py)
◈ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (3719 chars)
○ Low Contributing Guide 4.0

No contributing guide or governance files found

  • Development Status classifier >= Beta
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 18 type-annotated function signatures detected in source
○ Low Multiple Contributors 2.0

Single-author or unverifiable project

  • 1 unique contributor(s) across 5 commits in KJ5IRQ/asl3-mcp
  • Single author with few commits — possibly a personal or throwaway project

🔬 Heuristic Checks

Outbound Network Calls score 4.5

Found 3 network call pattern(s)

  • () if v is not None} with httpx.Client() as client: r = client.get( f"{_base_ur
  • (path: str) -> dict: with httpx.Client() as client: r = client.get(f"{_base_url()}{path}",
  • one = None) -> dict: with httpx.Client() as client: r = client.post( f"{_base_u
Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution

No shell execution patterns detected

Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links score 4.0

Found 2 suspicious link(s) on the package page

  • Non-HTTPS external link: http://your-node:8073
  • Non-HTTPS external link: http://your-node-ip:8073
Git Repository History score 5.0

Git history flags: Repository has zero stars and zero forks

  • Repository has zero stars and zero forks
  • All 5 commits happened within 24 hours
Maintainer History score 6.0

3 maintainer concern(s) found

  • Only one version has ever been released — brand new package
  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with allstar-mcp 
Create a Python-based utility named 'RadioNodeController' that leverages the 'allstar-mcp' package to provide an intuitive interface for amateur radio enthusiasts to manage their AllStar Link nodes via a command-line interface (CLI). This utility will enable users to perform various operations such as node status checks, configuration updates, and connection management directly from their terminal.

Key Features:
1. **Node Status**: Users should be able to query the current status of any AllStar node they manage, including details like whether it’s online, connected callsigns, and uptime.
2. **Configuration Management**: Provide commands to modify node configurations such as call sign, description, and other relevant settings.
3. **Connection Control**: Implement functionality to start, stop, and monitor connections between nodes.
4. **Logging**: Integrate logging capabilities to record actions performed on nodes for auditing purposes.
5. **Help Documentation**: Ensure comprehensive help documentation is available through the CLI to guide users on how to use each command effectively.

Utilization of 'allstar-mcp':
The 'allstar-mcp' package will act as the backbone for interfacing with the AllStar Link API. It will handle the translation of CLI commands into appropriate REST API requests and process the responses back into user-friendly outputs. For example, when a user runs a command to check the status of a node, 'allstar-mcp' will send the necessary request to the AllStar Link API and return the node’s status in a readable format.

💬 Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!