alpha-forge-mcp

v0.1.0a3 suspicious
4.0
Medium Risk

MCP server (stdio) exposing the AlphaForge `forge` CLI to Claude Code / Cursor / Codex

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package shows some signs of potential misuse, particularly concerning shell execution and the lack of established metadata. However, it does not present clear evidence of malicious intent.

  • Shell execution could be exploited if misused.
  • New repository with limited activity raises concerns.
Per-check LLM notes
  • Network: No network calls detected, which is low risk.
  • Shell: Shell execution might be used for legitimate purposes but requires further investigation to ensure it's not being misused.
  • Obfuscation: No obfuscation patterns detected, indicating low risk of malicious obfuscation.
  • Credentials: No credential harvesting patterns detected, suggesting legitimate use without risk of secret theft.
  • Metadata: The repository is new with no activity indicators, and the maintainer has a single package on PyPI, raising suspicion but not conclusive evidence of malice.

📦 Package Quality Overall: Low (4.6/10)

✦ High Test Suite 9.0

Test suite present — 2 test file(s) found

  • Test runner config found: pyproject.toml
  • 2 test file(s) detected (e.g. test_forge_client.py)
◈ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (3229 chars)
○ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 24 type-annotated function signatures detected in source
○ Low Multiple Contributors 2.0

Single-author or unverifiable project

  • 1 unique contributor(s) across 8 commits in alforge-labs/alpha-forge-mcp
  • Single author with few commits — possibly a personal or throwaway project

🔬 Heuristic Checks

Outbound Network Calls

No suspicious network call patterns found

Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution score 4.0

Found 2 shell execution pattern(s)

  • try: proc = subprocess.run( cmd, capture_output=True,
  • + "\n" ) proc = subprocess.run( [sys.executable, "-m", "alpha_forge_mcp"],
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History score 5.0

Git history flags: Repository created very recently: 5 day(s) ago (2026-06-01T14:31:03Z)

  • Repository created very recently: 5 day(s) ago (2026-06-01T14:31:03Z)
  • Repository has zero stars and zero forks
Maintainer History score 2.0

1 maintainer concern(s) found

  • Author "AlForge Labs" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with alpha-forge-mcp 
Create a Python-based application named 'CodeCraft' that leverages the 'alpha-forge-mcp' package to provide an interactive coding environment for developers. This application should allow users to connect to an MCP server running the AlphaForge `forge` CLI, enabling them to execute code snippets, receive real-time feedback, and perform various coding tasks directly through the application interface.

Step-by-Step Instructions:
1. Install the required packages including 'alpha-forge-mcp'.
2. Set up a connection to the MCP server using the 'alpha-forge-mcp' package.
3. Implement a user-friendly command-line interface where users can input code snippets.
4. Develop functionality within the app to send these snippets to the MCP server for execution via the `forge` CLI.
5. Ensure that the results of the executed code are displayed back to the user in real-time.
6. Add error handling mechanisms to gracefully manage any issues that arise during code execution.
7. Include features such as code highlighting, auto-completion, and syntax checking to enhance user experience.
8. Integrate a history feature that logs all executed code snippets and their outcomes for future reference.
9. Optionally, implement a feature that allows users to save their work sessions or share them with others.

Suggested Features:
- Support for multiple programming languages compatible with the `forge` CLI.
- Real-time collaboration mode allowing multiple users to work on the same code snippet simultaneously.
- A library of pre-written code snippets that users can use as templates or examples.
- Integration with popular version control systems like Git for seamless project management.
- Advanced debugging tools integrated into the application to assist with troubleshooting.
- An option for users to configure their own settings, such as theme selection or shortcut customization.

The 'alpha-forge-mcp' package will be crucial in facilitating communication between your application and the MCP server, allowing for seamless execution of code snippets and retrieval of results. Your goal is to create a powerful yet intuitive tool that enhances the coding experience for developers of all skill levels.

💬 Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!