arbling-brain-reader

v0.1.1 suspicious
5.0
Medium Risk

Read-only MCP server that exposes any Arbling-schema markdown vault to Claude Code and other MCP clients

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package is suspicious due to high credential risk and incomplete metadata, suggesting potential unreliability or malicious intent.

  • High credential risk through potential access to system files.
  • Incomplete author details and non-HTTPS link.
Per-check LLM notes
  • Network: No network calls were detected, indicating no direct communication outside the system.
  • Shell: The shell execution patterns detected are primarily related to Git operations which may be part of version control but could indicate unusual behavior if not expected in a standard library.
  • Obfuscation: No obfuscation patterns detected.
  • Credentials: Potential credential harvesting through access to system files like '/etc/passwd'.
  • Metadata: The package has a non-HTTPS link and the author details are incomplete, indicating potential unreliability.

📦 Package Quality Overall: Low (4.6/10)

✦ High Test Suite 9.0

Test suite present — 3 test file(s) found

  • Test runner config found: conftest.py
  • Test runner config found: pyproject.toml
  • 3 test file(s) detected (e.g. conftest.py)
◈ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (6292 chars)
○ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 55 type-annotated function signatures detected in source
○ Low Multiple Contributors 2.0

Single-author or unverifiable project

  • 1 unique contributor(s) across 5 commits in yev-arbling/arbling-brain-mcp
  • Single author with few commits — possibly a personal or throwaway project

🔬 Heuristic Checks

Outbound Network Calls

No suspicious network call patterns found

Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution score 10.0

Found 6 shell execution pattern(s)

  • wn" try: result = subprocess.run( ["git", "log", "-1", "--format=%H%x1f%ci%x1f%s"
  • """ try: result = subprocess.run( [ "rg", "--json
  • unknown" try: r = subprocess.run( ["git", "rev-parse", "HEAD"], cwd=b
  • ss try: result = subprocess.run( ["git", "pull", "--ff-only"], cwd=b
  • old_sha try: r2 = subprocess.run( ["git", "rev-parse", "HEAD"], cwd=b
  • try: diff = subprocess.run( ["git", "diff", "--name-only", old_sha, new
Credential Harvesting score 10.0

Found 4 credential access pattern(s)

  • : _safe_resolve("../../etc/passwd", fake_brain) def test_safe_resolve_absolute(fake_brain:
  • ute"): _safe_resolve("/etc/passwd", fake_brain) # -----------------------------------------
  • read_brain_page("../../../etc/passwd", fake_brain) # -----------------------------------------
  • srv.read_brain_page("../../../etc/passwd") def test_server_search_brain_tool(fake_brain: Path):
Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links score 2.0

Found 1 suspicious link(s) on the package page

  • Non-HTTPS external link: http://www.apple.com/DTDs/PropertyList-1.0.dtd
Git Repository History

Repository yev-arbling/arbling-brain-mcp appears legitimate

Maintainer History score 4.0

2 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with arbling-brain-reader 
Create a Python-based utility named 'BrainBrowser' that leverages the 'arbling-brain-reader' package to provide a user-friendly interface for exploring and querying a read-only vault of Arbling-schema markdown files. This utility should allow users to:

1. Connect to a specified MCP server hosting an Arbling-markdown vault.
2. Browse through different categories or tags within the vault.
3. Search for specific keywords or phrases across all documents.
4. Retrieve and display individual documents in a readable format.
5. Optionally, highlight certain sections of the document based on user-defined criteria.
6. Save a copy of any retrieved document locally.

The 'arbling-brain-reader' package will be utilized to establish a connection to the MCP server, retrieve document data, and perform searches within the vault. Your task is to outline the steps required to develop 'BrainBrowser', including setting up the necessary environment, integrating 'arbling-brain-reader', and implementing each feature mentioned above.

💬 Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!