arr-stack-mcp

v0.2.1 suspicious
4.0
Medium Risk

MCP server giving any MCP-capable agent a clean, intelligent, unified interface to Sonarr, Radarr, Lidarr, Prowlarr, and Jellyfin.

πŸ€– AI Analysis

Final verdict: SUSPICIOUS

The package shows some signs of potential insecurity due to unverified HTTPS requests and a new maintainer with no historical contributions, but lacks clear evidence of malicious intent or sophisticated obfuscation techniques.

  • Unverified HTTPS requests
  • New maintainer with no historical contributions
Per-check LLM notes
  • Network: Unverified HTTPS requests may indicate insecure network communication, which is a potential risk.
  • Shell: No shell execution patterns detected.
  • Obfuscation: No obfuscation patterns detected, indicating low risk.
  • Credentials: No credential harvesting patterns detected, indicating low risk.
  • Metadata: The presence of non-HTTPS links and a new maintainer with no history increases suspicion, but there's no clear evidence of typosquatting.

πŸ“¦ Package Quality Overall: Medium (5.6/10)

β—ˆ Medium Test Suite 6.0

Partial test coverage signals detected

  • Test runner config found: pyproject.toml
β—ˆ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (11560 chars)
β—‹ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
β—ˆ Medium Type Annotations 7.0

Partial type annotation coverage

  • Type checker (mypy / pyright / pytype) referenced in project
  • 250 type-annotated function signatures detected in source
✦ High Multiple Contributors 8.0

Active multi-contributor project

  • 3 unique contributor(s) across 48 commits in new-usemame/arr-stack-mcp
  • Small but multi-author team (3–4 contributors)

πŸ”¬ Heuristic Checks

⚠ Outbound Network Calls score 7.5

Found 5 network call pattern(s)

  • try: with httpx.Client(timeout=3.0, verify=False) as c: headers = {
  • try: with httpx.Client(timeout=2.0) as c: r = c.get(f"http://localh
  • " try: async with httpx.AsyncClient(timeout=_PROBE_TIMEOUT_SECONDS, verify=False) as client:
  • e: self._client = httpx.Client( base_url=self._base_url, co
  • context manager for internal httpx.Client (see httpx docs)""" self.get_httpx_client().__exit__(
βœ“ Code Obfuscation

No obfuscation patterns detected

βœ“ Shell / Subprocess Execution

No shell execution patterns detected

βœ“ Credential Harvesting

No credential harvesting patterns detected

βœ“ Typosquatting

No typosquatting candidates detected

βœ“ Registered Email Domain

Email domain looks legitimate: users.noreply.github.com>

⚠ Suspicious Page Links score 8.0

Found 4 suspicious link(s) on the package page

  • Non-HTTPS external link: http://host.docker.internal:8989
  • Non-HTTPS external link: http://host.docker.internal:7878
  • Non-HTTPS external link: http://host.docker.internal:8686
  • Non-HTTPS external link: http://host.docker.internal:8096
⚠ Git Repository History score 2.5

Git history flags: Repository has zero stars and zero forks

  • Repository has zero stars and zero forks
⚠ Maintainer History score 4.0

2 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
βœ“ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

πŸ’‘ AI App Starter Prompt

Use this prompt to build a project with arr-stack-mcp 
Create a Python-based media management dashboard that integrates with popular media center applications such as Sonarr, Radarr, Lidarr, Prowlarr, and Jellyfin using the 'arr-stack-mcp' package. This dashboard will serve as a unified control panel for managing and monitoring your media collection across these platforms. Your task is to develop a user-friendly web application that allows users to perform various operations such as adding new media items, updating existing ones, and viewing statistics on their collections. Here’s a step-by-step guide to building this application:

1. **Setup Environment**: Begin by setting up a Python environment with Flask or Django for the backend and React or Vue.js for the frontend.
2. **Install Dependencies**: Install necessary packages including 'arr-stack-mcp', Flask/Django, SQLAlchemy for database interactions, and Axios for making API calls from the frontend.
3. **Configure MCP Server**: Use 'arr-stack-mcp' to configure a MCP server that acts as a unified interface to all your media center applications. Ensure you have the correct configurations for Sonarr, Radarr, Lidarr, Prowlarr, and Jellyfin.
4. **Develop Backend Endpoints**: Create RESTful APIs using Flask/Django that interact with the MCP server through 'arr-stack-mcp'. These endpoints should allow functionalities like fetching collection data, adding new media, deleting old media, and updating metadata.
5. **Design Frontend Interface**: Design an intuitive user interface using React/Vue.js that connects to the backend endpoints. The UI should display media collections, provide forms for adding/editing media items, and show analytics/statistics about the collections.
6. **Implement Authentication**: Integrate OAuth2 or JWT for secure user authentication. Users should be able to log in and manage their personal media collections.
7. **Testing & Deployment**: Thoroughly test your application for functionality, performance, and security before deploying it to a production environment.

**Suggested Features**:
- User-specific media collections management
- Real-time updates on media status (e.g., downloading, processing)
- Detailed analytics on media usage (most watched, least watched, etc.)
- Integration with third-party services for automatic media updates
- Customizable alerts for media events (new download, missing media, etc.)

Utilize 'arr-stack-mcp' to streamline interactions between your application and the media center applications, ensuring a seamless and efficient user experience.

πŸ’¬ Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!