authsome-mcp-proxy

v0.4.0 suspicious
4.0
Medium Risk

A Model Context Protocol (MCP) proxy that adds an OAuth/OIDC frontend to upstream MCPs that don't include any such β€” either because they only validate tokens or expect static credentials such as API keys. Bridges to a configurable IdP (Keycloak, AWS Cognito, Google, Azure, generic OIDC) for Claude Desktop, Claude Code, Cursor, Codex, Claude.ai.

πŸ€– AI Analysis

Final verdict: SUSPICIOUS

The package has moderate network interaction risks and significant metadata concerns, but lacks evidence of malicious intent.

  • moderate network interaction risk
  • low maintainer activity and poor metadata quality
Per-check LLM notes
  • Network: The observed network calls appear to be related to authentication and potentially proxy interactions, which could be legitimate depending on the package's functionality.
  • Shell: No shell execution patterns were detected.
  • Obfuscation: No obfuscation patterns detected, indicating low risk of malicious obfuscation.
  • Credentials: No credential harvesting patterns detected, suggesting no immediate risk of secret theft.
  • Metadata: The package shows several red flags indicating low maintainer activity and metadata quality, which could suggest potential risk.

πŸ“¦ Package Quality Overall: Low (4.4/10)

✦ High Test Suite 9.0

Test suite present β€” 8 test file(s) found

  • Test runner config found: pyproject.toml
  • 8 test file(s) detected (e.g. __init__.py)
β—ˆ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (29156 chars)
β—‹ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
β—ˆ Medium Type Annotations 5.0

Partial type annotation coverage

  • 24 type-annotated function signatures detected in source
β—‹ Low Multiple Contributors 1.0

Unable to verify contributor count: no GitHub repository found

  • No GitHub repository linked β€” contributor count unavailable

πŸ”¬ Heuristic Checks

⚠ Outbound Network Calls score 4.5

Found 3 network call pattern(s)

  • tokens async with httpx.AsyncClient() as client: response = await client.post(
  • ata() async with httpx.AsyncClient() as client: response = await client.post(
  • elf.scope async with httpx.AsyncClient() as client: response = await client.post(self.t
βœ“ Code Obfuscation

No obfuscation patterns detected

βœ“ Shell / Subprocess Execution

No shell execution patterns detected

βœ“ Credential Harvesting

No credential harvesting patterns detected

βœ“ Typosquatting

No typosquatting candidates detected

βœ“ Registered Email Domain

Email domain looks legitimate: gmail.com>

βœ“ Suspicious Page Links

All external links appear legitimate

βœ“ Git Repository History

No GitHub repository linked

  • No GitHub repository link found
⚠ Maintainer History score 8.0

4 maintainer concern(s) found

  • Only one version has ever been released β€” brand new package
  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
  • Package has no PyPI classifiers (low effort / metadata quality)
βœ“ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

πŸ’‘ AI App Starter Prompt

Use this prompt to build a project with authsome-mcp-proxy 
Create a fully functional mini-application that integrates the 'authsome-mcp-proxy' Python package to secure access to a simple REST API. This application will serve as a bridge between users and a third-party API, adding an OAuth/OIDC authentication layer to ensure secure interactions. Here’s a detailed breakdown of the project steps and features:

1. **Setup**: Begin by setting up your development environment. Ensure you have Python installed along with pip. Install the 'authsome-mcp-proxy' package using pip.

2. **Configuration**: Configure the 'authsome-mcp-proxy' to connect to a chosen Identity Provider (IdP). For this example, use Keycloak as the IdP. Set up a client in Keycloak and obtain necessary credentials (client ID, secret, etc.).

3. **Proxy Implementation**: Utilize the 'authsome-mcp-proxy' to create a proxy server that intercepts requests to a third-party API. This proxy will handle OAuth/OIDC authentication before forwarding requests to the actual API endpoint.

4. **REST API Integration**: Develop a simple REST API that interacts with the proxy. This API should accept user requests, forward them through the proxy, and return responses back to the user.

5. **User Authentication**: Implement a user interface where users can log in using their credentials from the configured IdP (Keycloak). Use the 'authsome-mcp-proxy' to authenticate these credentials against the IdP.

6. **Secure Data Exchange**: Ensure all data exchanged between the user interface, the proxy, and the third-party API is encrypted. Use HTTPS and appropriate headers to maintain security.

7. **Testing**: Test the application thoroughly to ensure that it correctly handles various scenarios, including successful authentication, failed authentication attempts, and API response handling.

8. **Documentation**: Write clear documentation explaining how to set up and run the application, including configuration details and usage instructions.

Suggested Features:
- User-friendly login/logout process
- Detailed error messages for debugging purposes
- Logging of important events for monitoring and troubleshooting
- Scalability options for handling multiple users and API requests

This project not only demonstrates the power of 'authsome-mcp-proxy' in securing API access but also provides a practical example of integrating OAuth/OIDC in real-world applications.

πŸ’¬ Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!