axiom-axle-mcp

v0.3.5 suspicious
6.0
Medium Risk

MCP server for Axiom Lean Engine (AXLE) — exposes Lean verification tools to Claude Code and other MCP clients

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package has moderate risks due to network interactions and low maintainer activity, raising concerns about its legitimacy and potential for abuse.

  • Network risk due to HTTP requests
  • Low maintainer activity and poor metadata quality
Per-check LLM notes
  • Network: The package makes HTTP requests to external URLs, which could be legitimate API calls but may also indicate data exfiltration or C2 activities.
  • Shell: No shell execution patterns were detected in the provided information.
  • Obfuscation: No obfuscation patterns detected, indicating low risk.
  • Credentials: No credential harvesting patterns detected, indicating low risk.
  • Metadata: The package shows signs of low maintainer activity and poor metadata quality, but there's no clear evidence of malicious intent.

📦 Package Quality Overall: Low (4.4/10)

✦ High Test Suite 9.0

Test suite present — 6 test file(s) found

  • Test runner config found: pyproject.toml
  • 6 test file(s) detected (e.g. test_build_input_schema.py)
◈ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (1798 chars)
○ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 38 type-annotated function signatures detected in source
○ Low Multiple Contributors 1.0

Unable to verify contributor count: no GitHub repository found

  • No GitHub repository linked — contributor count unavailable

🔬 Heuristic Checks

Outbound Network Calls score 7.5

Found 5 network call pattern(s)

  • XLE_API_URL}{path}" req = urllib.request.Request(url, headers=_headers()) with urllib.request.url
  • headers=_headers()) with urllib.request.urlopen(req) as resp: if resp.status != 200:
  • lication/json"} req = urllib.request.Request(url, data=data, headers=headers, method="POST")
  • , method="POST") with urllib.request.urlopen(req) as resp: body = resp.read().decode(
  • try: with urllib.request.urlopen(req) as resp: body = resp.read().dec
Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution

No shell execution patterns detected

Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History

No GitHub repository linked

  • No GitHub repository link found
Maintainer History score 6.0

3 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
  • Package has no PyPI classifiers (low effort / metadata quality)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with axiom-axle-mcp 
Create a mini-application that serves as a lightweight interface for developers to interact with the Axiom Lean Engine (AXLE) using the 'axiom-axle-mcp' package. This application will act as an MCP server, allowing users to perform Lean verification tasks directly from their command line or through a simple web interface. The application should have the following features:

1. **Command Line Interface (CLI)**: Implement basic commands such as 'verify', 'check', and 'analyze' which utilize the AXLE engine via the MCP server provided by 'axiom-axle-mcp'. Users should be able to input code snippets or file paths to verify the correctness of their formal logic or mathematical proofs.
2. **Web Interface**: Develop a minimalistic web frontend where users can paste their Lean code, select the verification task (verify, check, analyze), and receive results in real-time. This should include a status indicator showing when a request is being processed and when it has completed.
3. **Error Handling**: Ensure robust error handling both in the CLI and web interface. Display meaningful error messages if the input is incorrect or if there's an issue with the AXLE engine.
4. **Configuration Settings**: Allow users to configure settings such as logging level, verbosity of output, and connection timeout to the AXLE engine.
5. **Documentation**: Provide comprehensive documentation on how to install and use the application, including examples of valid inputs and expected outputs.

To achieve these features, you will need to integrate the 'axiom-axle-mcp' package into your application. This involves setting up the MCP server to communicate with the AXLE engine, handling client requests appropriately, and interpreting the responses from the AXLE engine to provide useful feedback to the user. Additionally, ensure that your application is well-structured, modular, and follows best practices in Python development.

💬 Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!