mne-mcp

v0.2.0 suspicious
6.0
Medium Risk

A Model Context Protocol server for MNE-Python neurophysiology analysis (EEG / MEG / sEEG / ECoG / fNIRS)

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package has high obfuscation and metadata risks due to the use of eval and exec, and the lack of community engagement and maintainer activity.

  • High obfuscation risk due to use of eval and exec
  • Low community engagement and new maintainer
Per-check LLM notes
  • Network: No network calls detected, which is normal if the package does not require external communications.
  • Shell: No shell execution patterns detected, indicating no immediate signs of executing system commands.
  • Obfuscation: The use of eval and exec with dynamically compiled code suggests potential for code injection and obfuscation, indicating a higher risk.
  • Credentials: No clear patterns indicative of credential harvesting were found.
  • Metadata: The repository is very new with no community engagement, and the maintainer seems to be new or inactive.

🔬 Heuristic Checks

Outbound Network Calls

No suspicious network call patterns found

Code Obfuscation score 10.0

Found 6 obfuscation pattern(s)

  • result_value = eval( compile(ast.Expression(last_expr.va
  • ree.body: exec( compile(tree, "<mne-mcp>", "exec"), self.na
  • exec( compile(tree, "<mne-mcp>", "exec"), self.namespace,
  • rgs.reset: path = __import__( "mne_mcp.config", fromlist=["reset_config"] ).reset_config() print(f"Reset defaults to built-
  • None: try: mod = __import__(module_name) return getattr(mod, "__version__", "unknown") e
  • = Session() s.set("arr", __import__("numpy").zeros((3, 4))) assert s.has("arr") assert "arr" in
Shell / Subprocess Execution

No shell execution patterns detected

Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History score 5.0

Git history flags: Repository created very recently: 4 day(s) ago (2026-06-01T11:49:30Z)

  • Repository created very recently: 4 day(s) ago (2026-06-01T11:49:30Z)
  • Repository has zero stars and zero forks
Maintainer History score 6.0

3 maintainer concern(s) found

  • Only one version has ever been released — brand new package
  • Package uploaded less than 24 hours ago (2026-06-05T04:24:23.000Z)
  • Author "MNE MCP Contributors" appears to have only 1 package on PyPI (new or inactive account)