operativa-mcp

v0.1.3 suspicious
6.0
Medium Risk

Executive AI & Systems Consultant - MCP Server

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits significant shell execution risk and moderate obfuscation, indicating potential for unintended behavior or vulnerabilities. While there is no clear evidence of malicious intent, the combination of these factors raises concerns about its safety.

  • High shell risk due to external command execution
  • Moderate obfuscation through base64 encoding
Per-check LLM notes
  • Network: The network calls appear to be related to OAuth authentication and fetching user information from a website, which could be legitimate depending on the package's functionality.
  • Shell: Executing external commands like 'ffmpeg', 'stt', and 'lo_cmd' can introduce risks if not properly sanitized or controlled, suggesting potential vulnerabilities or unintended behaviors.
  • Obfuscation: The use of base64 decoding suggests potential obfuscation, but it could also be part of normal data handling processes.
  • Credentials: No clear patterns indicative of credential harvesting were detected.
  • Metadata: The package is new with low metadata quality and lacks a maintainer history.

🔬 Heuristic Checks

Outbound Network Calls score 9.0

Found 6 network call pattern(s)

  • rmat=json" response = requests.get(oembed_url, timeout=5) if response.status_code == 20
  • Get OAuth URL response = httpx.get(f"{WEBSITE_URL}/auth/login") response.raise_for_status()
  • ry: verify_response = httpx.get( f"{WEBSITE_URL}/auth/me", params={"
  • to LinkedIn with httpx.Client() as client: response = client.post(
  • } with httpx.Client() as client: # Register upload
  • ts/{path}" response = httpx.get(url, headers=self.headers) response.raise_for_status
Code Obfuscation score 4.0

Found 2 obfuscation pattern(s)

  • " in data: return base64.b64decode(data["content"]) else: raise ValueError(
  • as conn: inspector = __import__('sqlalchemy').inspect(engine) columns = {col['name'] for col in i
Shell / Subprocess Execution score 10.0

Found 6 shell execution pattern(s)

  • import sys try: subprocess.run( [sys.executable, "-m", "src.mcp_server.server"]
  • """ try: result = subprocess.run( ["ffmpeg", "-y", "-i", video_path, "-ar", "1600
  • macOS STT") result = subprocess.run(["stt", wav_path], capture_output=True, text=True, timeout=6
  • p() try: result = subprocess.run( [lo_cmd, "--headless", "--convert-to", "docx",
  • {} try: result = subprocess.run( ["sips", "-g", "all", file_path], c
  • "} try: result = subprocess.run( [pdftotext, "-layout", file_path, "-"],
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

Email domain looks legitimate: operativa.app>

Suspicious Page Links

All external links appear legitimate

Git Repository History

No GitHub repository linked

  • No GitHub repository link found
Maintainer History score 8.0

4 maintainer concern(s) found

  • Package uploaded less than 24 hours ago (2026-06-05T03:44:46.000Z)
  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
  • Package has no PyPI classifiers (low effort / metadata quality)