Back to Dashboard

100

capsulemcp

soil-dev/capsulemcp

Model Context Protocol server for Capsule CRM. Lets Claude (Desktop, Code, or web Projects via Custom Connector) read and write your CRM in plain English. Covers contacts, opportunities, projects, tasks, timeline activity, structured filters, saved filters with sort, workflow tracks, file attachments, audit, and batch fetches.

capsulemcp045 files scannedMay 10, 2026

High risk — review the findings below

We found multiple concerning patterns in this package. Some of these might be legitimate (for example, a build tool might need to run commands), but you should review each finding below and decide if the explanations make sense for what this package claims to do.

What We Found(5 issues)

Each card explains what was found and what it means in plain English. Click "Technical details" for the full breakdown.

MEDIUMMED-004

Suspicious. This package loads code from an unknown location decided at runtime. We can't tell what it will actually run because it depends on a variable. This makes it harder to verify the package is safe.

Technical details

Dynamic require/import with variable arguments loads code determined at runtime. This can be used to load payloads that static analysis can't detect.

import(

scripts/wire-trace.ts:86

MEDIUMMED-004

Suspicious. This package loads code from an unknown location decided at runtime. We can't tell what it will actually run because it depends on a variable. This makes it harder to verify the package is safe.

Technical details

Dynamic require/import with variable arguments loads code determined at runtime. This can be used to load payloads that static analysis can't detect.

import(

scripts/wire-trace.ts:91

MEDIUMMED-004

Suspicious. This package loads code from an unknown location decided at runtime. We can't tell what it will actually run because it depends on a variable. This makes it harder to verify the package is safe.

Technical details

Dynamic require/import with variable arguments loads code determined at runtime. This can be used to load payloads that static analysis can't detect.

import(

scripts/wire-trace.ts:94

MEDIUMMED-004

Suspicious. This package loads code from an unknown location decided at runtime. We can't tell what it will actually run because it depends on a variable. This makes it harder to verify the package is safe.

Technical details

Dynamic require/import with variable arguments loads code determined at runtime. This can be used to load payloads that static analysis can't detect.

import(

scripts/wire-trace.ts:97

MEDIUMMED-004

Suspicious. This package loads code from an unknown location decided at runtime. We can't tell what it will actually run because it depends on a variable. This makes it harder to verify the package is safe.

Technical details

Dynamic require/import with variable arguments loads code determined at runtime. This can be used to load payloads that static analysis can't detect.

import(

scripts/wire-trace.ts:105

Finding Summary

0

Critical

0

High

5

Medium

0

Low

0

Info