context7
upstash/context7Context7 Platform -- Up-to-date code documentation for LLMs and AI code editors
Verified publisher — Upstash
This package is from Upstash, a verified publisher. Database/cache infrastructure. The findings below are expected for this type of tool — for example, a payment SDK will read API keys, and a browser tool will use child_process. These patterns are normal for a verified publisher, not signs of malice.
What We Found(30 issues)
Each card explains what was found and what it means in plain English. Click "Technical details" for the full breakdown.
Caution. This package can open a terminal on your computer and run any command it wants — with YOUR permissions. It could delete files, install malware, or steal your data without you seeing anything happen.
Technical details
Importing child_process gives the package ability to spawn shell commands. MCP servers should not need to execute arbitrary system commands.
import { spawn } from "child_process"Caution. This package runs system commands on your computer. This is like giving someone the keys to your terminal. They could run anything — download files, change settings, or access your private data.
Technical details
Direct process execution functions (exec, spawn) can run arbitrary commands. Combined with user input, this enables remote code execution.
spawn(Caution. This package runs system commands on your computer. This is like giving someone the keys to your terminal. They could run anything — download files, change settings, or access your private data.
Technical details
Direct process execution functions (exec, spawn) can run arbitrary commands. Combined with user input, this enables remote code execution.
exec(Caution. This package runs system commands on your computer. This is like giving someone the keys to your terminal. They could run anything — download files, change settings, or access your private data.
Technical details
Direct process execution functions (exec, spawn) can run arbitrary commands. Combined with user input, this enables remote code execution.
execSync(Caution. This package runs system commands on your computer. This is like giving someone the keys to your terminal. They could run anything — download files, change settings, or access your private data.
Technical details
Direct process execution functions (exec, spawn) can run arbitrary commands. Combined with user input, this enables remote code execution.
exec(Caution. This package runs system commands on your computer. This is like giving someone the keys to your terminal. They could run anything — download files, change settings, or access your private data.
Technical details
Direct process execution functions (exec, spawn) can run arbitrary commands. Combined with user input, this enables remote code execution.
exec(Caution. This package runs system commands on your computer. This is like giving someone the keys to your terminal. They could run anything — download files, change settings, or access your private data.
Technical details
Direct process execution functions (exec, spawn) can run arbitrary commands. Combined with user input, this enables remote code execution.
exec(Caution. This package runs system commands on your computer. This is like giving someone the keys to your terminal. They could run anything — download files, change settings, or access your private data.
Technical details
Direct process execution functions (exec, spawn) can run arbitrary commands. Combined with user input, this enables remote code execution.
exec(Caution. This package runs system commands on your computer. This is like giving someone the keys to your terminal. They could run anything — download files, change settings, or access your private data.
Technical details
Direct process execution functions (exec, spawn) can run arbitrary commands. Combined with user input, this enables remote code execution.
exec(Caution. This package runs system commands on your computer. This is like giving someone the keys to your terminal. They could run anything — download files, change settings, or access your private data.
Technical details
Direct process execution functions (exec, spawn) can run arbitrary commands. Combined with user input, this enables remote code execution.
exec(Caution. This package runs system commands on your computer. This is like giving someone the keys to your terminal. They could run anything — download files, change settings, or access your private data.
Technical details
Direct process execution functions (exec, spawn) can run arbitrary commands. Combined with user input, this enables remote code execution.
exec(Caution. This package runs system commands on your computer. This is like giving someone the keys to your terminal. They could run anything — download files, change settings, or access your private data.
Technical details
Direct process execution functions (exec, spawn) can run arbitrary commands. Combined with user input, this enables remote code execution.
exec(Caution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.
Technical details
Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.
process.env.GITHUB_TOKENCaution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.
Technical details
Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.
process.env.GH_TOKENCaution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.
Technical details
Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.
process.env.CLIENT_IP_ENCRYPTION_KEYCaution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.
Technical details
Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.
process.env.API_KEYCaution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.
Technical details
Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.
process.env.API_KEYCaution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.
Technical details
Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.
process.env.API_KEYCaution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.
Technical details
Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.
process.env.API_KEYCaution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.
Technical details
Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.
process.env.API_KEYCaution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.
Technical details
Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.
process.env.API_KEYCaution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.
Technical details
Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.
process.env.API_KEYCaution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.
Technical details
Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.
process.env.API_KEYCaution. This package reads your secret passwords and API tokens from your system. If it also has network access, your credentials could be sent to someone else's server. Check WHY it needs your secrets.
Technical details
Reading sensitive environment variables (tokens, secrets, keys, passwords) suggests data exfiltration. MCP servers should declare required env vars, not silently read secrets.
process.env.AWS_BEARER_TOKEN_BEDROCKSuspicious. This package downloads code from paste sites or raw URLs instead of using normal package managers. This is a common trick to sneak in malicious code that doesn't show up in the package itself.
Technical details
Network requests to paste sites or raw GitHub content may indicate payload downloading. Legitimate dependencies use npm, not pastebins.
raw.githubusercontentSuspicious. This package downloads code from paste sites or raw URLs instead of using normal package managers. This is a common trick to sneak in malicious code that doesn't show up in the package itself.
Technical details
Network requests to paste sites or raw GitHub content may indicate payload downloading. Legitimate dependencies use npm, not pastebins.
raw.githubusercontentSuspicious. This package downloads code from paste sites or raw URLs instead of using normal package managers. This is a common trick to sneak in malicious code that doesn't show up in the package itself.
Technical details
Network requests to paste sites or raw GitHub content may indicate payload downloading. Legitimate dependencies use npm, not pastebins.
raw.githubusercontentSuspicious. This package downloads code from paste sites or raw URLs instead of using normal package managers. This is a common trick to sneak in malicious code that doesn't show up in the package itself.
Technical details
Network requests to paste sites or raw GitHub content may indicate payload downloading. Legitimate dependencies use npm, not pastebins.
raw.githubusercontentSuspicious. This package downloads code from paste sites or raw URLs instead of using normal package managers. This is a common trick to sneak in malicious code that doesn't show up in the package itself.
Technical details
Network requests to paste sites or raw GitHub content may indicate payload downloading. Legitimate dependencies use npm, not pastebins.
raw.githubusercontentSuspicious. This package downloads code from paste sites or raw URLs instead of using normal package managers. This is a common trick to sneak in malicious code that doesn't show up in the package itself.
Technical details
Network requests to paste sites or raw GitHub content may indicate payload downloading. Legitimate dependencies use npm, not pastebins.
raw.githubusercontentFinding Summary
0
Critical
24
High
6
Medium
0
Low
0
Info