We ran a security scan on @stackmemoryai/stackmemory@1.10.5 as part of our MCP ecosystem monitoring.
Score: 40/100
Risk: HIGH
Findings
- [MEDIUM] excessive dependencies: Package has 38 runtime dependencies (high attack surface)
- [HIGH] command injection: Potential command injection: shell execution with template literal input
- [HIGH] unsafe eval: Uses eval() with dynamic input
What this checks
Install scripts, prompt injection patterns in metadata, suspicious URLs, source code patterns (command injection, unsafe eval, hardcoded secrets), dependency count, metadata completeness, and publisher provenance.
How to verify
You can scan this package yourself at https://agentscores.xyz/scan or via the API:
curl "https://agentscores.xyz/api/scan?npm=%40stackmemoryai%2Fstackmemory"
This is an automated scan. If any finding is incorrect, we'd appreciate knowing so we can improve detection accuracy.
Full written reviews with hardening recommendations: https://agentscores.xyz/security-review
Scanned by AgentScore MCP security monitoring.
We ran a security scan on
@stackmemoryai/stackmemory@1.10.5as part of our MCP ecosystem monitoring.Score: 40/100
Risk: HIGH
Findings
What this checks
Install scripts, prompt injection patterns in metadata, suspicious URLs, source code patterns (command injection, unsafe eval, hardcoded secrets), dependency count, metadata completeness, and publisher provenance.
How to verify
You can scan this package yourself at https://agentscores.xyz/scan or via the API:
This is an automated scan. If any finding is incorrect, we'd appreciate knowing so we can improve detection accuracy.
Full written reviews with hardening recommendations: https://agentscores.xyz/security-review
Scanned by AgentScore MCP security monitoring.