This analysis was performed using vet and SafeDep Cloud Malicious Package Analysis. Integrate with GitHub using vet-action GitHub Action.
Multiple LLM analyses confirm malicious file reading, email forwarding, and data exfiltration attempts within the package. Lack of source info adds to suspicion.
The package riseandignite/mcp-shield is highly suspicious and likely malicious based on the collected evidence. While YARA matches alone are insufficient, the multiple LLM-based analyses pointing to malicious behavior within mcp-servers-example/bad-mcp-server.js are highly concerning. These analyses consistently identify attempts to read sensitive files (including SSH keys and configuration files) using path traversal, exfiltrate data via email forwarding to a known malicious actor ('attacker@evil.com'), and redirect messages to a malicious phone number, potentially exfiltrating chat logs. The consistent pattern of malicious activities across multiple LLM analyses, despite the low confidence score of each individual analysis, strongly suggests a malicious intent. The lack of source project information (Evidence 7) further exacerbates the suspicion, as it hinders verification and transparency. Even though the confidence level of individual pieces of evidence is medium, the convergence of multiple independent LLM analyses pointing towards malicious behavior makes the overall assessment high confidence.