astrodynamics-mcp

v0.4.0 malicious
8.0
High Risk

Model Context Protocol server giving any LLM client authoritative astrodynamics tools — TLE/SGP4, Lambert, ground-station access, time/frame conversions, porkchop, B-plane.

🤖 AI Analysis

Final verdict: MALICIOUS

The package exhibits high credential harvesting risk and moderate obfuscation risk, indicating potential malicious activities. These factors strongly suggest a supply-chain attack.

  • High credential risk (9/10) targeting sensitive files
  • Moderate obfuscation risk (7/10) suggesting hidden malicious functionality
Per-check LLM notes
  • Network: The observed network calls are typical for packages that need to interact with external services, but their legitimacy depends on the package's intended functionality.
  • Shell: No shell execution patterns were detected, which is normal and expected.
  • Obfuscation: The presence of obfuscated code patterns suggests potential malicious intent as they may be used to hide harmful functionality.
  • Credentials: The detected patterns strongly indicate an attempt to harvest credentials, specifically aiming for sensitive files like '/etc/passwd', which poses a significant security risk.
  • Metadata: The maintainer has only one package, which may indicate a new or less active account, but no other red flags are present.

📦 Package Quality Overall: Medium (6.4/10)

✦ High Test Suite 9.0

Test suite present — 5 test file(s) found

  • Test runner config found: conftest.py
  • Test runner config found: pyproject.toml
  • 5 test file(s) detected (e.g. _gmat_helpers.py)
✦ High Documentation 9.0

Well-documented package

  • Documentation URL: "Documentation" -> https://astro-tools.github.io/astrodynamics-mcp/
  • 1 documentation file(s) (e.g. _hooks.py)
  • Detailed PyPI description (12309 chars)
○ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium Type Annotations 7.0

Partial type annotation coverage

  • Classifier: Typing :: Typed
  • 401 type-annotated function signatures detected in source
◈ Medium Multiple Contributors 5.0

Limited contributor diversity

  • 1 unique contributor(s) across 79 commits in astro-tools/astrodynamics-mcp
  • Single author but highly active (79 commits)

🔬 Heuristic Checks

Outbound Network Calls score 4.5

Found 3 network call pattern(s)

  • None: async with httpx.AsyncClient( timeout=_HTTP_TIMEOUT, headers=_HTTP_HEADER
  • this path. """ return httpx.AsyncClient( base_url=_BASE_URL, timeout=_HTTP_TIMEOUT,
  • None: async with httpx.AsyncClient(timeout=_HTTP_TIMEOUT) as owned_client: resp
Code Obfuscation score 2.0

Found 1 obfuscation pattern(s)

  • ce before a ``[spice]``-extra eval (or from a future CI provisioning step); it is deliberately
Shell / Subprocess Execution

No shell execution patterns detected

Credential Harvesting score 7.5

Found 3 credential access pattern(s)

  • sal # sink: "../../etc/passwd" climbs out of output_dir, and an # absolute na
  • # ("output_dir / '/etc/passwd'" -> "/etc/passwd"). Resolve the # candidate an
  • tput_dir / '/etc/passwd'" -> "/etc/passwd"). Resolve the # candidate and require it to si
Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History

Repository astro-tools/astrodynamics-mcp appears legitimate

Maintainer History score 2.0

1 maintainer concern(s) found

  • Author "Dimitrije Jankovic" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💬 Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!