awslabs.openapi-mcp-server

v1.1.0 malicious
8.0
High Risk

An AWS Labs Model Context Protocol (MCP) server for OpenAPI

🤖 AI Analysis

Final verdict: MALICIOUS

The package exhibits high credential risk due to suspicious file access patterns and significant obfuscation, suggesting potential malicious intent. These factors outweigh the benign nature of its network and metadata risks.

  • High credential risk due to attempted access of '/etc/shadow.json'
  • Significant obfuscation through base64 decoding
Per-check LLM notes
  • Network: The package uses standard HTTP requests and asynchronous clients which are common for interacting with APIs or services. This is likely part of its intended functionality.
  • Shell: No shell execution patterns were detected, indicating no risk from this aspect.
  • Obfuscation: The use of base64 decoding for payloads may indicate an attempt to hide code or data from casual inspection, which is not inherently malicious but increases suspicion.
  • Credentials: Accessing '/etc/shadow.json' and similar paths suggests an attempt to read sensitive system files, which is highly indicative of malicious activity aimed at harvesting credentials.
  • Metadata: The presence of non-HTTPS links and the author having only one package may indicate a less established project, but no clear signs of malicious intent.

📦 Package Quality Overall: Medium (6.6/10)

✦ High Test Suite 9.0

Test suite present — 27 test file(s) found

  • Test runner config found: pyproject.toml
  • 27 test file(s) detected (e.g. test_api_name.py)
◈ Medium Documentation 7.0

Some documentation present

  • Documentation URL: "Documentation" -> https://awslabs.github.io/mcp/servers/openapi-mcp-server/
  • Detailed PyPI description (23035 chars)
○ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 102 type-annotated function signatures detected in source
✦ High Multiple Contributors 10.0

Active multi-contributor project

  • 42 unique contributor(s) across 100 commits in awslabs/mcp
  • Active community — 5 or more distinct contributors

🔬 Heuristic Checks

Outbound Network Calls score 6.0

Found 4 network call pattern(s)

  • int}') response = requests.post(token_endpoint, headers=headers, data=data) if
  • tion pooling client = httpx.AsyncClient( base_url=base_url, headers=headers,
  • y: response = httpx.get(url, timeout=10.0) response.raise_for_status
  • te HTTP client async with httpx.AsyncClient(base_url='http://localhost:8002') as client: logger.
Code Obfuscation score 6.0

Found 3 obfuscation pattern(s)

  • decoded_payload = base64.b64decode(payload).decode('utf-8') import json
  • decoded = base64.b64decode(payload) payload_data = json.loads(d
  • amespace packages. __path__ = __import__('pkgutil').extend_path(__path__, __name__) # Copyright Amazon.com, In
Shell / Subprocess Execution

No shell execution patterns detected

Credential Harvesting score 5.0

Found 2 credential access pattern(s)

  • 'spec_path': '/etc/shadow.json', 'base_url': 'https://public-api.exam
  • resolved.__str__ = lambda s: '/etc/shadow.json' MockPath.return_value.resolve.return_value =
Typosquatting

No typosquatting candidates detected

Registered Email Domain

Email domain looks legitimate: users.noreply.github.com>

Suspicious Page Links score 8.0

Found 4 suspicious link(s) on the package page

  • Non-HTTPS external link: http://10.0.0.5:8080/openapi.json
  • Non-HTTPS external link: http://10.0.0.5:8080
  • Non-HTTPS external link: http://...`
  • Non-HTTPS external link: http://`
Git Repository History

Repository awslabs/mcp appears legitimate

Maintainer History score 2.0

1 maintainer concern(s) found

  • Author "Amazon Web Services" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💬 Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!