diff --git a/CHANGELOG.md b/CHANGELOG.md index 70b2b29..44cf985 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -113,6 +113,75 @@ Pattern engine: 37 rules -> 40 rules. --- +## [1.2.0] - 2026-05-16 + +### Added + +**Justified suppression and false positive feedback (Part 14)** + +Two new suppression keywords on top of the existing `bawbel-ignore` system: + +- `bawbel-ignore` with metadata fields (`reason`, `reviewer`, `reviewed`) declares a + false positive permanently. The reason is recorded in the audit trail. +- `bawbel-accept` with an `expires` field declares an accepted risk. When the expiry + date passes, the finding resurfaces automatically as an active finding on the next scan. + +`bawbel accept` CLI command inserts justified suppression comments directly into source +files. `bawbel accept --list` shows all accepted findings. `bawbel accept --expiring-soon` +shows findings expiring within a configurable window and exits 1 for CI use. + +Anonymous FP signals can be sent to PiranhaDB via `--report`. Only AVE ID, engine, +confidence score, and a hash of the match context are sent. No file content. + +`ScanResult.accepted_findings` is a new field in JSON output containing full metadata +for each justified suppression. + +**New detection rules** + +Three new AVE records and pattern rules: + +- `bawbel-hook-hijack` (AVE-2026-00046): MCP tool hook hijacking. CRITICAL, AIVSS 9.1. + Detects skill files that register hooks to intercept or redirect tool execution calls. +- `bawbel-hardcoded-credential` (AVE-2026-00047): Hardcoded credentials. HIGH, AIVSS 7.8. + Detects API keys, tokens, passwords, private keys, and URL-embedded credentials. +- `bawbel-unsafe-delegation` (AVE-2026-00048): Unsafe agent delegation chain. HIGH, AIVSS 8.2. + Detects sub-agent spawning with inherited permissions and no trust boundary. + +Pattern engine: 37 rules -> 40 rules. + +**New commands** + +- `bawbel creds `: credential-focused scan, filters to AVE-2026-00047 and related + rules. Same output format as `bawbel scan`. Supports `--recursive`, `--no-ignore`, + `--fail-on-any`, `--format json`. +- `bawbel chain `: delegation chain scanner, filters to AVE-2026-00048 and related + rules. Same flags as `bawbel creds`. + +**`bawbel report` improvements** + +- Added `--recursive` / `-r` flag. `bawbel report ./skills/ --recursive` generates + a full remediation report for every file in the directory. +- Added `--no-ignore` flag matching `bawbel scan`. + +### Changed + +- `scanner.py` Step 10 added: justified suppression runs after Step 9 (inline suppression). + Expired accepted risks are re-surfaced as active findings at this stage. +- Pattern engine rule count: 37 -> 40. + +### Fixed + +- `pr-review.yml` regression-check job: missing `pip install -e .` caused scan import + failures on clean repos. +- `ci.yml` test job: missing `pip install -e .` caused import failures. +- `ci.yml` Docker verify step: `python3 -c "..."` with f-strings caused shell brace + expansion to mangle the script before Python saw it. Replaced with single-line + assertion using no f-strings. +- `ci.yml` Docker verify step: wrong `aivss` field name (should be `aivss_score`), + wrong threshold (9.0 should be 7.0 to match actual fixture score). + +--- + ## [1.1.1] - 2026-05-07 ### Fixed diff --git a/README.md b/README.md index 0e1624b..b10782f 100644 --- a/README.md +++ b/README.md @@ -2,6 +2,8 @@ # Bawbel Scanner + + **The only open-source scanner that produces OWASP AIVSS scores for MCP servers and skill files. Never executes code.** @@ -29,7 +31,7 @@ bawbel scan ./skills/ # scan skill files bawbel ssc https://server # scan MCP server without starting it ``` -Bawbel Scanner demo +Bawbel Scanner demo --- diff --git a/scripts/smithery_scan_results.json b/scripts/smithery_scan_results.json new file mode 100644 index 0000000..0320584 --- /dev/null +++ b/scripts/smithery_scan_results.json @@ -0,0 +1,11359 @@ +{ + "schema_version": "1.0.0", + "scan_date": "2026-05-20T13:28:35.553925+00:00", + "source": "smithery", + "scanner_version": "Bawbel Scanner v1.2.2 · github.com/bawbel/scanner", + "servers_scanned": 497, + "servers_with_findings": 76, + "servers_clean": 421, + "servers_with_toxic_flows": 15, + "total_findings": 95, + "total_toxic_flows": 22, + "flaw_rate_pct": 15.3, + "aivss_avg": 7.0, + "aivss_max": 9.1, + "by_severity": { + "HIGH": 81, + "CRITICAL": 12, + "MEDIUM": 2 + }, + "top_ave_ids": [ + [ + "AVE-2026-00024", + 30 + ], + [ + "AVE-2026-00013", + 13 + ], + [ + "AVE-2026-00026", + 10 + ], + [ + "AVE-2026-00011", + 9 + ], + [ + "AVE-2026-00002", + 6 + ], + [ + "AVE-2026-00003", + 5 + ], + [ + "AVE-2026-00032", + 4 + ], + [ + "AVE-2026-00027", + 3 + ], + [ + "AVE-2026-00047", + 3 + ], + [ + "AVE-2026-00021", + 3 + ] + ], + "top_owasp_mcp": [ + [ + "MCP05", + 33 + ], + [ + "MCP04", + 30 + ], + [ + "MCP01", + 28 + ], + [ + "MCP03", + 15 + ], + [ + "MCP08", + 14 + ] + ], + "results": [ + { + "rank": 1, + "qualified_name": "exa", + "display_name": "Exa Search", + "tools_count": 2, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:18:24.696776+00:00" + }, + { + "rank": 2, + "qualified_name": "gmail", + "display_name": "Gmail", + "tools_count": 20, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:18:25.345266+00:00" + }, + { + "rank": 3, + "qualified_name": "upstash/context7-mcp", + "display_name": "Context7", + "tools_count": 2, + "risk_score": 7.3, + "findings_count": 1, + "toxic_flows_count": 0, + "findings": [ + { + "rule_id": "bawbel-mcp-tool-poisoning", + "ave_id": "AVE-2026-00002", + "title": "MCP tool description injection detected", + "description": "MCP server tool description contains instructions targeting the AI agent rather than describing the tool's functionality. Classic MCP tool poisoning attack.", + "severity": "HIGH", + "aivss_score": 7.3, + "aivss": { + "cvss_base": 0.0, + "aarf": { + "autonomy": 0.5, + "tool_use": 0.5, + "multi_agent": 0.0, + "non_determinism": 0.5, + "self_modification": 0.0, + "dynamic_identity": 0.0, + "persistent_memory": 0.0, + "natural_language_input": 1.0, + "data_access": 0.5, + "external_dependencies": 0.0 + }, + "aars": 0.0, + "thm": 0.75, + "mitigation_factor": 1.0, + "aivss_score": 7.3, + "aivss_severity": "HIGH", + "spec_version": "0.8" + }, + "line": 27, + "match": "IMPORTANT: Do not", + "engine": "pattern", + "owasp": [ + "ASI01", + "ASI03" + ], + "owasp_mcp": [ + "MCP03", + "MCP10" + ], + "piranha_url": "https://api.piranha.bawbel.io/records/AVE-2026-00002" + } + ], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:18:24.687567+00:00" + }, + { + "rank": 4, + "qualified_name": "brave", + "display_name": "Brave Search", + "tools_count": 8, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:18:24.711785+00:00" + }, + { + "rank": 5, + "qualified_name": "parallel/search", + "display_name": "Parallel Web Search", + "tools_count": 2, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:18:27.846606+00:00" + }, + { + "rank": 6, + "qualified_name": "LinkupPlatform/linkup-mcp-server", + "display_name": "Linkup", + "tools_count": 2, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:18:28.028821+00:00" + }, + { + "rank": 7, + "qualified_name": "jina", + "display_name": "Jina AI", + "tools_count": 21, + "risk_score": 9.1, + "findings_count": 1, + "toxic_flows_count": 0, + "findings": [ + { + "rule_id": "AVE_ToolOutputExfil", + "ave_id": "AVE-2026-00026", + "title": "AVE_ToolOutputExfil", + "description": "YARA rule matched", + "severity": "CRITICAL", + "aivss_score": 9.1, + "aivss": { + "cvss_base": 0.0, + "aarf": { + "autonomy": 0.5, + "tool_use": 0.5, + "multi_agent": 0.0, + "non_determinism": 0.5, + "self_modification": 0.0, + "dynamic_identity": 0.0, + "persistent_memory": 0.0, + "natural_language_input": 1.0, + "data_access": 0.5, + "external_dependencies": 0.0 + }, + "aars": 0.0, + "thm": 0.75, + "mitigation_factor": 1.0, + "aivss_score": 9.1, + "aivss_severity": "CRITICAL", + "spec_version": "0.8" + }, + "line": null, + "match": "encode", + "engine": "yara", + "owasp": [], + "owasp_mcp": [ + "MCP01", + "MCP08" + ], + "piranha_url": "https://api.piranha.bawbel.io/records/AVE-2026-00026" + } + ], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:18:28.004107+00:00" + }, + { + "rank": 8, + "qualified_name": "microsoft/learn_mcp", + "display_name": "Microsoft Learn MCP", + "tools_count": 3, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:18:28.449830+00:00" + }, + { + "rank": 9, + "qualified_name": "Supabase", + "display_name": "Supabase", + "tools_count": 29, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:18:31.198379+00:00" + }, + { + "rank": 10, + "qualified_name": "clay-inc/clay-mcp", + "display_name": "Mesh MCP", + "tools_count": 20, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:18:31.361450+00:00" + }, + { + "rank": 11, + "qualified_name": "github", + "display_name": "GitHub", + "tools_count": 86, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:18:31.649028+00:00" + }, + { + "rank": 12, + "qualified_name": "Tavily", + "display_name": "Tavily", + "tools_count": 6, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:18:31.543064+00:00" + }, + { + "rank": 13, + "qualified_name": "notion", + "display_name": "Notion", + "tools_count": 14, + "risk_score": 4.9, + "findings_count": 1, + "toxic_flows_count": 0, + "findings": [ + { + "rule_id": "bawbel-system-prompt-leak", + "ave_id": "AVE-2026-00015", + "title": "System prompt extraction attempt detected", + "description": "Component instructs agent to reveal its system prompt, operating instructions, or other confidential configuration.", + "severity": "MEDIUM", + "aivss_score": 4.9, + "aivss": { + "cvss_base": 0.0, + "aarf": { + "autonomy": 0.5, + "tool_use": 0.5, + "multi_agent": 0.0, + "non_determinism": 0.5, + "self_modification": 0.0, + "dynamic_identity": 0.0, + "persistent_memory": 0.0, + "natural_language_input": 1.0, + "data_access": 0.5, + "external_dependencies": 0.0 + }, + "aars": 0.0, + "thm": 0.75, + "mitigation_factor": 1.0, + "aivss_score": 4.9, + "aivss_severity": "MEDIUM", + "spec_version": "0.8" + }, + "line": 492, + "match": "display configuration", + "engine": "pattern", + "owasp": [ + "ASI09" + ], + "owasp_mcp": [ + "MCP10", + "MCP08" + ], + "piranha_url": "https://api.piranha.bawbel.io/records/AVE-2026-00015" + } + ], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:18:34.693762+00:00" + }, + { + "rank": 14, + "qualified_name": "onesignal/onesignal", + "display_name": "OneSignal", + "tools_count": 31, + "risk_score": 6.8, + "findings_count": 1, + "toxic_flows_count": 0, + "findings": [ + { + "rule_id": "bawbel-tool-output-exfil", + "ave_id": "AVE-2026-00026", + "title": "Exfiltration via tool output encoding", + "description": "Component instructs the agent to encode sensitive data inside tool call parameters or return values for covert exfiltration.", + "severity": "CRITICAL", + "aivss_score": 6.8, + "aivss": { + "cvss_base": 0.0, + "aarf": { + "autonomy": 0.5, + "tool_use": 0.5, + "multi_agent": 0.0, + "non_determinism": 0.5, + "self_modification": 0.0, + "dynamic_identity": 0.0, + "persistent_memory": 0.0, + "natural_language_input": 1.0, + "data_access": 0.5, + "external_dependencies": 0.0 + }, + "aars": 0.0, + "thm": 0.75, + "mitigation_factor": 1.0, + "aivss_score": 6.8, + "aivss_severity": "CRITICAL", + "spec_version": "0.8" + }, + "line": 103, + "match": "Base64 integer token", + "engine": "pattern", + "owasp": [ + "ASI06", + "ASI04" + ], + "owasp_mcp": [ + "MCP01", + "MCP08" + ], + "piranha_url": "https://api.piranha.bawbel.io/records/AVE-2026-00026" + } + ], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:18:34.722624+00:00" + }, + { + "rank": 15, + "qualified_name": "linear", + "display_name": "Linear", + "tools_count": 25, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:18:34.773217+00:00" + }, + { + "rank": 16, + "qualified_name": "browserbase", + "display_name": "Browserbase", + "tools_count": 6, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:18:34.732152+00:00" + }, + { + "rank": 17, + "qualified_name": "googlesheets", + "display_name": "Google Sheets", + "tools_count": 38, + "risk_score": 7.3, + "findings_count": 2, + "toxic_flows_count": 0, + "findings": [ + { + "rule_id": "bawbel-content-type-mismatch", + "ave_id": "AVE-2026-00024", + "title": "Supply chain: content type mismatch (.md file contains yaml)", + "description": "File 'smithery_scan_gla8o39c.md' has extension '.md' but Magika identifies its content as 'yaml' (confidence 97%). Expected one of: ['markdown', 'text', 'txt'].", + "severity": "HIGH", + "aivss_score": 6.8, + "aivss": { + "cvss_base": 0.0, + "aarf": { + "autonomy": 0.5, + "tool_use": 0.5, + "multi_agent": 0.0, + "non_determinism": 0.5, + "self_modification": 0.0, + "dynamic_identity": 0.0, + "persistent_memory": 0.0, + "natural_language_input": 1.0, + "data_access": 0.5, + "external_dependencies": 0.0 + }, + "aars": 0.0, + "thm": 0.75, + "mitigation_factor": 1.0, + "aivss_score": 6.8, + "aivss_severity": "HIGH", + "spec_version": "0.8" + }, + "line": null, + "match": ".md -> yaml", + "engine": "magika", + "owasp": [ + "ASI07" + ], + "owasp_mcp": [ + "MCP04" + ], + "piranha_url": "https://api.piranha.bawbel.io/records/AVE-2026-00024" + }, + { + "rule_id": "bawbel-mcp-tool-poisoning", + "ave_id": "AVE-2026-00002", + "title": "MCP tool description injection detected", + "description": "MCP server tool description contains instructions targeting the AI agent rather than describing the tool's functionality. Classic MCP tool poisoning attack.", + "severity": "HIGH", + "aivss_score": 7.3, + "aivss": { + "cvss_base": 0.0, + "aarf": { + "autonomy": 0.5, + "tool_use": 0.5, + "multi_agent": 0.0, + "non_determinism": 0.5, + "self_modification": 0.0, + "dynamic_identity": 0.0, + "persistent_memory": 0.0, + "natural_language_input": 1.0, + "data_access": 0.5, + "external_dependencies": 0.0 + }, + "aars": 0.0, + "thm": 0.75, + "mitigation_factor": 1.0, + "aivss_score": 7.3, + "aivss_severity": "HIGH", + "spec_version": "0.8" + }, + "line": 6, + "match": "WARNING: Do not", + "engine": "pattern", + "owasp": [ + "ASI01", + "ASI03" + ], + "owasp_mcp": [ + "MCP03", + "MCP10" + ], + "piranha_url": "https://api.piranha.bawbel.io/records/AVE-2026-00002" + } + ], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:18:38.411442+00:00" + }, + { + "rank": 18, + "qualified_name": "reddit", + "display_name": "Reddit", + "tools_count": 10, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:18:38.105740+00:00" + }, + { + "rank": 19, + "qualified_name": "slack", + "display_name": "Slack", + "tools_count": 142, + "risk_score": 8.4, + "findings_count": 2, + "toxic_flows_count": 0, + "findings": [ + { + "rule_id": "bawbel-content-type-mismatch", + "ave_id": "AVE-2026-00024", + "title": "Supply chain: content type mismatch (.md file contains yaml)", + "description": "File 'smithery_scan_23omcntr.md' has extension '.md' but Magika identifies its content as 'yaml' (confidence 97%). Expected one of: ['markdown', 'text', 'txt'].", + "severity": "HIGH", + "aivss_score": 6.8, + "aivss": { + "cvss_base": 0.0, + "aarf": { + "autonomy": 0.5, + "tool_use": 0.5, + "multi_agent": 0.0, + "non_determinism": 0.5, + "self_modification": 0.0, + "dynamic_identity": 0.0, + "persistent_memory": 0.0, + "natural_language_input": 1.0, + "data_access": 0.5, + "external_dependencies": 0.0 + }, + "aars": 0.0, + "thm": 0.75, + "mitigation_factor": 1.0, + "aivss_score": 6.8, + "aivss_severity": "HIGH", + "spec_version": "0.8" + }, + "line": null, + "match": ".md -> yaml", + "engine": "magika", + "owasp": [ + "ASI07" + ], + "owasp_mcp": [ + "MCP04" + ], + "piranha_url": "https://api.piranha.bawbel.io/records/AVE-2026-00024" + }, + { + "rule_id": "AVE_MultiTurnAttack", + "ave_id": "AVE-2026-00027", + "title": "AVE_MultiTurnAttack", + "description": "YARA rule matched", + "severity": "HIGH", + "aivss_score": 8.4, + "aivss": { + "cvss_base": 0.0, + "aarf": { + "autonomy": 0.5, + "tool_use": 0.5, + "multi_agent": 0.0, + "non_determinism": 0.5, + "self_modification": 0.0, + "dynamic_identity": 0.0, + "persistent_memory": 0.0, + "natural_language_input": 1.0, + "data_access": 0.5, + "external_dependencies": 0.0 + }, + "aars": 0.0, + "thm": 0.75, + "mitigation_factor": 1.0, + "aivss_score": 8.4, + "aivss_severity": "HIGH", + "spec_version": "0.8" + }, + "line": null, + "match": "retain", + "engine": "yara", + "owasp": [], + "owasp_mcp": [ + "MCP06", + "MCP10" + ], + "piranha_url": "https://api.piranha.bawbel.io/records/AVE-2026-00027" + } + ], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:18:38.616875+00:00" + }, + { + "rank": 20, + "qualified_name": "googledrive", + "display_name": "Google Drive", + "tools_count": 20, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:18:38.245692+00:00" + }, + { + "rank": 21, + "qualified_name": "googletasks", + "display_name": "Google Tasks", + "tools_count": 14, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:18:41.645297+00:00" + }, + { + "rank": 22, + "qualified_name": "googlecalendar", + "display_name": "Google Calendar", + "tools_count": 29, + "risk_score": 6.8, + "findings_count": 1, + "toxic_flows_count": 0, + "findings": [ + { + "rule_id": "bawbel-content-type-mismatch", + "ave_id": "AVE-2026-00024", + "title": "Supply chain: content type mismatch (.md file contains yaml)", + "description": "File 'smithery_scan_mu3b5gbq.md' has extension '.md' but Magika identifies its content as 'yaml' (confidence 84%). Expected one of: ['markdown', 'text', 'txt'].", + "severity": "HIGH", + "aivss_score": 6.8, + "aivss": { + "cvss_base": 0.0, + "aarf": { + "autonomy": 0.5, + "tool_use": 0.5, + "multi_agent": 0.0, + "non_determinism": 0.5, + "self_modification": 0.0, + "dynamic_identity": 0.0, + "persistent_memory": 0.0, + "natural_language_input": 1.0, + "data_access": 0.5, + "external_dependencies": 0.0 + }, + "aars": 0.0, + "thm": 0.75, + "mitigation_factor": 1.0, + "aivss_score": 6.8, + "aivss_severity": "HIGH", + "spec_version": "0.8" + }, + "line": null, + "match": ".md -> yaml", + "engine": "magika", + "owasp": [ + "ASI07" + ], + "owasp_mcp": [ + "MCP04" + ], + "piranha_url": "https://api.piranha.bawbel.io/records/AVE-2026-00024" + } + ], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:18:41.787928+00:00" + }, + { + "rank": 23, + "qualified_name": "googlesuper", + "display_name": "Google Super", + "tools_count": 200, + "risk_score": 9.3, + "findings_count": 3, + "toxic_flows_count": 2, + "findings": [ + { + "rule_id": "AVE_ToolOutputExfil", + "ave_id": "AVE-2026-00026", + "title": "AVE_ToolOutputExfil", + "description": "YARA rule matched", + "severity": "CRITICAL", + "aivss_score": 9.1, + "aivss": { + "cvss_base": 0.0, + "aarf": { + "autonomy": 0.5, + "tool_use": 0.5, + "multi_agent": 0.0, + "non_determinism": 0.5, + "self_modification": 0.0, + "dynamic_identity": 0.0, + "persistent_memory": 0.0, + "natural_language_input": 1.0, + "data_access": 0.5, + "external_dependencies": 0.0 + }, + "aars": 0.0, + "thm": 0.75, + "mitigation_factor": 1.0, + "aivss_score": 9.1, + "aivss_severity": "CRITICAL", + "spec_version": "0.8" + }, + "line": null, + "match": "encode", + "engine": "yara", + "owasp": [], + "owasp_mcp": [ + "MCP01", + "MCP08" + ], + "piranha_url": "https://api.piranha.bawbel.io/records/AVE-2026-00026" + }, + { + "rule_id": "bawbel-mcp-tool-poisoning", + "ave_id": "AVE-2026-00002", + "title": "MCP tool description injection detected", + "description": "MCP server tool description contains instructions targeting the AI agent rather than describing the tool's functionality. Classic MCP tool poisoning attack.", + "severity": "HIGH", + "aivss_score": 7.3, + "aivss": { + "cvss_base": 0.0, + "aarf": { + "autonomy": 0.5, + "tool_use": 0.5, + "multi_agent": 0.0, + "non_determinism": 0.5, + "self_modification": 0.0, + "dynamic_identity": 0.0, + "persistent_memory": 0.0, + "natural_language_input": 1.0, + "data_access": 0.5, + "external_dependencies": 0.0 + }, + "aars": 0.0, + "thm": 0.75, + "mitigation_factor": 1.0, + "aivss_score": 7.3, + "aivss_severity": "HIGH", + "spec_version": "0.8" + }, + "line": 42, + "match": "WARNING: Do not", + "engine": "pattern", + "owasp": [ + "ASI01", + "ASI03" + ], + "owasp_mcp": [ + "MCP03", + "MCP10" + ], + "piranha_url": "https://api.piranha.bawbel.io/records/AVE-2026-00002" + }, + { + "rule_id": "bawbel-scope-creep", + "ave_id": "AVE-2026-00022", + "title": "Scope creep - accessing undeclared resources", + "description": "Component instructs agent to access files, APIs, or systems beyond the scope declared in its manifest.", + "severity": "MEDIUM", + "aivss_score": 6.0, + "aivss": { + "cvss_base": 0.0, + "aarf": { + "autonomy": 0.5, + "tool_use": 0.5, + "multi_agent": 0.0, + "non_determinism": 0.5, + "self_modification": 0.0, + "dynamic_identity": 0.0, + "persistent_memory": 0.0, + "natural_language_input": 1.0, + "data_access": 0.5, + "external_dependencies": 0.0 + }, + "aars": 0.0, + "thm": 0.75, + "mitigation_factor": 1.0, + "aivss_score": 6.0, + "aivss_severity": "MEDIUM", + "spec_version": "0.8" + }, + "line": 725, + "match": "Search all file", + "engine": "pattern", + "owasp": [ + "ASI07" + ], + "owasp_mcp": [ + "MCP02" + ], + "piranha_url": "https://api.piranha.bawbel.io/records/AVE-2026-00022" + } + ], + "toxic_flows": [ + { + "flow_id": "tool-poison-with-exfil", + "title": "Tool Poisoning + Exfiltration Chain", + "ave_ids": [ + "AVE-2026-00002", + "AVE-2026-00026" + ], + "capabilities": [ + "tool-poison", + "data-exfil" + ], + "severity": "CRITICAL", + "aivss_score": 9.3, + "description": "Component poisons tool descriptions AND exfiltrates data. The tool poisoning hijacks agent behavior, while the exfil instructions transmit the stolen data - a silent harvest chain.", + "owasp_mcp": [ + "MCP03", + "MCP01" + ], + "remediation": "1. Remove all behavioral instructions from tool descriptions. 2. Remove all data transmission instructions. 3. Scan with bawbel scan-server-card before connecting any MCP server." + }, + { + "flow_id": "scope-expand-with-exfil", + "title": "Scope Expansion + Exfiltration Chain", + "ave_ids": [ + "AVE-2026-00022", + "AVE-2026-00026" + ], + "capabilities": [ + "scope-expand", + "data-exfil" + ], + "severity": "HIGH", + "aivss_score": 8.7, + "description": "Component expands its declared scope to access undeclared resources AND exfiltrates data. Accesses more than declared, transmits the excess - a scope creep + exfiltration chain.", + "owasp_mcp": [ + "MCP02", + "MCP01" + ], + "remediation": "1. Remove all undeclared resource access instructions. 2. Remove all data transmission instructions. 3. Declare all required permissions explicitly in the component manifest." + } + ], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:18:43.131840+00:00" + }, + { + "rank": 24, + "qualified_name": "outlook", + "display_name": "Outlook", + "tools_count": 51, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:18:42.168927+00:00" + }, + { + "rank": 25, + "qualified_name": "instagram", + "display_name": "Instagram", + "tools_count": 16, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:18:44.949561+00:00" + }, + { + "rank": 26, + "qualified_name": "youtube", + "display_name": "Youtube", + "tools_count": 16, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:18:45.102421+00:00" + }, + { + "rank": 27, + "qualified_name": "clickhouse", + "display_name": "ClickHouse", + "tools_count": 13, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:18:45.329899+00:00" + }, + { + "rank": 28, + "qualified_name": "docfork/docfork", + "display_name": "Docfork", + "tools_count": 2, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:18:46.287467+00:00" + }, + { + "rank": 29, + "qualified_name": "googledocs", + "display_name": "Google Docs", + "tools_count": 33, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:18:48.540580+00:00" + }, + { + "rank": 30, + "qualified_name": "workos", + "display_name": "WorkOS", + "tools_count": 127, + "risk_score": 9.1, + "findings_count": 2, + "toxic_flows_count": 3, + "findings": [ + { + "rule_id": "bawbel-tool-output-exfil", + "ave_id": "AVE-2026-00026", + "title": "Exfiltration via tool output encoding", + "description": "Component instructs the agent to encode sensitive data inside tool call parameters or return values for covert exfiltration.", + "severity": "CRITICAL", + "aivss_score": 6.8, + "aivss": { + "cvss_base": 0.0, + "aarf": { + "autonomy": 0.5, + "tool_use": 0.5, + "multi_agent": 0.0, + "non_determinism": 0.5, + "self_modification": 0.0, + "dynamic_identity": 0.0, + "persistent_memory": 0.0, + "natural_language_input": 1.0, + "data_access": 0.5, + "external_dependencies": 0.0 + }, + "aars": 0.0, + "thm": 0.75, + "mitigation_factor": 1.0, + "aivss_score": 6.8, + "aivss_severity": "CRITICAL", + "spec_version": "0.8" + }, + "line": 801, + "match": "encoded shared secret", + "engine": "pattern", + "owasp": [ + "ASI06", + "ASI04" + ], + "owasp_mcp": [ + "MCP01", + "MCP08" + ], + "piranha_url": "https://api.piranha.bawbel.io/records/AVE-2026-00026" + }, + { + "rule_id": "AVE_MultiTurnAttack", + "ave_id": "AVE-2026-00027", + "title": "AVE_MultiTurnAttack", + "description": "YARA rule matched", + "severity": "HIGH", + "aivss_score": 8.4, + "aivss": { + "cvss_base": 0.0, + "aarf": { + "autonomy": 0.5, + "tool_use": 0.5, + "multi_agent": 0.0, + "non_determinism": 0.5, + "self_modification": 0.0, + "dynamic_identity": 0.0, + "persistent_memory": 0.0, + "natural_language_input": 1.0, + "data_access": 0.5, + "external_dependencies": 0.0 + }, + "aars": 0.0, + "thm": 0.75, + "mitigation_factor": 1.0, + "aivss_score": 8.4, + "aivss_severity": "HIGH", + "spec_version": "0.8" + }, + "line": null, + "match": "retain", + "engine": "yara", + "owasp": [], + "owasp_mcp": [ + "MCP06", + "MCP10" + ], + "piranha_url": "https://api.piranha.bawbel.io/records/AVE-2026-00027" + } + ], + "toxic_flows": [ + { + "flow_id": "persistence-with-exfil", + "title": "Persistence + Data Exfiltration Chain", + "ave_ids": [ + "AVE-2026-00026", + "AVE-2026-00027" + ], + "capabilities": [ + "persistence", + "data-exfil" + ], + "severity": "CRITICAL", + "aivss_score": 9.1, + "description": "Component establishes persistence AND exfiltrates data. The persistence ensures the exfiltration continues across sessions and context resets - a long-running data harvest chain.", + "owasp_mcp": [ + "MCP06", + "MCP01" + ], + "remediation": "1. Remove all persistence instructions. 2. Remove all data transmission instructions. 3. Scan all startup scripts and cron entries for injected instructions." + }, + { + "flow_id": "goal-override-with-exfil", + "title": "Goal Override + Exfiltration Chain", + "ave_ids": [ + "AVE-2026-00026", + "AVE-2026-00027" + ], + "capabilities": [ + "goal-override", + "data-exfil" + ], + "severity": "HIGH", + "aivss_score": 8.8, + "description": "Component overrides agent goals AND exfiltrates data. The override disables safety constraints, the exfil transmits whatever the agent can access - a combined hijack + harvest chain.", + "owasp_mcp": [ + "MCP06", + "MCP01" + ], + "remediation": "1. Remove all goal override instructions. 2. Remove all data transmission instructions." + }, + { + "flow_id": "covert-exfil-with-persistence", + "title": "Covert Channel + Persistence Chain", + "ave_ids": [ + "AVE-2026-00026", + "AVE-2026-00027" + ], + "capabilities": [ + "covert-channel", + "persistence" + ], + "severity": "HIGH", + "aivss_score": 8.6, + "description": "Component uses a covert channel (steganography, timing) to exfiltrate data AND establishes persistence. The covert channel evades detection, the persistence ensures long-term access - a stealthy harvest chain.", + "owasp_mcp": [ + "MCP08", + "MCP06" + ], + "remediation": "1. Remove all steganographic encoding or covert channel instructions. 2. Remove all persistence instructions. 3. Audit agent outputs for encoded data using forensic tooling." + } + ], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:18:48.854256+00:00" + }, + { + "rank": 31, + "qualified_name": "google_search_console", + "display_name": "Google search console", + "tools_count": 6, + "risk_score": 6.8, + "findings_count": 1, + "toxic_flows_count": 0, + "findings": [ + { + "rule_id": "bawbel-content-type-mismatch", + "ave_id": "AVE-2026-00024", + "title": "Supply chain: content type mismatch (.md file contains yaml)", + "description": "File 'smithery_scan_2m8_4omy.md' has extension '.md' but Magika identifies its content as 'yaml' (confidence 76%). Expected one of: ['markdown', 'text', 'txt'].", + "severity": "HIGH", + "aivss_score": 6.8, + "aivss": { + "cvss_base": 0.0, + "aarf": { + "autonomy": 0.5, + "tool_use": 0.5, + "multi_agent": 0.0, + "non_determinism": 0.5, + "self_modification": 0.0, + "dynamic_identity": 0.0, + "persistent_memory": 0.0, + "natural_language_input": 1.0, + "data_access": 0.5, + "external_dependencies": 0.0 + }, + "aars": 0.0, + "thm": 0.75, + "mitigation_factor": 1.0, + "aivss_score": 6.8, + "aivss_severity": "HIGH", + "spec_version": "0.8" + }, + "line": null, + "match": ".md -> yaml", + "engine": "magika", + "owasp": [ + "ASI07" + ], + "owasp_mcp": [ + "MCP04" + ], + "piranha_url": "https://api.piranha.bawbel.io/records/AVE-2026-00024" + } + ], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:18:48.529240+00:00" + }, + { + "rank": 32, + "qualified_name": "vercel/grep", + "display_name": "Vercel Grep", + "tools_count": 1, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:18:49.416967+00:00" + }, + { + "rank": 33, + "qualified_name": "hugeicons/mcp-server", + "display_name": "Hugeicons MCP Server", + "tools_count": 5, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:18:52.378276+00:00" + }, + { + "rank": 34, + "qualified_name": "blockscout/mcp-server", + "display_name": "Blockscout MCP Server", + "tools_count": 16, + "risk_score": 5.8, + "findings_count": 1, + "toxic_flows_count": 0, + "findings": [ + { + "rule_id": "bawbel-context-manipulation", + "ave_id": "AVE-2026-00023", + "title": "Model context window manipulation", + "description": "Component attempts to overflow or manipulate the model context window to push out safety instructions or prior context.", + "severity": "HIGH", + "aivss_score": 5.8, + "aivss": { + "cvss_base": 0.0, + "aarf": { + "autonomy": 0.5, + "tool_use": 0.5, + "multi_agent": 0.0, + "non_determinism": 0.5, + "self_modification": 0.0, + "dynamic_identity": 0.0, + "persistent_memory": 0.0, + "natural_language_input": 1.0, + "data_access": 0.5, + "external_dependencies": 0.0 + }, + "aars": 0.0, + "thm": 0.75, + "mitigation_factor": 1.0, + "aivss_score": 5.8, + "aivss_severity": "HIGH", + "spec_version": "0.8" + }, + "line": 26, + "match": "exhaust the context", + "engine": "pattern", + "owasp": [ + "ASI01" + ], + "owasp_mcp": [ + "MCP10", + "MCP06" + ], + "piranha_url": "https://api.piranha.bawbel.io/records/AVE-2026-00023" + } + ], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:18:54.247950+00:00" + }, + { + "rank": 35, + "qualified_name": "agentmail", + "display_name": "AgentMail", + "tools_count": 11, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:18:52.963698+00:00" + }, + { + "rank": 36, + "qualified_name": "databutton/databutton-mcp", + "display_name": "Databutton", + "tools_count": 1, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:18:53.982260+00:00" + }, + { + "rank": 37, + "qualified_name": "hamid-vakilzadeh/mcpsemanticscholar", + "display_name": "AI Research Assistant", + "tools_count": 12, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:18:57.184170+00:00" + }, + { + "rank": 38, + "qualified_name": "aniruddha-adhikary/gahmen-mcp", + "display_name": "MCP Server for Singapore Government Open Data", + "tools_count": 10, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:18:57.711289+00:00" + }, + { + "rank": 39, + "qualified_name": "zwldarren/akshare-one-mcp", + "display_name": "AKShare One MCP Server", + "tools_count": 9, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:18:58.715337+00:00" + }, + { + "rank": 40, + "qualified_name": "TitanSneaker/paper-search-mcp-openai-v2", + "display_name": "paper-search-mcp-openai-v2", + "tools_count": 25, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:18:59.068443+00:00" + }, + { + "rank": 41, + "qualified_name": "adamamer20/paper-search-mcp-openai", + "display_name": "Paper Search", + "tools_count": 25, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:19:01.966704+00:00" + }, + { + "rank": 42, + "qualified_name": "kkjdaniel/bgg-mcp", + "display_name": "BoardGameGeek", + "tools_count": 10, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:19:02.236524+00:00" + }, + { + "rank": 43, + "qualified_name": "blake365/macrostrat-mcp", + "display_name": "macrostrat-mcp", + "tools_count": 8, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:19:03.256284+00:00" + }, + { + "rank": 44, + "qualified_name": "aryankeluskar/polymarket-mcp", + "display_name": "Polymarket", + "tools_count": 7, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:19:03.745022+00:00" + }, + { + "rank": 45, + "qualified_name": "hjsh200219/fortuneteller", + "display_name": "Saju Insights", + "tools_count": 7, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:19:06.408827+00:00" + }, + { + "rank": 46, + "qualified_name": "contrastcyber/contrastapi", + "display_name": "ContrastAPI", + "tools_count": 53, + "risk_score": 9.1, + "findings_count": 2, + "toxic_flows_count": 3, + "findings": [ + { + "rule_id": "AVE_ToolOutputExfil", + "ave_id": "AVE-2026-00026", + "title": "AVE_ToolOutputExfil", + "description": "YARA rule matched", + "severity": "CRITICAL", + "aivss_score": 9.1, + "aivss": { + "cvss_base": 0.0, + "aarf": { + "autonomy": 0.5, + "tool_use": 0.5, + "multi_agent": 0.0, + "non_determinism": 0.5, + "self_modification": 0.0, + "dynamic_identity": 0.0, + "persistent_memory": 0.0, + "natural_language_input": 1.0, + "data_access": 0.5, + "external_dependencies": 0.0 + }, + "aars": 0.0, + "thm": 0.75, + "mitigation_factor": 1.0, + "aivss_score": 9.1, + "aivss_severity": "CRITICAL", + "spec_version": "0.8" + }, + "line": null, + "match": "encode", + "engine": "yara", + "owasp": [], + "owasp_mcp": [ + "MCP01", + "MCP08" + ], + "piranha_url": "https://api.piranha.bawbel.io/records/AVE-2026-00026" + }, + { + "rule_id": "AVE_MultiTurnAttack", + "ave_id": "AVE-2026-00027", + "title": "AVE_MultiTurnAttack", + "description": "YARA rule matched", + "severity": "HIGH", + "aivss_score": 8.4, + "aivss": { + "cvss_base": 0.0, + "aarf": { + "autonomy": 0.5, + "tool_use": 0.5, + "multi_agent": 0.0, + "non_determinism": 0.5, + "self_modification": 0.0, + "dynamic_identity": 0.0, + "persistent_memory": 0.0, + "natural_language_input": 1.0, + "data_access": 0.5, + "external_dependencies": 0.0 + }, + "aars": 0.0, + "thm": 0.75, + "mitigation_factor": 1.0, + "aivss_score": 8.4, + "aivss_severity": "HIGH", + "spec_version": "0.8" + }, + "line": null, + "match": "retain", + "engine": "yara", + "owasp": [], + "owasp_mcp": [ + "MCP06", + "MCP10" + ], + "piranha_url": "https://api.piranha.bawbel.io/records/AVE-2026-00027" + } + ], + "toxic_flows": [ + { + "flow_id": "persistence-with-exfil", + "title": "Persistence + Data Exfiltration Chain", + "ave_ids": [ + "AVE-2026-00026", + "AVE-2026-00027" + ], + "capabilities": [ + "persistence", + "data-exfil" + ], + "severity": "CRITICAL", + "aivss_score": 9.1, + "description": "Component establishes persistence AND exfiltrates data. The persistence ensures the exfiltration continues across sessions and context resets - a long-running data harvest chain.", + "owasp_mcp": [ + "MCP06", + "MCP01" + ], + "remediation": "1. Remove all persistence instructions. 2. Remove all data transmission instructions. 3. Scan all startup scripts and cron entries for injected instructions." + }, + { + "flow_id": "goal-override-with-exfil", + "title": "Goal Override + Exfiltration Chain", + "ave_ids": [ + "AVE-2026-00026", + "AVE-2026-00027" + ], + "capabilities": [ + "goal-override", + "data-exfil" + ], + "severity": "HIGH", + "aivss_score": 8.8, + "description": "Component overrides agent goals AND exfiltrates data. The override disables safety constraints, the exfil transmits whatever the agent can access - a combined hijack + harvest chain.", + "owasp_mcp": [ + "MCP06", + "MCP01" + ], + "remediation": "1. Remove all goal override instructions. 2. Remove all data transmission instructions." + }, + { + "flow_id": "covert-exfil-with-persistence", + "title": "Covert Channel + Persistence Chain", + "ave_ids": [ + "AVE-2026-00026", + "AVE-2026-00027" + ], + "capabilities": [ + "covert-channel", + "persistence" + ], + "severity": "HIGH", + "aivss_score": 8.6, + "description": "Component uses a covert channel (steganography, timing) to exfiltrate data AND establishes persistence. The covert channel evades detection, the persistence ensures long-term access - a stealthy harvest chain.", + "owasp_mcp": [ + "MCP08", + "MCP06" + ], + "remediation": "1. Remove all steganographic encoding or covert channel instructions. 2. Remove all persistence instructions. 3. Audit agent outputs for encoded data using forensic tooling." + } + ], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:19:07.742271+00:00" + }, + { + "rank": 47, + "qualified_name": "node2flow/binance", + "display_name": "Binance", + "tools_count": 23, + "risk_score": 6.8, + "findings_count": 1, + "toxic_flows_count": 0, + "findings": [ + { + "rule_id": "bawbel-content-type-mismatch", + "ave_id": "AVE-2026-00024", + "title": "Supply chain: content type mismatch (.md file contains yaml)", + "description": "File 'smithery_scan_z9y71sy5.md' has extension '.md' but Magika identifies its content as 'yaml' (confidence 84%). Expected one of: ['markdown', 'text', 'txt'].", + "severity": "HIGH", + "aivss_score": 6.8, + "aivss": { + "cvss_base": 0.0, + "aarf": { + "autonomy": 0.5, + "tool_use": 0.5, + "multi_agent": 0.0, + "non_determinism": 0.5, + "self_modification": 0.0, + "dynamic_identity": 0.0, + "persistent_memory": 0.0, + "natural_language_input": 1.0, + "data_access": 0.5, + "external_dependencies": 0.0 + }, + "aars": 0.0, + "thm": 0.75, + "mitigation_factor": 1.0, + "aivss_score": 6.8, + "aivss_severity": "HIGH", + "spec_version": "0.8" + }, + "line": null, + "match": ".md -> yaml", + "engine": "magika", + "owasp": [ + "ASI07" + ], + "owasp_mcp": [ + "MCP04" + ], + "piranha_url": "https://api.piranha.bawbel.io/records/AVE-2026-00024" + } + ], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:19:07.997221+00:00" + }, + { + "rank": 48, + "qualified_name": "isdaniel/mcp_weather_server", + "display_name": "Weather MCP Server", + "tools_count": 8, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:19:08.315681+00:00" + }, + { + "rank": 49, + "qualified_name": "smithery-ai/national-weather-service", + "display_name": "United States Weather", + "tools_count": 6, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:19:10.997502+00:00" + }, + { + "rank": 50, + "qualified_name": "waldzellai/clear-thought", + "display_name": "Clear Thought 1.5", + "tools_count": 2, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:19:12.345823+00:00" + }, + { + "rank": 51, + "qualified_name": "wtf-just-happened/stock-moves-explained", + "display_name": "Stock Catalyst", + "tools_count": 1, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:19:12.798052+00:00" + }, + { + "rank": 52, + "qualified_name": "sfiorini/youtube-mcp", + "display_name": "youtube-mcp", + "tools_count": 7, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:19:12.827189+00:00" + }, + { + "rank": 53, + "qualified_name": "Nekzus/npm-sentinel-mcp", + "display_name": "NPM Sentinel MCP", + "tools_count": 19, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:19:15.495563+00:00" + }, + { + "rank": 54, + "qualified_name": "linxule/lotus-wisdom-mcp", + "display_name": "Lotus Wisdom", + "tools_count": 2, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:19:16.829265+00:00" + }, + { + "rank": 55, + "qualified_name": "kennyckk/mcp_hkbus", + "display_name": "KMB Bus", + "tools_count": 5, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:19:17.352718+00:00" + }, + { + "rank": 56, + "qualified_name": "docfork/mcp", + "display_name": "Docfork", + "tools_count": 2, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:19:17.412950+00:00" + }, + { + "rank": 57, + "qualified_name": "plith/plith", + "display_name": "Plith", + "tools_count": 14, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:19:20.158107+00:00" + }, + { + "rank": 58, + "qualified_name": "gamzadongza/danbooru-tags-mcp", + "display_name": "Danbooru Tags", + "tools_count": 4, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:19:21.414766+00:00" + }, + { + "rank": 59, + "qualified_name": "petabloom/podcasts", + "display_name": "Podcast Transcripts On-Demand", + "tools_count": 4, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:19:21.922803+00:00" + }, + { + "rank": 60, + "qualified_name": "FaresYoussef94/aws-knowledge-mcp", + "display_name": "AWS Docs and Regions", + "tools_count": 5, + "risk_score": 8.2, + "findings_count": 1, + "toxic_flows_count": 0, + "findings": [ + { + "rule_id": "AVE_DynamicToolCall", + "ave_id": "AVE-2026-00011", + "title": "Skill embeds explicit tool invocations with attacker-controlled parameters", + "description": "Skill embeds explicit tool invocations with attacker-controlled parameters", + "severity": "HIGH", + "aivss_score": 8.2, + "aivss": { + "cvss_base": 0.0, + "aarf": { + "autonomy": 0.5, + "tool_use": 0.5, + "multi_agent": 0.0, + "non_determinism": 0.5, + "self_modification": 0.0, + "dynamic_identity": 0.0, + "persistent_memory": 0.0, + "natural_language_input": 1.0, + "data_access": 0.5, + "external_dependencies": 0.0 + }, + "aars": 0.0, + "thm": 0.75, + "mitigation_factor": 1.0, + "aivss_score": 8.2, + "aivss_severity": "HIGH", + "spec_version": "0.8" + }, + "line": null, + "match": "Call this tool with", + "engine": "yara", + "owasp": [ + "ASI07" + ], + "owasp_mcp": [ + "MCP03", + "MCP05" + ], + "piranha_url": "https://api.piranha.bawbel.io/records/AVE-2026-00011" + } + ], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:19:22.144274+00:00" + }, + { + "rank": 61, + "qualified_name": "aryankeluskar/canvas-mcp", + "display_name": "Canvas", + "tools_count": 13, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:19:24.775710+00:00" + }, + { + "rank": 62, + "qualified_name": "xiaobenyang-com/rfc-server", + "display_name": "rfc-server", + "tools_count": 3, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:19:25.887020+00:00" + }, + { + "rank": 63, + "qualified_name": "pinkpixel-dev/web-scout-mcp", + "display_name": "Web Scout", + "tools_count": 2, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:19:26.535087+00:00" + }, + { + "rank": 64, + "qualified_name": "enji/ai-marketing-agent", + "display_name": "ai-marketing-agent", + "tools_count": 9, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:19:26.818292+00:00" + }, + { + "rank": 65, + "qualified_name": "kwp-lab/rss-reader-mcp", + "display_name": "RSS Reader", + "tools_count": 2, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:19:29.315105+00:00" + }, + { + "rank": 66, + "qualified_name": "re-rank/uiux-mcp", + "display_name": "KRDS Design System", + "tools_count": 9, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:19:30.323627+00:00" + }, + { + "rank": 67, + "qualified_name": "labsofuniverse/legacy-mcp-analyzer", + "display_name": "GraphPulse C++", + "tools_count": 8, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:19:31.188275+00:00" + }, + { + "rank": 68, + "qualified_name": "modellix/modellix-docs", + "display_name": "Modellix Docs", + "tools_count": 1, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:19:31.347765+00:00" + }, + { + "rank": 69, + "qualified_name": "hithereiamaliff/mcp-keywords-everywhere", + "display_name": "Keywords Everywhere MCP Server", + "tools_count": 14, + "risk_score": 5.7, + "findings_count": 1, + "toxic_flows_count": 0, + "findings": [ + { + "rule_id": "bawbel-mcp-impersonation", + "ave_id": "AVE-2026-00017", + "title": "MCP server impersonation or spoofing", + "description": "Component falsely claims to be an official or trusted MCP server to gain elevated trust or permissions from the agent.", + "severity": "HIGH", + "aivss_score": 5.7, + "aivss": { + "cvss_base": 0.0, + "aarf": { + "autonomy": 0.5, + "tool_use": 0.5, + "multi_agent": 0.0, + "non_determinism": 0.5, + "self_modification": 0.0, + "dynamic_identity": 0.0, + "persistent_memory": 0.0, + "natural_language_input": 1.0, + "data_access": 0.5, + "external_dependencies": 0.0 + }, + "aars": 0.0, + "thm": 0.75, + "mitigation_factor": 1.0, + "aivss_score": 5.7, + "aivss_severity": "HIGH", + "spec_version": "0.8" + }, + "line": 5, + "match": "official MCP server", + "engine": "pattern", + "owasp": [ + "ASI01", + "ASI08" + ], + "owasp_mcp": [ + "MCP09", + "MCP07" + ], + "piranha_url": "https://api.piranha.bawbel.io/records/AVE-2026-00017" + } + ], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:19:33.807283+00:00" + }, + { + "rank": 70, + "qualified_name": "martin111ma-za5d/swiss-truth-mcp", + "display_name": "Swiss Truth MCP", + "tools_count": 6, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:19:34.746147+00:00" + }, + { + "rank": 71, + "qualified_name": "florian/weavely", + "display_name": "Weavely AI Forms & Surveys", + "tools_count": 13, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:19:35.753269+00:00" + }, + { + "rank": 72, + "qualified_name": "ai-research/Airesearchass", + "display_name": "AI Research Assistant", + "tools_count": 12, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:19:35.532275+00:00" + }, + { + "rank": 73, + "qualified_name": "OEvortex/ddg_search", + "display_name": "DuckDuckGo & Felo AI Search", + "tools_count": 4, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:19:39.555306+00:00" + }, + { + "rank": 74, + "qualified_name": "davidcho/ca-building-code-mcp", + "display_name": "Canadian Building Code", + "tools_count": 10, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:19:39.430043+00:00" + }, + { + "rank": 75, + "qualified_name": "jalpp/chessagine", + "display_name": "Chessagine", + "tools_count": 37, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:19:40.091168+00:00" + }, + { + "rank": 101, + "qualified_name": "ArizeAI/docs", + "display_name": "Arize AX", + "tools_count": 1, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:20:11.396695+00:00" + }, + { + "rank": 102, + "qualified_name": "atars-MCP/aarnaai", + "display_name": "aTars MCP by aarna", + "tools_count": 18, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:20:13.299556+00:00" + }, + { + "rank": 103, + "qualified_name": "vestara/america-law-graph", + "display_name": "America's Law Graph", + "tools_count": 11, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:20:15.448667+00:00" + }, + { + "rank": 104, + "qualified_name": "mcpdotdirect/starknet-mcp-server", + "display_name": "Starknet MCP Server", + "tools_count": 25, + "risk_score": 9.8, + "findings_count": 1, + "toxic_flows_count": 1, + "findings": [ + { + "rule_id": "bawbel-crypto-drain", + "ave_id": "AVE-2026-00006", + "title": "Cryptocurrency drain pattern detected", + "description": "Component instructs agent to transfer cryptocurrency or interact with wallets in ways that suggest a drain attack.", + "severity": "CRITICAL", + "aivss_score": 7.5, + "aivss": { + "cvss_base": 0.0, + "aarf": { + "autonomy": 0.5, + "tool_use": 0.5, + "multi_agent": 0.0, + "non_determinism": 0.5, + "self_modification": 0.0, + "dynamic_identity": 0.0, + "persistent_memory": 0.0, + "natural_language_input": 1.0, + "data_access": 0.5, + "external_dependencies": 0.0 + }, + "aars": 0.0, + "thm": 0.75, + "mitigation_factor": 1.0, + "aivss_score": 7.5, + "aivss_severity": "CRITICAL", + "spec_version": "0.8" + }, + "line": 114, + "match": "Transfer ETH", + "engine": "pattern", + "owasp": [ + "ASI07" + ], + "owasp_mcp": [ + "MCP05", + "MCP02" + ], + "piranha_url": "https://api.piranha.bawbel.io/records/AVE-2026-00006" + } + ], + "toxic_flows": [ + { + "flow_id": "credential-exfiltration", + "title": "Credential Exfiltration Chain", + "ave_ids": [ + "AVE-2026-00003", + "AVE-2026-00006" + ], + "capabilities": [ + "credential-read", + "data-exfil" + ], + "severity": "CRITICAL", + "aivss_score": 9.8, + "description": "Component reads credentials or secrets AND transmits data externally. Complete credential theft attack chain - reads API keys, .env files, or tokens, then encodes and exfiltrates them to an attacker-controlled endpoint.", + "owasp_mcp": [ + "MCP01", + "MCP05" + ], + "remediation": "1. Remove all credential-read patterns - agent should never instruct the model to read .env, API keys, or tokens. 2. Remove all external transmission instructions. 3. If both cannot be removed, isolate them into separate components with no shared execution context." + } + ], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:19:40.263329+00:00" + }, + { + "rank": 104, + "qualified_name": "mcpdotdirect/starknet-mcp-server", + "display_name": "Starknet MCP Server", + "tools_count": 25, + "risk_score": 9.8, + "findings_count": 1, + "toxic_flows_count": 1, + "findings": [ + { + "rule_id": "bawbel-crypto-drain", + "ave_id": "AVE-2026-00006", + "title": "Cryptocurrency drain pattern detected", + "description": "Component instructs agent to transfer cryptocurrency or interact with wallets in ways that suggest a drain attack.", + "severity": "CRITICAL", + "aivss_score": 7.5, + "aivss": { + "cvss_base": 0.0, + "aarf": { + "autonomy": 0.5, + "tool_use": 0.5, + "multi_agent": 0.0, + "non_determinism": 0.5, + "self_modification": 0.0, + "dynamic_identity": 0.0, + "persistent_memory": 0.0, + "natural_language_input": 1.0, + "data_access": 0.5, + "external_dependencies": 0.0 + }, + "aars": 0.0, + "thm": 0.75, + "mitigation_factor": 1.0, + "aivss_score": 7.5, + "aivss_severity": "CRITICAL", + "spec_version": "0.8" + }, + "line": 114, + "match": "Transfer ETH", + "engine": "pattern", + "owasp": [ + "ASI07" + ], + "owasp_mcp": [ + "MCP05", + "MCP02" + ], + "piranha_url": "https://api.piranha.bawbel.io/records/AVE-2026-00006" + } + ], + "toxic_flows": [ + { + "flow_id": "credential-exfiltration", + "title": "Credential Exfiltration Chain", + "ave_ids": [ + "AVE-2026-00003", + "AVE-2026-00006" + ], + "capabilities": [ + "credential-read", + "data-exfil" + ], + "severity": "CRITICAL", + "aivss_score": 9.8, + "description": "Component reads credentials or secrets AND transmits data externally. Complete credential theft attack chain - reads API keys, .env files, or tokens, then encodes and exfiltrates them to an attacker-controlled endpoint.", + "owasp_mcp": [ + "MCP01", + "MCP05" + ], + "remediation": "1. Remove all credential-read patterns - agent should never instruct the model to read .env, API keys, or tokens. 2. Remove all external transmission instructions. 3. If both cannot be removed, isolate them into separate components with no shared execution context." + } + ], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:20:14.087278+00:00" + }, + { + "rank": 105, + "qualified_name": "fruitflies/connect", + "display_name": "Fruitflies Agent Social Network", + "tools_count": 22, + "risk_score": 9.8, + "findings_count": 2, + "toxic_flows_count": 2, + "findings": [ + { + "rule_id": "bawbel-env-exfiltration", + "ave_id": "AVE-2026-00003", + "title": "Credential exfiltration pattern detected", + "description": "Component instructs agent to read and transmit environment variables, API keys, or other credentials to an external destination.", + "severity": "HIGH", + "aivss_score": 6.8, + "aivss": { + "cvss_base": 0.0, + "aarf": { + "autonomy": 0.5, + "tool_use": 0.5, + "multi_agent": 0.0, + "non_determinism": 0.5, + "self_modification": 0.0, + "dynamic_identity": 0.0, + "persistent_memory": 0.0, + "natural_language_input": 1.0, + "data_access": 0.5, + "external_dependencies": 0.0 + }, + "aars": 0.0, + "thm": 0.75, + "mitigation_factor": 1.0, + "aivss_score": 6.8, + "aivss_severity": "HIGH", + "spec_version": "0.8" + }, + "line": 68, + "match": "API key required. Use the returned community id to join, post", + "engine": "pattern", + "owasp": [ + "ASI01", + "ASI06" + ], + "owasp_mcp": [ + "MCP01", + "MCP05" + ], + "piranha_url": "https://api.piranha.bawbel.io/records/AVE-2026-00003" + }, + { + "rule_id": "AVE_DynamicToolCall", + "ave_id": "AVE-2026-00011", + "title": "Skill embeds explicit tool invocations with attacker-controlled parameters", + "description": "Skill embeds explicit tool invocations with attacker-controlled parameters", + "severity": "HIGH", + "aivss_score": 8.2, + "aivss": { + "cvss_base": 0.0, + "aarf": { + "autonomy": 0.5, + "tool_use": 0.5, + "multi_agent": 0.0, + "non_determinism": 0.5, + "self_modification": 0.0, + "dynamic_identity": 0.0, + "persistent_memory": 0.0, + "natural_language_input": 1.0, + "data_access": 0.5, + "external_dependencies": 0.0 + }, + "aars": 0.0, + "thm": 0.75, + "mitigation_factor": 1.0, + "aivss_score": 8.2, + "aivss_severity": "HIGH", + "spec_version": "0.8" + }, + "line": null, + "match": "Call this tool with", + "engine": "yara", + "owasp": [ + "ASI07" + ], + "owasp_mcp": [ + "MCP03", + "MCP05" + ], + "piranha_url": "https://api.piranha.bawbel.io/records/AVE-2026-00011" + } + ], + "toxic_flows": [ + { + "flow_id": "credential-exfiltration", + "title": "Credential Exfiltration Chain", + "ave_ids": [ + "AVE-2026-00003" + ], + "capabilities": [ + "credential-read", + "data-exfil" + ], + "severity": "CRITICAL", + "aivss_score": 9.8, + "description": "Component reads credentials or secrets AND transmits data externally. Complete credential theft attack chain - reads API keys, .env files, or tokens, then encodes and exfiltrates them to an attacker-controlled endpoint.", + "owasp_mcp": [ + "MCP01", + "MCP05" + ], + "remediation": "1. Remove all credential-read patterns - agent should never instruct the model to read .env, API keys, or tokens. 2. Remove all external transmission instructions. 3. If both cannot be removed, isolate them into separate components with no shared execution context." + }, + { + "flow_id": "tool-poison-with-exfil", + "title": "Tool Poisoning + Exfiltration Chain", + "ave_ids": [ + "AVE-2026-00003", + "AVE-2026-00011" + ], + "capabilities": [ + "tool-poison", + "data-exfil" + ], + "severity": "CRITICAL", + "aivss_score": 9.3, + "description": "Component poisons tool descriptions AND exfiltrates data. The tool poisoning hijacks agent behavior, while the exfil instructions transmit the stolen data - a silent harvest chain.", + "owasp_mcp": [ + "MCP03", + "MCP01" + ], + "remediation": "1. Remove all behavioral instructions from tool descriptions. 2. Remove all data transmission instructions. 3. Scan with bawbel scan-server-card before connecting any MCP server." + } + ], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:19:44.205994+00:00" + }, + { + "rank": 105, + "qualified_name": "fruitflies/connect", + "display_name": "Fruitflies Agent Social Network", + "tools_count": 22, + "risk_score": 9.8, + "findings_count": 2, + "toxic_flows_count": 2, + "findings": [ + { + "rule_id": "bawbel-env-exfiltration", + "ave_id": "AVE-2026-00003", + "title": "Credential exfiltration pattern detected", + "description": "Component instructs agent to read and transmit environment variables, API keys, or other credentials to an external destination.", + "severity": "HIGH", + "aivss_score": 6.8, + "aivss": { + "cvss_base": 0.0, + "aarf": { + "autonomy": 0.5, + "tool_use": 0.5, + "multi_agent": 0.0, + "non_determinism": 0.5, + "self_modification": 0.0, + "dynamic_identity": 0.0, + "persistent_memory": 0.0, + "natural_language_input": 1.0, + "data_access": 0.5, + "external_dependencies": 0.0 + }, + "aars": 0.0, + "thm": 0.75, + "mitigation_factor": 1.0, + "aivss_score": 6.8, + "aivss_severity": "HIGH", + "spec_version": "0.8" + }, + "line": 68, + "match": "API key required. Use the returned community id to join, post", + "engine": "pattern", + "owasp": [ + "ASI01", + "ASI06" + ], + "owasp_mcp": [ + "MCP01", + "MCP05" + ], + "piranha_url": "https://api.piranha.bawbel.io/records/AVE-2026-00003" + }, + { + "rule_id": "AVE_DynamicToolCall", + "ave_id": "AVE-2026-00011", + "title": "Skill embeds explicit tool invocations with attacker-controlled parameters", + "description": "Skill embeds explicit tool invocations with attacker-controlled parameters", + "severity": "HIGH", + "aivss_score": 8.2, + "aivss": { + "cvss_base": 0.0, + "aarf": { + "autonomy": 0.5, + "tool_use": 0.5, + "multi_agent": 0.0, + "non_determinism": 0.5, + "self_modification": 0.0, + "dynamic_identity": 0.0, + "persistent_memory": 0.0, + "natural_language_input": 1.0, + "data_access": 0.5, + "external_dependencies": 0.0 + }, + "aars": 0.0, + "thm": 0.75, + "mitigation_factor": 1.0, + "aivss_score": 8.2, + "aivss_severity": "HIGH", + "spec_version": "0.8" + }, + "line": null, + "match": "Call this tool with", + "engine": "yara", + "owasp": [ + "ASI07" + ], + "owasp_mcp": [ + "MCP03", + "MCP05" + ], + "piranha_url": "https://api.piranha.bawbel.io/records/AVE-2026-00011" + } + ], + "toxic_flows": [ + { + "flow_id": "credential-exfiltration", + "title": "Credential Exfiltration Chain", + "ave_ids": [ + "AVE-2026-00003" + ], + "capabilities": [ + "credential-read", + "data-exfil" + ], + "severity": "CRITICAL", + "aivss_score": 9.8, + "description": "Component reads credentials or secrets AND transmits data externally. Complete credential theft attack chain - reads API keys, .env files, or tokens, then encodes and exfiltrates them to an attacker-controlled endpoint.", + "owasp_mcp": [ + "MCP01", + "MCP05" + ], + "remediation": "1. Remove all credential-read patterns - agent should never instruct the model to read .env, API keys, or tokens. 2. Remove all external transmission instructions. 3. If both cannot be removed, isolate them into separate components with no shared execution context." + }, + { + "flow_id": "tool-poison-with-exfil", + "title": "Tool Poisoning + Exfiltration Chain", + "ave_ids": [ + "AVE-2026-00003", + "AVE-2026-00011" + ], + "capabilities": [ + "tool-poison", + "data-exfil" + ], + "severity": "CRITICAL", + "aivss_score": 9.3, + "description": "Component poisons tool descriptions AND exfiltrates data. The tool poisoning hijacks agent behavior, while the exfil instructions transmit the stolen data - a silent harvest chain.", + "owasp_mcp": [ + "MCP03", + "MCP01" + ], + "remediation": "1. Remove all behavioral instructions from tool descriptions. 2. Remove all data transmission instructions. 3. Scan with bawbel scan-server-card before connecting any MCP server." + } + ], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:20:16.186578+00:00" + }, + { + "rank": 106, + "qualified_name": "agentidx/agentcrawl", + "display_name": "AgentIndex", + "tools_count": 3, + "risk_score": 0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": "parse error", + "scanned_at": "2026-05-20T13:19:47.752549+00:00" + }, + { + "rank": 106, + "qualified_name": "agentidx/agentcrawl", + "display_name": "AgentIndex", + "tools_count": 3, + "risk_score": 0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": "parse error", + "scanned_at": "2026-05-20T13:20:21.648457+00:00" + }, + { + "rank": 107, + "qualified_name": "alperenkocyigit/authorprofilemcp", + "display_name": "authorprofilemcp", + "tools_count": 2, + "risk_score": 6.8, + "findings_count": 1, + "toxic_flows_count": 0, + "findings": [ + { + "rule_id": "bawbel-content-type-mismatch", + "ave_id": "AVE-2026-00024", + "title": "Supply chain: content type mismatch (.md file contains yaml)", + "description": "File 'smithery_scan_bhhdxcqz.md' has extension '.md' but Magika identifies its content as 'yaml' (confidence 85%). Expected one of: ['markdown', 'text', 'txt'].", + "severity": "HIGH", + "aivss_score": 6.8, + "aivss": { + "cvss_base": 0.0, + "aarf": { + "autonomy": 0.5, + "tool_use": 0.5, + "multi_agent": 0.0, + "non_determinism": 0.5, + "self_modification": 0.0, + "dynamic_identity": 0.0, + "persistent_memory": 0.0, + "natural_language_input": 1.0, + "data_access": 0.5, + "external_dependencies": 0.0 + }, + "aars": 0.0, + "thm": 0.75, + "mitigation_factor": 1.0, + "aivss_score": 6.8, + "aivss_severity": "HIGH", + "spec_version": "0.8" + }, + "line": null, + "match": ".md -> yaml", + "engine": "magika", + "owasp": [ + "ASI07" + ], + "owasp_mcp": [ + "MCP04" + ], + "piranha_url": "https://api.piranha.bawbel.io/records/AVE-2026-00024" + } + ], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:19:44.648619+00:00" + }, + { + "rank": 107, + "qualified_name": "alperenkocyigit/authorprofilemcp", + "display_name": "authorprofilemcp", + "tools_count": 2, + "risk_score": 6.8, + "findings_count": 1, + "toxic_flows_count": 0, + "findings": [ + { + "rule_id": "bawbel-content-type-mismatch", + "ave_id": "AVE-2026-00024", + "title": "Supply chain: content type mismatch (.md file contains yaml)", + "description": "File 'smithery_scan_aube5euo.md' has extension '.md' but Magika identifies its content as 'yaml' (confidence 85%). Expected one of: ['markdown', 'text', 'txt'].", + "severity": "HIGH", + "aivss_score": 6.8, + "aivss": { + "cvss_base": 0.0, + "aarf": { + "autonomy": 0.5, + "tool_use": 0.5, + "multi_agent": 0.0, + "non_determinism": 0.5, + "self_modification": 0.0, + "dynamic_identity": 0.0, + "persistent_memory": 0.0, + "natural_language_input": 1.0, + "data_access": 0.5, + "external_dependencies": 0.0 + }, + "aars": 0.0, + "thm": 0.75, + "mitigation_factor": 1.0, + "aivss_score": 6.8, + "aivss_severity": "HIGH", + "spec_version": "0.8" + }, + "line": null, + "match": ".md -> yaml", + "engine": "magika", + "owasp": [ + "ASI07" + ], + "owasp_mcp": [ + "MCP04" + ], + "piranha_url": "https://api.piranha.bawbel.io/records/AVE-2026-00024" + } + ], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:20:18.672448+00:00" + }, + { + "rank": 108, + "qualified_name": "standardaccounting/public-mcp", + "display_name": "Standard Accounting Public MCP", + "tools_count": 10, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:19:44.804353+00:00" + }, + { + "rank": 108, + "qualified_name": "standardaccounting/public-mcp", + "display_name": "Standard Accounting Public MCP", + "tools_count": 10, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:20:20.272128+00:00" + }, + { + "rank": 109, + "qualified_name": "chirag127/clear-thought-mcp-server", + "display_name": "Clear Thought Server", + "tools_count": 11, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:19:48.900127+00:00" + }, + { + "rank": 109, + "qualified_name": "chirag127/clear-thought-mcp-server", + "display_name": "Clear Thought Server", + "tools_count": 11, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:20:21.057274+00:00" + }, + { + "rank": 110, + "qualified_name": "geobio/context7", + "display_name": "Context7", + "tools_count": 2, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:19:48.986158+00:00" + }, + { + "rank": 110, + "qualified_name": "geobio/context7", + "display_name": "Context7", + "tools_count": 2, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:20:23.249418+00:00" + }, + { + "rank": 111, + "qualified_name": "voidly/mcp-server", + "display_name": "Voidly", + "tools_count": 11, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:19:49.335046+00:00" + }, + { + "rank": 111, + "qualified_name": "voidly/mcp-server", + "display_name": "Voidly", + "tools_count": 11, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:20:24.811760+00:00" + }, + { + "rank": 112, + "qualified_name": "minitim222/harvard-mit-course-recommendation", + "display_name": "Harvard Course Explorer", + "tools_count": 4, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:20:25.471384+00:00" + }, + { + "rank": 113, + "qualified_name": "FlashAlpha/options-analytics", + "display_name": "options-analytics", + "tools_count": 38, + "risk_score": 5.5, + "findings_count": 1, + "toxic_flows_count": 0, + "findings": [ + { + "rule_id": "bawbel-jailbreak-instruction", + "ave_id": "AVE-2026-00009", + "title": "Jailbreak instruction detected", + "description": "Component instructs the agent to act outside its intended role, pretend to be a different AI, or remove safety constraints.", + "severity": "HIGH", + "aivss_score": 5.5, + "aivss": { + "cvss_base": 0.0, + "aarf": { + "autonomy": 0.5, + "tool_use": 0.5, + "multi_agent": 0.0, + "non_determinism": 0.5, + "self_modification": 0.0, + "dynamic_identity": 0.0, + "persistent_memory": 0.0, + "natural_language_input": 1.0, + "data_access": 0.5, + "external_dependencies": 0.0 + }, + "aars": 0.0, + "thm": 0.75, + "mitigation_factor": 1.0, + "aivss_score": 5.5, + "aivss_severity": "HIGH", + "spec_version": "0.8" + }, + "line": 77, + "match": "act as", + "engine": "pattern", + "owasp": [ + "ASI01", + "ASI08" + ], + "owasp_mcp": [ + "MCP06" + ], + "piranha_url": "https://api.piranha.bawbel.io/records/AVE-2026-00009" + } + ], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:20:26.638445+00:00" + }, + { + "rank": 114, + "qualified_name": "koumoul/ademe-opendata", + "display_name": "Opendata Ademe", + "tools_count": 6, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:20:27.825556+00:00" + }, + { + "rank": 115, + "qualified_name": "bh-rat/context-awesome", + "display_name": "Context Awesome", + "tools_count": 2, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:20:29.376559+00:00" + }, + { + "rank": 116, + "qualified_name": "EthanHenrickson/math-mcp", + "display_name": "Math-MCP", + "tools_count": 22, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:19:52.304612+00:00" + }, + { + "rank": 116, + "qualified_name": "EthanHenrickson/math-mcp", + "display_name": "Math-MCP", + "tools_count": 22, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:20:30.109271+00:00" + }, + { + "rank": 117, + "qualified_name": "etweisberg/mlb-mcp", + "display_name": "MLB Stats Server", + "tools_count": 46, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:19:53.649807+00:00" + }, + { + "rank": 117, + "qualified_name": "etweisberg/mlb-mcp", + "display_name": "MLB Stats Server", + "tools_count": 46, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:20:31.439277+00:00" + }, + { + "rank": 118, + "qualified_name": "DeniseLewis200081/rail", + "display_name": "12306 Ticket Search Server", + "tools_count": 8, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:19:53.535607+00:00" + }, + { + "rank": 118, + "qualified_name": "DeniseLewis200081/rail", + "display_name": "12306 Ticket Search Server", + "tools_count": 8, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:20:32.223274+00:00" + }, + { + "rank": 119, + "qualified_name": "dmasdfg8/test", + "display_name": "Find a Domain", + "tools_count": 2, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:19:53.812588+00:00" + }, + { + "rank": 119, + "qualified_name": "dmasdfg8/test", + "display_name": "Find a Domain", + "tools_count": 2, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:20:33.874532+00:00" + }, + { + "rank": 120, + "qualified_name": "Linell/grimoire-mcp", + "display_name": "Grimoire Spellbook Server", + "tools_count": 5, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:19:56.702604+00:00" + }, + { + "rank": 120, + "qualified_name": "Linell/grimoire-mcp", + "display_name": "Grimoire Spellbook Server", + "tools_count": 5, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:20:35.129740+00:00" + }, + { + "rank": 151, + "qualified_name": "rashforddamion/rivalsearch", + "display_name": "rivalsearch", + "tools_count": 18, + "risk_score": 6.8, + "findings_count": 1, + "toxic_flows_count": 0, + "findings": [ + { + "rule_id": "bawbel-content-type-mismatch", + "ave_id": "AVE-2026-00024", + "title": "Supply chain: content type mismatch (.md file contains yaml)", + "description": "File 'smithery_scan_qdkynp3h.md' has extension '.md' but Magika identifies its content as 'yaml' (confidence 84%). Expected one of: ['markdown', 'text', 'txt'].", + "severity": "HIGH", + "aivss_score": 6.8, + "aivss": { + "cvss_base": 0.0, + "aarf": { + "autonomy": 0.5, + "tool_use": 0.5, + "multi_agent": 0.0, + "non_determinism": 0.5, + "self_modification": 0.0, + "dynamic_identity": 0.0, + "persistent_memory": 0.0, + "natural_language_input": 1.0, + "data_access": 0.5, + "external_dependencies": 0.0 + }, + "aars": 0.0, + "thm": 0.75, + "mitigation_factor": 1.0, + "aivss_score": 6.8, + "aivss_severity": "HIGH", + "spec_version": "0.8" + }, + "line": null, + "match": ".md -> yaml", + "engine": "magika", + "owasp": [ + "ASI07" + ], + "owasp_mcp": [ + "MCP04" + ], + "piranha_url": "https://api.piranha.bawbel.io/records/AVE-2026-00024" + } + ], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:19:58.514291+00:00" + }, + { + "rank": 151, + "qualified_name": "rashforddamion/rivalsearch", + "display_name": "rivalsearch", + "tools_count": 18, + "risk_score": 6.8, + "findings_count": 1, + "toxic_flows_count": 0, + "findings": [ + { + "rule_id": "bawbel-content-type-mismatch", + "ave_id": "AVE-2026-00024", + "title": "Supply chain: content type mismatch (.md file contains yaml)", + "description": "File 'smithery_scan_udecff40.md' has extension '.md' but Magika identifies its content as 'yaml' (confidence 84%). Expected one of: ['markdown', 'text', 'txt'].", + "severity": "HIGH", + "aivss_score": 6.8, + "aivss": { + "cvss_base": 0.0, + "aarf": { + "autonomy": 0.5, + "tool_use": 0.5, + "multi_agent": 0.0, + "non_determinism": 0.5, + "self_modification": 0.0, + "dynamic_identity": 0.0, + "persistent_memory": 0.0, + "natural_language_input": 1.0, + "data_access": 0.5, + "external_dependencies": 0.0 + }, + "aars": 0.0, + "thm": 0.75, + "mitigation_factor": 1.0, + "aivss_score": 6.8, + "aivss_severity": "HIGH", + "spec_version": "0.8" + }, + "line": null, + "match": ".md -> yaml", + "engine": "magika", + "owasp": [ + "ASI07" + ], + "owasp_mcp": [ + "MCP04" + ], + "piranha_url": "https://api.piranha.bawbel.io/records/AVE-2026-00024" + } + ], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:20:36.320205+00:00" + }, + { + "rank": 151, + "qualified_name": "rashforddamion/rivalsearch", + "display_name": "rivalsearch", + "tools_count": 18, + "risk_score": 6.8, + "findings_count": 1, + "toxic_flows_count": 0, + "findings": [ + { + "rule_id": "bawbel-content-type-mismatch", + "ave_id": "AVE-2026-00024", + "title": "Supply chain: content type mismatch (.md file contains yaml)", + "description": "File 'smithery_scan_8mpdolug.md' has extension '.md' but Magika identifies its content as 'yaml' (confidence 84%). Expected one of: ['markdown', 'text', 'txt'].", + "severity": "HIGH", + "aivss_score": 6.8, + "aivss": { + "cvss_base": 0.0, + "aarf": { + "autonomy": 0.5, + "tool_use": 0.5, + "multi_agent": 0.0, + "non_determinism": 0.5, + "self_modification": 0.0, + "dynamic_identity": 0.0, + "persistent_memory": 0.0, + "natural_language_input": 1.0, + "data_access": 0.5, + "external_dependencies": 0.0 + }, + "aars": 0.0, + "thm": 0.75, + "mitigation_factor": 1.0, + "aivss_score": 6.8, + "aivss_severity": "HIGH", + "spec_version": "0.8" + }, + "line": null, + "match": ".md -> yaml", + "engine": "magika", + "owasp": [ + "ASI07" + ], + "owasp_mcp": [ + "MCP04" + ], + "piranha_url": "https://api.piranha.bawbel.io/records/AVE-2026-00024" + } + ], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:21:19.239580+00:00" + }, + { + "rank": 152, + "qualified_name": "do-droid/seoul-essentials", + "display_name": "Seoul Essentials", + "tools_count": 4, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:19:58.244784+00:00" + }, + { + "rank": 152, + "qualified_name": "do-droid/seoul-essentials", + "display_name": "Seoul Essentials", + "tools_count": 4, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:20:36.840911+00:00" + }, + { + "rank": 152, + "qualified_name": "do-droid/seoul-essentials", + "display_name": "Seoul Essentials", + "tools_count": 4, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:21:19.451827+00:00" + }, + { + "rank": 153, + "qualified_name": "agentidx/zarq-risk", + "display_name": "Zarq", + "tools_count": 11, + "risk_score": 7.8, + "findings_count": 1, + "toxic_flows_count": 0, + "findings": [ + { + "rule_id": "bawbel-hardcoded-credential", + "ave_id": "AVE-2026-00047", + "title": "Hardcoded credential detected in agent component", + "description": "Component contains a hardcoded API key, token, password, or secret. Credentials in agent skill files or MCP configs are readable by any process that loads the component, and may be exfiltrated by injections.", + "severity": "HIGH", + "aivss_score": 7.8, + "aivss": { + "cvss_base": 0.0, + "aarf": { + "autonomy": 0.5, + "tool_use": 0.5, + "multi_agent": 0.0, + "non_determinism": 0.5, + "self_modification": 0.0, + "dynamic_identity": 0.0, + "persistent_memory": 0.0, + "natural_language_input": 1.0, + "data_access": 0.5, + "external_dependencies": 0.0 + }, + "aars": 0.0, + "thm": 0.75, + "mitigation_factor": 1.0, + "aivss_score": 7.8, + "aivss_severity": "HIGH", + "spec_version": "0.8" + }, + "line": 44, + "match": "token='ethereum'", + "engine": "pattern", + "owasp": [ + "ASI02", + "ASI06" + ], + "owasp_mcp": [ + "MCP02", + "MCP09" + ], + "piranha_url": "https://api.piranha.bawbel.io/records/AVE-2026-00047" + } + ], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:19:58.535075+00:00" + }, + { + "rank": 153, + "qualified_name": "agentidx/zarq-risk", + "display_name": "Zarq", + "tools_count": 11, + "risk_score": 7.8, + "findings_count": 1, + "toxic_flows_count": 0, + "findings": [ + { + "rule_id": "bawbel-hardcoded-credential", + "ave_id": "AVE-2026-00047", + "title": "Hardcoded credential detected in agent component", + "description": "Component contains a hardcoded API key, token, password, or secret. Credentials in agent skill files or MCP configs are readable by any process that loads the component, and may be exfiltrated by injections.", + "severity": "HIGH", + "aivss_score": 7.8, + "aivss": { + "cvss_base": 0.0, + "aarf": { + "autonomy": 0.5, + "tool_use": 0.5, + "multi_agent": 0.0, + "non_determinism": 0.5, + "self_modification": 0.0, + "dynamic_identity": 0.0, + "persistent_memory": 0.0, + "natural_language_input": 1.0, + "data_access": 0.5, + "external_dependencies": 0.0 + }, + "aars": 0.0, + "thm": 0.75, + "mitigation_factor": 1.0, + "aivss_score": 7.8, + "aivss_severity": "HIGH", + "spec_version": "0.8" + }, + "line": 44, + "match": "token='ethereum'", + "engine": "pattern", + "owasp": [ + "ASI02", + "ASI06" + ], + "owasp_mcp": [ + "MCP02", + "MCP09" + ], + "piranha_url": "https://api.piranha.bawbel.io/records/AVE-2026-00047" + } + ], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:20:38.650294+00:00" + }, + { + "rank": 153, + "qualified_name": "agentidx/zarq-risk", + "display_name": "Zarq", + "tools_count": 11, + "risk_score": 7.8, + "findings_count": 1, + "toxic_flows_count": 0, + "findings": [ + { + "rule_id": "bawbel-hardcoded-credential", + "ave_id": "AVE-2026-00047", + "title": "Hardcoded credential detected in agent component", + "description": "Component contains a hardcoded API key, token, password, or secret. Credentials in agent skill files or MCP configs are readable by any process that loads the component, and may be exfiltrated by injections.", + "severity": "HIGH", + "aivss_score": 7.8, + "aivss": { + "cvss_base": 0.0, + "aarf": { + "autonomy": 0.5, + "tool_use": 0.5, + "multi_agent": 0.0, + "non_determinism": 0.5, + "self_modification": 0.0, + "dynamic_identity": 0.0, + "persistent_memory": 0.0, + "natural_language_input": 1.0, + "data_access": 0.5, + "external_dependencies": 0.0 + }, + "aars": 0.0, + "thm": 0.75, + "mitigation_factor": 1.0, + "aivss_score": 7.8, + "aivss_severity": "HIGH", + "spec_version": "0.8" + }, + "line": 44, + "match": "token='ethereum'", + "engine": "pattern", + "owasp": [ + "ASI02", + "ASI06" + ], + "owasp_mcp": [ + "MCP02", + "MCP09" + ], + "piranha_url": "https://api.piranha.bawbel.io/records/AVE-2026-00047" + } + ], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:21:21.024475+00:00" + }, + { + "rank": 154, + "qualified_name": "chuhuoyuan/cloudflare", + "display_name": "Cloudflare Docs", + "tools_count": 2, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:20:01.121436+00:00" + }, + { + "rank": 154, + "qualified_name": "chuhuoyuan/cloudflare", + "display_name": "Cloudflare Docs", + "tools_count": 2, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:20:39.895185+00:00" + }, + { + "rank": 154, + "qualified_name": "chuhuoyuan/cloudflare", + "display_name": "Cloudflare Docs", + "tools_count": 2, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:21:21.741677+00:00" + }, + { + "rank": 155, + "qualified_name": "garasegae/aiskillstore", + "display_name": "AI Skill Store", + "tools_count": 10, + "risk_score": 6.8, + "findings_count": 1, + "toxic_flows_count": 0, + "findings": [ + { + "rule_id": "bawbel-content-type-mismatch", + "ave_id": "AVE-2026-00024", + "title": "Supply chain: content type mismatch (.md file contains yaml)", + "description": "File 'smithery_scan_pvuwm8k8.md' has extension '.md' but Magika identifies its content as 'yaml' (confidence 86%). Expected one of: ['markdown', 'text', 'txt'].", + "severity": "HIGH", + "aivss_score": 6.8, + "aivss": { + "cvss_base": 0.0, + "aarf": { + "autonomy": 0.5, + "tool_use": 0.5, + "multi_agent": 0.0, + "non_determinism": 0.5, + "self_modification": 0.0, + "dynamic_identity": 0.0, + "persistent_memory": 0.0, + "natural_language_input": 1.0, + "data_access": 0.5, + "external_dependencies": 0.0 + }, + "aars": 0.0, + "thm": 0.75, + "mitigation_factor": 1.0, + "aivss_score": 6.8, + "aivss_severity": "HIGH", + "spec_version": "0.8" + }, + "line": null, + "match": ".md -> yaml", + "engine": "magika", + "owasp": [ + "ASI07" + ], + "owasp_mcp": [ + "MCP04" + ], + "piranha_url": "https://api.piranha.bawbel.io/records/AVE-2026-00024" + } + ], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:20:02.984735+00:00" + }, + { + "rank": 155, + "qualified_name": "garasegae/aiskillstore", + "display_name": "AI Skill Store", + "tools_count": 10, + "risk_score": 6.8, + "findings_count": 1, + "toxic_flows_count": 0, + "findings": [ + { + "rule_id": "bawbel-content-type-mismatch", + "ave_id": "AVE-2026-00024", + "title": "Supply chain: content type mismatch (.md file contains yaml)", + "description": "File 'smithery_scan_zz6nj9kw.md' has extension '.md' but Magika identifies its content as 'yaml' (confidence 86%). Expected one of: ['markdown', 'text', 'txt'].", + "severity": "HIGH", + "aivss_score": 6.8, + "aivss": { + "cvss_base": 0.0, + "aarf": { + "autonomy": 0.5, + "tool_use": 0.5, + "multi_agent": 0.0, + "non_determinism": 0.5, + "self_modification": 0.0, + "dynamic_identity": 0.0, + "persistent_memory": 0.0, + "natural_language_input": 1.0, + "data_access": 0.5, + "external_dependencies": 0.0 + }, + "aars": 0.0, + "thm": 0.75, + "mitigation_factor": 1.0, + "aivss_score": 6.8, + "aivss_severity": "HIGH", + "spec_version": "0.8" + }, + "line": null, + "match": ".md -> yaml", + "engine": "magika", + "owasp": [ + "ASI07" + ], + "owasp_mcp": [ + "MCP04" + ], + "piranha_url": "https://api.piranha.bawbel.io/records/AVE-2026-00024" + } + ], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:20:41.084933+00:00" + }, + { + "rank": 155, + "qualified_name": "garasegae/aiskillstore", + "display_name": "AI Skill Store", + "tools_count": 10, + "risk_score": 6.8, + "findings_count": 1, + "toxic_flows_count": 0, + "findings": [ + { + "rule_id": "bawbel-content-type-mismatch", + "ave_id": "AVE-2026-00024", + "title": "Supply chain: content type mismatch (.md file contains yaml)", + "description": "File 'smithery_scan_r0iozsoe.md' has extension '.md' but Magika identifies its content as 'yaml' (confidence 86%). Expected one of: ['markdown', 'text', 'txt'].", + "severity": "HIGH", + "aivss_score": 6.8, + "aivss": { + "cvss_base": 0.0, + "aarf": { + "autonomy": 0.5, + "tool_use": 0.5, + "multi_agent": 0.0, + "non_determinism": 0.5, + "self_modification": 0.0, + "dynamic_identity": 0.0, + "persistent_memory": 0.0, + "natural_language_input": 1.0, + "data_access": 0.5, + "external_dependencies": 0.0 + }, + "aars": 0.0, + "thm": 0.75, + "mitigation_factor": 1.0, + "aivss_score": 6.8, + "aivss_severity": "HIGH", + "spec_version": "0.8" + }, + "line": null, + "match": ".md -> yaml", + "engine": "magika", + "owasp": [ + "ASI07" + ], + "owasp_mcp": [ + "MCP04" + ], + "piranha_url": "https://api.piranha.bawbel.io/records/AVE-2026-00024" + } + ], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:21:24.337269+00:00" + }, + { + "rank": 156, + "qualified_name": "icons8community/icons8mcp", + "display_name": "icons8mcp", + "tools_count": 4, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:20:03.208202+00:00" + }, + { + "rank": 156, + "qualified_name": "icons8community/icons8mcp", + "display_name": "icons8mcp", + "tools_count": 4, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:20:41.589398+00:00" + }, + { + "rank": 156, + "qualified_name": "icons8community/icons8mcp", + "display_name": "icons8mcp", + "tools_count": 4, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:21:24.283296+00:00" + }, + { + "rank": 157, + "qualified_name": "agonzalez/prueba-mcp-seeker", + "display_name": "MCP Seeker", + "tools_count": 9, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:20:03.147982+00:00" + }, + { + "rank": 157, + "qualified_name": "agonzalez/prueba-mcp-seeker", + "display_name": "MCP Seeker", + "tools_count": 9, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:20:43.656000+00:00" + }, + { + "rank": 157, + "qualified_name": "agonzalez/prueba-mcp-seeker", + "display_name": "MCP Seeker", + "tools_count": 9, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:21:26.000889+00:00" + }, + { + "rank": 158, + "qualified_name": "coupang-mcp/coupang", + "display_name": "Coupang", + "tools_count": 3, + "risk_score": 6.8, + "findings_count": 1, + "toxic_flows_count": 0, + "findings": [ + { + "rule_id": "bawbel-content-type-mismatch", + "ave_id": "AVE-2026-00024", + "title": "Supply chain: content type mismatch (.md file contains yaml)", + "description": "File 'smithery_scan_qzkdswa8.md' has extension '.md' but Magika identifies its content as 'yaml' (confidence 92%). Expected one of: ['markdown', 'text', 'txt'].", + "severity": "HIGH", + "aivss_score": 6.8, + "aivss": { + "cvss_base": 0.0, + "aarf": { + "autonomy": 0.5, + "tool_use": 0.5, + "multi_agent": 0.0, + "non_determinism": 0.5, + "self_modification": 0.0, + "dynamic_identity": 0.0, + "persistent_memory": 0.0, + "natural_language_input": 1.0, + "data_access": 0.5, + "external_dependencies": 0.0 + }, + "aars": 0.0, + "thm": 0.75, + "mitigation_factor": 1.0, + "aivss_score": 6.8, + "aivss_severity": "HIGH", + "spec_version": "0.8" + }, + "line": null, + "match": ".md -> yaml", + "engine": "magika", + "owasp": [ + "ASI07" + ], + "owasp_mcp": [ + "MCP04" + ], + "piranha_url": "https://api.piranha.bawbel.io/records/AVE-2026-00024" + } + ], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:20:05.473135+00:00" + }, + { + "rank": 158, + "qualified_name": "coupang-mcp/coupang", + "display_name": "Coupang", + "tools_count": 3, + "risk_score": 6.8, + "findings_count": 1, + "toxic_flows_count": 0, + "findings": [ + { + "rule_id": "bawbel-content-type-mismatch", + "ave_id": "AVE-2026-00024", + "title": "Supply chain: content type mismatch (.md file contains yaml)", + "description": "File 'smithery_scan_z5p99nrt.md' has extension '.md' but Magika identifies its content as 'yaml' (confidence 92%). Expected one of: ['markdown', 'text', 'txt'].", + "severity": "HIGH", + "aivss_score": 6.8, + "aivss": { + "cvss_base": 0.0, + "aarf": { + "autonomy": 0.5, + "tool_use": 0.5, + "multi_agent": 0.0, + "non_determinism": 0.5, + "self_modification": 0.0, + "dynamic_identity": 0.0, + "persistent_memory": 0.0, + "natural_language_input": 1.0, + "data_access": 0.5, + "external_dependencies": 0.0 + }, + "aars": 0.0, + "thm": 0.75, + "mitigation_factor": 1.0, + "aivss_score": 6.8, + "aivss_severity": "HIGH", + "spec_version": "0.8" + }, + "line": null, + "match": ".md -> yaml", + "engine": "magika", + "owasp": [ + "ASI07" + ], + "owasp_mcp": [ + "MCP04" + ], + "piranha_url": "https://api.piranha.bawbel.io/records/AVE-2026-00024" + } + ], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:20:45.082657+00:00" + }, + { + "rank": 158, + "qualified_name": "coupang-mcp/coupang", + "display_name": "Coupang", + "tools_count": 3, + "risk_score": 6.8, + "findings_count": 1, + "toxic_flows_count": 0, + "findings": [ + { + "rule_id": "bawbel-content-type-mismatch", + "ave_id": "AVE-2026-00024", + "title": "Supply chain: content type mismatch (.md file contains yaml)", + "description": "File 'smithery_scan_noj56oeu.md' has extension '.md' but Magika identifies its content as 'yaml' (confidence 92%). Expected one of: ['markdown', 'text', 'txt'].", + "severity": "HIGH", + "aivss_score": 6.8, + "aivss": { + "cvss_base": 0.0, + "aarf": { + "autonomy": 0.5, + "tool_use": 0.5, + "multi_agent": 0.0, + "non_determinism": 0.5, + "self_modification": 0.0, + "dynamic_identity": 0.0, + "persistent_memory": 0.0, + "natural_language_input": 1.0, + "data_access": 0.5, + "external_dependencies": 0.0 + }, + "aars": 0.0, + "thm": 0.75, + "mitigation_factor": 1.0, + "aivss_score": 6.8, + "aivss_severity": "HIGH", + "spec_version": "0.8" + }, + "line": null, + "match": ".md -> yaml", + "engine": "magika", + "owasp": [ + "ASI07" + ], + "owasp_mcp": [ + "MCP04" + ], + "piranha_url": "https://api.piranha.bawbel.io/records/AVE-2026-00024" + } + ], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:21:26.719680+00:00" + }, + { + "rank": 159, + "qualified_name": "rubenayla/partle", + "display_name": "Partle", + "tools_count": 5, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:20:07.476022+00:00" + }, + { + "rank": 159, + "qualified_name": "rubenayla/partle", + "display_name": "Partle", + "tools_count": 5, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:20:46.190078+00:00" + }, + { + "rank": 159, + "qualified_name": "rubenayla/partle", + "display_name": "Partle", + "tools_count": 5, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:21:29.400620+00:00" + }, + { + "rank": 160, + "qualified_name": "agentpact/marketplace", + "display_name": "AgentPact", + "tools_count": 32, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:20:08.606558+00:00" + }, + { + "rank": 160, + "qualified_name": "agentpact/marketplace", + "display_name": "AgentPact", + "tools_count": 32, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:20:46.819166+00:00" + }, + { + "rank": 160, + "qualified_name": "agentpact/marketplace", + "display_name": "AgentPact", + "tools_count": 32, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:21:29.398377+00:00" + }, + { + "rank": 161, + "qualified_name": "hola-ps65/siil-ostomy-store", + "display_name": "SIIL Ostomy Store", + "tools_count": 8, + "risk_score": 6.8, + "findings_count": 1, + "toxic_flows_count": 0, + "findings": [ + { + "rule_id": "bawbel-content-type-mismatch", + "ave_id": "AVE-2026-00024", + "title": "Supply chain: content type mismatch (.md file contains yaml)", + "description": "File 'smithery_scan_r86cr3wi.md' has extension '.md' but Magika identifies its content as 'yaml' (confidence 90%). Expected one of: ['markdown', 'text', 'txt'].", + "severity": "HIGH", + "aivss_score": 6.8, + "aivss": { + "cvss_base": 0.0, + "aarf": { + "autonomy": 0.5, + "tool_use": 0.5, + "multi_agent": 0.0, + "non_determinism": 0.5, + "self_modification": 0.0, + "dynamic_identity": 0.0, + "persistent_memory": 0.0, + "natural_language_input": 1.0, + "data_access": 0.5, + "external_dependencies": 0.0 + }, + "aars": 0.0, + "thm": 0.75, + "mitigation_factor": 1.0, + "aivss_score": 6.8, + "aivss_severity": "HIGH", + "spec_version": "0.8" + }, + "line": null, + "match": ".md -> yaml", + "engine": "magika", + "owasp": [ + "ASI07" + ], + "owasp_mcp": [ + "MCP04" + ], + "piranha_url": "https://api.piranha.bawbel.io/records/AVE-2026-00024" + } + ], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:20:07.665181+00:00" + }, + { + "rank": 161, + "qualified_name": "hola-ps65/siil-ostomy-store", + "display_name": "SIIL Ostomy Store", + "tools_count": 8, + "risk_score": 6.8, + "findings_count": 1, + "toxic_flows_count": 0, + "findings": [ + { + "rule_id": "bawbel-content-type-mismatch", + "ave_id": "AVE-2026-00024", + "title": "Supply chain: content type mismatch (.md file contains yaml)", + "description": "File 'smithery_scan_rloyhopb.md' has extension '.md' but Magika identifies its content as 'yaml' (confidence 90%). Expected one of: ['markdown', 'text', 'txt'].", + "severity": "HIGH", + "aivss_score": 6.8, + "aivss": { + "cvss_base": 0.0, + "aarf": { + "autonomy": 0.5, + "tool_use": 0.5, + "multi_agent": 0.0, + "non_determinism": 0.5, + "self_modification": 0.0, + "dynamic_identity": 0.0, + "persistent_memory": 0.0, + "natural_language_input": 1.0, + "data_access": 0.5, + "external_dependencies": 0.0 + }, + "aars": 0.0, + "thm": 0.75, + "mitigation_factor": 1.0, + "aivss_score": 6.8, + "aivss_severity": "HIGH", + "spec_version": "0.8" + }, + "line": null, + "match": ".md -> yaml", + "engine": "magika", + "owasp": [ + "ASI07" + ], + "owasp_mcp": [ + "MCP04" + ], + "piranha_url": "https://api.piranha.bawbel.io/records/AVE-2026-00024" + } + ], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:20:49.017888+00:00" + }, + { + "rank": 161, + "qualified_name": "hola-ps65/siil-ostomy-store", + "display_name": "SIIL Ostomy Store", + "tools_count": 8, + "risk_score": 6.8, + "findings_count": 1, + "toxic_flows_count": 0, + "findings": [ + { + "rule_id": "bawbel-content-type-mismatch", + "ave_id": "AVE-2026-00024", + "title": "Supply chain: content type mismatch (.md file contains yaml)", + "description": "File 'smithery_scan_01b8y_ub.md' has extension '.md' but Magika identifies its content as 'yaml' (confidence 90%). Expected one of: ['markdown', 'text', 'txt'].", + "severity": "HIGH", + "aivss_score": 6.8, + "aivss": { + "cvss_base": 0.0, + "aarf": { + "autonomy": 0.5, + "tool_use": 0.5, + "multi_agent": 0.0, + "non_determinism": 0.5, + "self_modification": 0.0, + "dynamic_identity": 0.0, + "persistent_memory": 0.0, + "natural_language_input": 1.0, + "data_access": 0.5, + "external_dependencies": 0.0 + }, + "aars": 0.0, + "thm": 0.75, + "mitigation_factor": 1.0, + "aivss_score": 6.8, + "aivss_severity": "HIGH", + "spec_version": "0.8" + }, + "line": null, + "match": ".md -> yaml", + "engine": "magika", + "owasp": [ + "ASI07" + ], + "owasp_mcp": [ + "MCP04" + ], + "piranha_url": "https://api.piranha.bawbel.io/records/AVE-2026-00024" + } + ], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:21:30.748750+00:00" + }, + { + "rank": 162, + "qualified_name": "sigai/cancersupport", + "display_name": "cancersupport", + "tools_count": 4, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:20:50.892729+00:00" + }, + { + "rank": 162, + "qualified_name": "sigai/cancersupport", + "display_name": "cancersupport", + "tools_count": 4, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:21:31.519287+00:00" + }, + { + "rank": 201, + "qualified_name": "AITutor3/calculator-mcp-test", + "display_name": "Calculator", + "tools_count": 4, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:20:52.467869+00:00" + }, + { + "rank": 201, + "qualified_name": "AITutor3/calculator-mcp-test", + "display_name": "Calculator", + "tools_count": 4, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:21:34.979271+00:00" + }, + { + "rank": 201, + "qualified_name": "AITutor3/calculator-mcp-test", + "display_name": "Calculator", + "tools_count": 4, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:22:23.097283+00:00" + }, + { + "rank": 202, + "qualified_name": "seahbk1006/seahboonkeong-chat-bnmapi", + "display_name": "Seah Boon Keong - Chat with BNM API Datasets", + "tools_count": 26, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:20:53.823599+00:00" + }, + { + "rank": 202, + "qualified_name": "seahbk1006/seahboonkeong-chat-bnmapi", + "display_name": "Seah Boon Keong - Chat with BNM API Datasets", + "tools_count": 26, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:21:34.138840+00:00" + }, + { + "rank": 202, + "qualified_name": "seahbk1006/seahboonkeong-chat-bnmapi", + "display_name": "Seah Boon Keong - Chat with BNM API Datasets", + "tools_count": 26, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:22:24.851898+00:00" + }, + { + "rank": 203, + "qualified_name": "hellokitty-v/smithery-mcp-servers", + "display_name": "United States Weather Data Access", + "tools_count": 6, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:20:56.402421+00:00" + }, + { + "rank": 203, + "qualified_name": "hellokitty-v/smithery-mcp-servers", + "display_name": "United States Weather Data Access", + "tools_count": 6, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:21:36.839513+00:00" + }, + { + "rank": 203, + "qualified_name": "hellokitty-v/smithery-mcp-servers", + "display_name": "United States Weather Data Access", + "tools_count": 6, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:22:25.383774+00:00" + }, + { + "rank": 204, + "qualified_name": "vdineshk/ai-compliance-monitor", + "display_name": "ai-compliance-monitor", + "tools_count": 4, + "risk_score": 6.8, + "findings_count": 1, + "toxic_flows_count": 0, + "findings": [ + { + "rule_id": "bawbel-content-type-mismatch", + "ave_id": "AVE-2026-00024", + "title": "Supply chain: content type mismatch (.md file contains yaml)", + "description": "File 'smithery_scan_omg14tt1.md' has extension '.md' but Magika identifies its content as 'yaml' (confidence 85%). Expected one of: ['markdown', 'text', 'txt'].", + "severity": "HIGH", + "aivss_score": 6.8, + "aivss": { + "cvss_base": 0.0, + "aarf": { + "autonomy": 0.5, + "tool_use": 0.5, + "multi_agent": 0.0, + "non_determinism": 0.5, + "self_modification": 0.0, + "dynamic_identity": 0.0, + "persistent_memory": 0.0, + "natural_language_input": 1.0, + "data_access": 0.5, + "external_dependencies": 0.0 + }, + "aars": 0.0, + "thm": 0.75, + "mitigation_factor": 1.0, + "aivss_score": 6.8, + "aivss_severity": "HIGH", + "spec_version": "0.8" + }, + "line": null, + "match": ".md -> yaml", + "engine": "magika", + "owasp": [ + "ASI07" + ], + "owasp_mcp": [ + "MCP04" + ], + "piranha_url": "https://api.piranha.bawbel.io/records/AVE-2026-00024" + } + ], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:20:57.890277+00:00" + }, + { + "rank": 204, + "qualified_name": "vdineshk/ai-compliance-monitor", + "display_name": "ai-compliance-monitor", + "tools_count": 4, + "risk_score": 6.8, + "findings_count": 1, + "toxic_flows_count": 0, + "findings": [ + { + "rule_id": "bawbel-content-type-mismatch", + "ave_id": "AVE-2026-00024", + "title": "Supply chain: content type mismatch (.md file contains yaml)", + "description": "File 'smithery_scan_877me2wm.md' has extension '.md' but Magika identifies its content as 'yaml' (confidence 85%). Expected one of: ['markdown', 'text', 'txt'].", + "severity": "HIGH", + "aivss_score": 6.8, + "aivss": { + "cvss_base": 0.0, + "aarf": { + "autonomy": 0.5, + "tool_use": 0.5, + "multi_agent": 0.0, + "non_determinism": 0.5, + "self_modification": 0.0, + "dynamic_identity": 0.0, + "persistent_memory": 0.0, + "natural_language_input": 1.0, + "data_access": 0.5, + "external_dependencies": 0.0 + }, + "aars": 0.0, + "thm": 0.75, + "mitigation_factor": 1.0, + "aivss_score": 6.8, + "aivss_severity": "HIGH", + "spec_version": "0.8" + }, + "line": null, + "match": ".md -> yaml", + "engine": "magika", + "owasp": [ + "ASI07" + ], + "owasp_mcp": [ + "MCP04" + ], + "piranha_url": "https://api.piranha.bawbel.io/records/AVE-2026-00024" + } + ], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:21:36.520264+00:00" + }, + { + "rank": 204, + "qualified_name": "vdineshk/ai-compliance-monitor", + "display_name": "ai-compliance-monitor", + "tools_count": 4, + "risk_score": 6.8, + "findings_count": 1, + "toxic_flows_count": 0, + "findings": [ + { + "rule_id": "bawbel-content-type-mismatch", + "ave_id": "AVE-2026-00024", + "title": "Supply chain: content type mismatch (.md file contains yaml)", + "description": "File 'smithery_scan_si7148w6.md' has extension '.md' but Magika identifies its content as 'yaml' (confidence 85%). Expected one of: ['markdown', 'text', 'txt'].", + "severity": "HIGH", + "aivss_score": 6.8, + "aivss": { + "cvss_base": 0.0, + "aarf": { + "autonomy": 0.5, + "tool_use": 0.5, + "multi_agent": 0.0, + "non_determinism": 0.5, + "self_modification": 0.0, + "dynamic_identity": 0.0, + "persistent_memory": 0.0, + "natural_language_input": 1.0, + "data_access": 0.5, + "external_dependencies": 0.0 + }, + "aars": 0.0, + "thm": 0.75, + "mitigation_factor": 1.0, + "aivss_score": 6.8, + "aivss_severity": "HIGH", + "spec_version": "0.8" + }, + "line": null, + "match": ".md -> yaml", + "engine": "magika", + "owasp": [ + "ASI07" + ], + "owasp_mcp": [ + "MCP04" + ], + "piranha_url": "https://api.piranha.bawbel.io/records/AVE-2026-00024" + } + ], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:22:25.688080+00:00" + }, + { + "rank": 205, + "qualified_name": "jan-krat-kj4q/tulugar-real-estate", + "display_name": "tulugar-real-estate", + "tools_count": 8, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:20:59.111781+00:00" + }, + { + "rank": 205, + "qualified_name": "jan-krat-kj4q/tulugar-real-estate", + "display_name": "tulugar-real-estate", + "tools_count": 8, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:21:39.109673+00:00" + }, + { + "rank": 205, + "qualified_name": "jan-krat-kj4q/tulugar-real-estate", + "display_name": "tulugar-real-estate", + "tools_count": 8, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:22:28.175158+00:00" + }, + { + "rank": 206, + "qualified_name": "ahmed2real/thinkzone", + "display_name": "NWS Weather & Aviation", + "tools_count": 58, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:21:00.299335+00:00" + }, + { + "rank": 206, + "qualified_name": "ahmed2real/thinkzone", + "display_name": "NWS Weather & Aviation", + "tools_count": 58, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:21:39.807509+00:00" + }, + { + "rank": 206, + "qualified_name": "ahmed2real/thinkzone", + "display_name": "NWS Weather & Aviation", + "tools_count": 58, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:22:30.033514+00:00" + }, + { + "rank": 207, + "qualified_name": "hirofumitorato/japan-ani-search-mcp", + "display_name": "Anime & Manga Library", + "tools_count": 5, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:21:02.712306+00:00" + }, + { + "rank": 207, + "qualified_name": "hirofumitorato/japan-ani-search-mcp", + "display_name": "Anime & Manga Library", + "tools_count": 5, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:21:41.633291+00:00" + }, + { + "rank": 207, + "qualified_name": "hirofumitorato/japan-ani-search-mcp", + "display_name": "Anime & Manga Library", + "tools_count": 5, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:22:30.299135+00:00" + }, + { + "rank": 208, + "qualified_name": "alex-kenny-lee-vfjv/panko-food-safety", + "display_name": "Panko Alerts — Food Safety Data", + "tools_count": 5, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:21:03.980700+00:00" + }, + { + "rank": 208, + "qualified_name": "alex-kenny-lee-vfjv/panko-food-safety", + "display_name": "Panko Alerts — Food Safety Data", + "tools_count": 5, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:21:41.873447+00:00" + }, + { + "rank": 208, + "qualified_name": "alex-kenny-lee-vfjv/panko-food-safety", + "display_name": "Panko Alerts — Food Safety Data", + "tools_count": 5, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:22:30.580507+00:00" + }, + { + "rank": 209, + "qualified_name": "mrodasensio/aicol", + "display_name": "Zuplo Weather", + "tools_count": 58, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:21:04.814278+00:00" + }, + { + "rank": 209, + "qualified_name": "mrodasensio/aicol", + "display_name": "Zuplo Weather", + "tools_count": 58, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:21:44.311391+00:00" + }, + { + "rank": 209, + "qualified_name": "mrodasensio/aicol", + "display_name": "Zuplo Weather", + "tools_count": 58, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:22:33.109517+00:00" + }, + { + "rank": 210, + "qualified_name": "aparajithn/agent-utils", + "display_name": "Developer Utilities", + "tools_count": 18, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:21:06.038977+00:00" + }, + { + "rank": 210, + "qualified_name": "aparajithn/agent-utils", + "display_name": "Developer Utilities", + "tools_count": 18, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:21:44.587086+00:00" + }, + { + "rank": 210, + "qualified_name": "aparajithn/agent-utils", + "display_name": "Developer Utilities", + "tools_count": 18, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:22:35.195423+00:00" + }, + { + "rank": 211, + "qualified_name": "mansamarkets/mansa", + "display_name": "mansa", + "tools_count": 14, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:21:08.395781+00:00" + }, + { + "rank": 211, + "qualified_name": "mansamarkets/mansa", + "display_name": "mansa", + "tools_count": 14, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:21:46.648204+00:00" + }, + { + "rank": 211, + "qualified_name": "mansamarkets/mansa", + "display_name": "mansa", + "tools_count": 14, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:22:35.127527+00:00" + }, + { + "rank": 212, + "qualified_name": "Composio/context7", + "display_name": "Context7", + "tools_count": 2, + "risk_score": 7.3, + "findings_count": 1, + "toxic_flows_count": 0, + "findings": [ + { + "rule_id": "bawbel-mcp-tool-poisoning", + "ave_id": "AVE-2026-00002", + "title": "MCP tool description injection detected", + "description": "MCP server tool description contains instructions targeting the AI agent rather than describing the tool's functionality. Classic MCP tool poisoning attack.", + "severity": "HIGH", + "aivss_score": 7.3, + "aivss": { + "cvss_base": 0.0, + "aarf": { + "autonomy": 0.5, + "tool_use": 0.5, + "multi_agent": 0.0, + "non_determinism": 0.5, + "self_modification": 0.0, + "dynamic_identity": 0.0, + "persistent_memory": 0.0, + "natural_language_input": 1.0, + "data_access": 0.5, + "external_dependencies": 0.0 + }, + "aars": 0.0, + "thm": 0.75, + "mitigation_factor": 1.0, + "aivss_score": 7.3, + "aivss_severity": "HIGH", + "spec_version": "0.8" + }, + "line": 27, + "match": "IMPORTANT: Do not", + "engine": "pattern", + "owasp": [ + "ASI01", + "ASI03" + ], + "owasp_mcp": [ + "MCP03", + "MCP10" + ], + "piranha_url": "https://api.piranha.bawbel.io/records/AVE-2026-00002" + } + ], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:21:09.709366+00:00" + }, + { + "rank": 212, + "qualified_name": "Composio/context7", + "display_name": "Context7", + "tools_count": 2, + "risk_score": 7.3, + "findings_count": 1, + "toxic_flows_count": 0, + "findings": [ + { + "rule_id": "bawbel-mcp-tool-poisoning", + "ave_id": "AVE-2026-00002", + "title": "MCP tool description injection detected", + "description": "MCP server tool description contains instructions targeting the AI agent rather than describing the tool's functionality. Classic MCP tool poisoning attack.", + "severity": "HIGH", + "aivss_score": 7.3, + "aivss": { + "cvss_base": 0.0, + "aarf": { + "autonomy": 0.5, + "tool_use": 0.5, + "multi_agent": 0.0, + "non_determinism": 0.5, + "self_modification": 0.0, + "dynamic_identity": 0.0, + "persistent_memory": 0.0, + "natural_language_input": 1.0, + "data_access": 0.5, + "external_dependencies": 0.0 + }, + "aars": 0.0, + "thm": 0.75, + "mitigation_factor": 1.0, + "aivss_score": 7.3, + "aivss_severity": "HIGH", + "spec_version": "0.8" + }, + "line": 27, + "match": "IMPORTANT: Do not", + "engine": "pattern", + "owasp": [ + "ASI01", + "ASI03" + ], + "owasp_mcp": [ + "MCP03", + "MCP10" + ], + "piranha_url": "https://api.piranha.bawbel.io/records/AVE-2026-00002" + } + ], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:21:46.782437+00:00" + }, + { + "rank": 212, + "qualified_name": "Composio/context7", + "display_name": "Context7", + "tools_count": 2, + "risk_score": 7.3, + "findings_count": 1, + "toxic_flows_count": 0, + "findings": [ + { + "rule_id": "bawbel-mcp-tool-poisoning", + "ave_id": "AVE-2026-00002", + "title": "MCP tool description injection detected", + "description": "MCP server tool description contains instructions targeting the AI agent rather than describing the tool's functionality. Classic MCP tool poisoning attack.", + "severity": "HIGH", + "aivss_score": 7.3, + "aivss": { + "cvss_base": 0.0, + "aarf": { + "autonomy": 0.5, + "tool_use": 0.5, + "multi_agent": 0.0, + "non_determinism": 0.5, + "self_modification": 0.0, + "dynamic_identity": 0.0, + "persistent_memory": 0.0, + "natural_language_input": 1.0, + "data_access": 0.5, + "external_dependencies": 0.0 + }, + "aars": 0.0, + "thm": 0.75, + "mitigation_factor": 1.0, + "aivss_score": 7.3, + "aivss_severity": "HIGH", + "spec_version": "0.8" + }, + "line": 27, + "match": "IMPORTANT: Do not", + "engine": "pattern", + "owasp": [ + "ASI01", + "ASI03" + ], + "owasp_mcp": [ + "MCP03", + "MCP10" + ], + "piranha_url": "https://api.piranha.bawbel.io/records/AVE-2026-00002" + } + ], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:22:35.598274+00:00" + }, + { + "rank": 213, + "qualified_name": "ren89752/aidroid", + "display_name": "aidroid", + "tools_count": 3, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:21:10.954278+00:00" + }, + { + "rank": 213, + "qualified_name": "ren89752/aidroid", + "display_name": "aidroid", + "tools_count": 3, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:21:49.097677+00:00" + }, + { + "rank": 213, + "qualified_name": "ren89752/aidroid", + "display_name": "aidroid", + "tools_count": 3, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:22:37.989896+00:00" + }, + { + "rank": 214, + "qualified_name": "underground-district/ucd-mcp", + "display_name": "ucd-mcp", + "tools_count": 21, + "risk_score": 9.1, + "findings_count": 1, + "toxic_flows_count": 0, + "findings": [ + { + "rule_id": "AVE_ToolOutputExfil", + "ave_id": "AVE-2026-00026", + "title": "AVE_ToolOutputExfil", + "description": "YARA rule matched", + "severity": "CRITICAL", + "aivss_score": 9.1, + "aivss": { + "cvss_base": 0.0, + "aarf": { + "autonomy": 0.5, + "tool_use": 0.5, + "multi_agent": 0.0, + "non_determinism": 0.5, + "self_modification": 0.0, + "dynamic_identity": 0.0, + "persistent_memory": 0.0, + "natural_language_input": 1.0, + "data_access": 0.5, + "external_dependencies": 0.0 + }, + "aars": 0.0, + "thm": 0.75, + "mitigation_factor": 1.0, + "aivss_score": 9.1, + "aivss_severity": "CRITICAL", + "spec_version": "0.8" + }, + "line": null, + "match": "encode", + "engine": "yara", + "owasp": [], + "owasp_mcp": [ + "MCP01", + "MCP08" + ], + "piranha_url": "https://api.piranha.bawbel.io/records/AVE-2026-00026" + } + ], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:21:49.174753+00:00" + }, + { + "rank": 214, + "qualified_name": "underground-district/ucd-mcp", + "display_name": "ucd-mcp", + "tools_count": 21, + "risk_score": 9.1, + "findings_count": 1, + "toxic_flows_count": 0, + "findings": [ + { + "rule_id": "AVE_ToolOutputExfil", + "ave_id": "AVE-2026-00026", + "title": "AVE_ToolOutputExfil", + "description": "YARA rule matched", + "severity": "CRITICAL", + "aivss_score": 9.1, + "aivss": { + "cvss_base": 0.0, + "aarf": { + "autonomy": 0.5, + "tool_use": 0.5, + "multi_agent": 0.0, + "non_determinism": 0.5, + "self_modification": 0.0, + "dynamic_identity": 0.0, + "persistent_memory": 0.0, + "natural_language_input": 1.0, + "data_access": 0.5, + "external_dependencies": 0.0 + }, + "aars": 0.0, + "thm": 0.75, + "mitigation_factor": 1.0, + "aivss_score": 9.1, + "aivss_severity": "CRITICAL", + "spec_version": "0.8" + }, + "line": null, + "match": "encode", + "engine": "yara", + "owasp": [], + "owasp_mcp": [ + "MCP01", + "MCP08" + ], + "piranha_url": "https://api.piranha.bawbel.io/records/AVE-2026-00026" + } + ], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:22:40.368630+00:00" + }, + { + "rank": 251, + "qualified_name": "nponette/sucesio-mcp", + "display_name": "sucesio-mcp", + "tools_count": 12, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:21:53.303831+00:00" + }, + { + "rank": 251, + "qualified_name": "nponette/sucesio-mcp", + "display_name": "sucesio-mcp", + "tools_count": 12, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:22:40.074615+00:00" + }, + { + "rank": 251, + "qualified_name": "nponette/sucesio-mcp", + "display_name": "sucesio-mcp", + "tools_count": 12, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:23:28.369286+00:00" + }, + { + "rank": 252, + "qualified_name": "strale-io/strale", + "display_name": "strale", + "tools_count": 8, + "risk_score": 6.5, + "findings_count": 1, + "toxic_flows_count": 0, + "findings": [ + { + "rule_id": "bawbel-pii-exfiltration", + "ave_id": "AVE-2026-00013", + "title": "PII exfiltration pattern detected", + "description": "Component instructs agent to collect and transmit personally identifiable information (PII) to an external destination.", + "severity": "HIGH", + "aivss_score": 6.5, + "aivss": { + "cvss_base": 0.0, + "aarf": { + "autonomy": 0.5, + "tool_use": 0.5, + "multi_agent": 0.0, + "non_determinism": 0.5, + "self_modification": 0.0, + "dynamic_identity": 0.0, + "persistent_memory": 0.0, + "natural_language_input": 1.0, + "data_access": 0.5, + "external_dependencies": 0.0 + }, + "aars": 0.0, + "thm": 0.75, + "mitigation_factor": 1.0, + "aivss_score": 6.5, + "aivss_severity": "HIGH", + "spec_version": "0.8" + }, + "line": 12, + "match": "extract data from a URL or PDF, check VAT numbers, verify email deliverability, ", + "engine": "pattern", + "owasp": [ + "ASI06" + ], + "owasp_mcp": [ + "MCP01", + "MCP05" + ], + "piranha_url": "https://api.piranha.bawbel.io/records/AVE-2026-00013" + } + ], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:21:51.513667+00:00" + }, + { + "rank": 252, + "qualified_name": "strale-io/strale", + "display_name": "strale", + "tools_count": 8, + "risk_score": 6.5, + "findings_count": 1, + "toxic_flows_count": 0, + "findings": [ + { + "rule_id": "bawbel-pii-exfiltration", + "ave_id": "AVE-2026-00013", + "title": "PII exfiltration pattern detected", + "description": "Component instructs agent to collect and transmit personally identifiable information (PII) to an external destination.", + "severity": "HIGH", + "aivss_score": 6.5, + "aivss": { + "cvss_base": 0.0, + "aarf": { + "autonomy": 0.5, + "tool_use": 0.5, + "multi_agent": 0.0, + "non_determinism": 0.5, + "self_modification": 0.0, + "dynamic_identity": 0.0, + "persistent_memory": 0.0, + "natural_language_input": 1.0, + "data_access": 0.5, + "external_dependencies": 0.0 + }, + "aars": 0.0, + "thm": 0.75, + "mitigation_factor": 1.0, + "aivss_score": 6.5, + "aivss_severity": "HIGH", + "spec_version": "0.8" + }, + "line": 12, + "match": "extract data from a URL or PDF, check VAT numbers, verify email deliverability, ", + "engine": "pattern", + "owasp": [ + "ASI06" + ], + "owasp_mcp": [ + "MCP01", + "MCP05" + ], + "piranha_url": "https://api.piranha.bawbel.io/records/AVE-2026-00013" + } + ], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:22:40.486502+00:00" + }, + { + "rank": 252, + "qualified_name": "strale-io/strale", + "display_name": "strale", + "tools_count": 8, + "risk_score": 6.5, + "findings_count": 1, + "toxic_flows_count": 0, + "findings": [ + { + "rule_id": "bawbel-pii-exfiltration", + "ave_id": "AVE-2026-00013", + "title": "PII exfiltration pattern detected", + "description": "Component instructs agent to collect and transmit personally identifiable information (PII) to an external destination.", + "severity": "HIGH", + "aivss_score": 6.5, + "aivss": { + "cvss_base": 0.0, + "aarf": { + "autonomy": 0.5, + "tool_use": 0.5, + "multi_agent": 0.0, + "non_determinism": 0.5, + "self_modification": 0.0, + "dynamic_identity": 0.0, + "persistent_memory": 0.0, + "natural_language_input": 1.0, + "data_access": 0.5, + "external_dependencies": 0.0 + }, + "aars": 0.0, + "thm": 0.75, + "mitigation_factor": 1.0, + "aivss_score": 6.5, + "aivss_severity": "HIGH", + "spec_version": "0.8" + }, + "line": 12, + "match": "extract data from a URL or PDF, check VAT numbers, verify email deliverability, ", + "engine": "pattern", + "owasp": [ + "ASI06" + ], + "owasp_mcp": [ + "MCP01", + "MCP05" + ], + "piranha_url": "https://api.piranha.bawbel.io/records/AVE-2026-00013" + } + ], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:23:28.876137+00:00" + }, + { + "rank": 253, + "qualified_name": "preetrajdeo/autoapply-mcp", + "display_name": "autoapply-mcp", + "tools_count": 10, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:21:54.042802+00:00" + }, + { + "rank": 253, + "qualified_name": "preetrajdeo/autoapply-mcp", + "display_name": "autoapply-mcp", + "tools_count": 10, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:22:42.887979+00:00" + }, + { + "rank": 253, + "qualified_name": "preetrajdeo/autoapply-mcp", + "display_name": "autoapply-mcp", + "tools_count": 10, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:23:29.514294+00:00" + }, + { + "rank": 254, + "qualified_name": "aws/docs", + "display_name": "aws", + "tools_count": 3, + "risk_score": 8.2, + "findings_count": 2, + "toxic_flows_count": 0, + "findings": [ + { + "rule_id": "bawbel-content-type-mismatch", + "ave_id": "AVE-2026-00024", + "title": "Supply chain: content type mismatch (.md file contains yaml)", + "description": "File 'smithery_scan_za7wz10q.md' has extension '.md' but Magika identifies its content as 'yaml' (confidence 76%). Expected one of: ['markdown', 'text', 'txt'].", + "severity": "HIGH", + "aivss_score": 6.8, + "aivss": { + "cvss_base": 0.0, + "aarf": { + "autonomy": 0.5, + "tool_use": 0.5, + "multi_agent": 0.0, + "non_determinism": 0.5, + "self_modification": 0.0, + "dynamic_identity": 0.0, + "persistent_memory": 0.0, + "natural_language_input": 1.0, + "data_access": 0.5, + "external_dependencies": 0.0 + }, + "aars": 0.0, + "thm": 0.75, + "mitigation_factor": 1.0, + "aivss_score": 6.8, + "aivss_severity": "HIGH", + "spec_version": "0.8" + }, + "line": null, + "match": ".md -> yaml", + "engine": "magika", + "owasp": [ + "ASI07" + ], + "owasp_mcp": [ + "MCP04" + ], + "piranha_url": "https://api.piranha.bawbel.io/records/AVE-2026-00024" + }, + { + "rule_id": "AVE_DynamicToolCall", + "ave_id": "AVE-2026-00011", + "title": "Skill embeds explicit tool invocations with attacker-controlled parameters", + "description": "Skill embeds explicit tool invocations with attacker-controlled parameters", + "severity": "HIGH", + "aivss_score": 8.2, + "aivss": { + "cvss_base": 0.0, + "aarf": { + "autonomy": 0.5, + "tool_use": 0.5, + "multi_agent": 0.0, + "non_determinism": 0.5, + "self_modification": 0.0, + "dynamic_identity": 0.0, + "persistent_memory": 0.0, + "natural_language_input": 1.0, + "data_access": 0.5, + "external_dependencies": 0.0 + }, + "aars": 0.0, + "thm": 0.75, + "mitigation_factor": 1.0, + "aivss_score": 8.2, + "aivss_severity": "HIGH", + "spec_version": "0.8" + }, + "line": null, + "match": "Call this tool with", + "engine": "yara", + "owasp": [ + "ASI07" + ], + "owasp_mcp": [ + "MCP03", + "MCP05" + ], + "piranha_url": "https://api.piranha.bawbel.io/records/AVE-2026-00011" + } + ], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:21:54.293526+00:00" + }, + { + "rank": 254, + "qualified_name": "aws/docs", + "display_name": "aws", + "tools_count": 3, + "risk_score": 8.2, + "findings_count": 2, + "toxic_flows_count": 0, + "findings": [ + { + "rule_id": "bawbel-content-type-mismatch", + "ave_id": "AVE-2026-00024", + "title": "Supply chain: content type mismatch (.md file contains yaml)", + "description": "File 'smithery_scan_ungwaw86.md' has extension '.md' but Magika identifies its content as 'yaml' (confidence 76%). Expected one of: ['markdown', 'text', 'txt'].", + "severity": "HIGH", + "aivss_score": 6.8, + "aivss": { + "cvss_base": 0.0, + "aarf": { + "autonomy": 0.5, + "tool_use": 0.5, + "multi_agent": 0.0, + "non_determinism": 0.5, + "self_modification": 0.0, + "dynamic_identity": 0.0, + "persistent_memory": 0.0, + "natural_language_input": 1.0, + "data_access": 0.5, + "external_dependencies": 0.0 + }, + "aars": 0.0, + "thm": 0.75, + "mitigation_factor": 1.0, + "aivss_score": 6.8, + "aivss_severity": "HIGH", + "spec_version": "0.8" + }, + "line": null, + "match": ".md -> yaml", + "engine": "magika", + "owasp": [ + "ASI07" + ], + "owasp_mcp": [ + "MCP04" + ], + "piranha_url": "https://api.piranha.bawbel.io/records/AVE-2026-00024" + }, + { + "rule_id": "AVE_DynamicToolCall", + "ave_id": "AVE-2026-00011", + "title": "Skill embeds explicit tool invocations with attacker-controlled parameters", + "description": "Skill embeds explicit tool invocations with attacker-controlled parameters", + "severity": "HIGH", + "aivss_score": 8.2, + "aivss": { + "cvss_base": 0.0, + "aarf": { + "autonomy": 0.5, + "tool_use": 0.5, + "multi_agent": 0.0, + "non_determinism": 0.5, + "self_modification": 0.0, + "dynamic_identity": 0.0, + "persistent_memory": 0.0, + "natural_language_input": 1.0, + "data_access": 0.5, + "external_dependencies": 0.0 + }, + "aars": 0.0, + "thm": 0.75, + "mitigation_factor": 1.0, + "aivss_score": 8.2, + "aivss_severity": "HIGH", + "spec_version": "0.8" + }, + "line": null, + "match": "Call this tool with", + "engine": "yara", + "owasp": [ + "ASI07" + ], + "owasp_mcp": [ + "MCP03", + "MCP05" + ], + "piranha_url": "https://api.piranha.bawbel.io/records/AVE-2026-00011" + } + ], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:22:45.879273+00:00" + }, + { + "rank": 254, + "qualified_name": "aws/docs", + "display_name": "aws", + "tools_count": 3, + "risk_score": 8.2, + "findings_count": 2, + "toxic_flows_count": 0, + "findings": [ + { + "rule_id": "bawbel-content-type-mismatch", + "ave_id": "AVE-2026-00024", + "title": "Supply chain: content type mismatch (.md file contains yaml)", + "description": "File 'smithery_scan_sa51hcko.md' has extension '.md' but Magika identifies its content as 'yaml' (confidence 76%). Expected one of: ['markdown', 'text', 'txt'].", + "severity": "HIGH", + "aivss_score": 6.8, + "aivss": { + "cvss_base": 0.0, + "aarf": { + "autonomy": 0.5, + "tool_use": 0.5, + "multi_agent": 0.0, + "non_determinism": 0.5, + "self_modification": 0.0, + "dynamic_identity": 0.0, + "persistent_memory": 0.0, + "natural_language_input": 1.0, + "data_access": 0.5, + "external_dependencies": 0.0 + }, + "aars": 0.0, + "thm": 0.75, + "mitigation_factor": 1.0, + "aivss_score": 6.8, + "aivss_severity": "HIGH", + "spec_version": "0.8" + }, + "line": null, + "match": ".md -> yaml", + "engine": "magika", + "owasp": [ + "ASI07" + ], + "owasp_mcp": [ + "MCP04" + ], + "piranha_url": "https://api.piranha.bawbel.io/records/AVE-2026-00024" + }, + { + "rule_id": "AVE_DynamicToolCall", + "ave_id": "AVE-2026-00011", + "title": "Skill embeds explicit tool invocations with attacker-controlled parameters", + "description": "Skill embeds explicit tool invocations with attacker-controlled parameters", + "severity": "HIGH", + "aivss_score": 8.2, + "aivss": { + "cvss_base": 0.0, + "aarf": { + "autonomy": 0.5, + "tool_use": 0.5, + "multi_agent": 0.0, + "non_determinism": 0.5, + "self_modification": 0.0, + "dynamic_identity": 0.0, + "persistent_memory": 0.0, + "natural_language_input": 1.0, + "data_access": 0.5, + "external_dependencies": 0.0 + }, + "aars": 0.0, + "thm": 0.75, + "mitigation_factor": 1.0, + "aivss_score": 8.2, + "aivss_severity": "HIGH", + "spec_version": "0.8" + }, + "line": null, + "match": "Call this tool with", + "engine": "yara", + "owasp": [ + "ASI07" + ], + "owasp_mcp": [ + "MCP03", + "MCP05" + ], + "piranha_url": "https://api.piranha.bawbel.io/records/AVE-2026-00011" + } + ], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:23:33.359176+00:00" + }, + { + "rank": 255, + "qualified_name": "Boysam2/aidroid", + "display_name": "aidroid", + "tools_count": 3, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:21:56.748648+00:00" + }, + { + "rank": 255, + "qualified_name": "Boysam2/aidroid", + "display_name": "aidroid", + "tools_count": 3, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:22:45.201616+00:00" + }, + { + "rank": 255, + "qualified_name": "Boysam2/aidroid", + "display_name": "aidroid", + "tools_count": 3, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:23:33.538518+00:00" + }, + { + "rank": 256, + "qualified_name": "demomagic/lucy-apro", + "display_name": "lucy-apro", + "tools_count": 8, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:21:58.277111+00:00" + }, + { + "rank": 256, + "qualified_name": "demomagic/lucy-apro", + "display_name": "lucy-apro", + "tools_count": 8, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:22:45.565914+00:00" + }, + { + "rank": 256, + "qualified_name": "demomagic/lucy-apro", + "display_name": "lucy-apro", + "tools_count": 8, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:23:33.747938+00:00" + }, + { + "rank": 257, + "qualified_name": "monsterxx03/gospy", + "display_name": "Go Process Inspector", + "tools_count": 4, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:21:58.992249+00:00" + }, + { + "rank": 257, + "qualified_name": "monsterxx03/gospy", + "display_name": "Go Process Inspector", + "tools_count": 4, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:22:48.148278+00:00" + }, + { + "rank": 257, + "qualified_name": "monsterxx03/gospy", + "display_name": "Go Process Inspector", + "tools_count": 4, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:23:34.353794+00:00" + }, + { + "rank": 258, + "qualified_name": "ebenova/legal-docs", + "display_name": "legal-docs", + "tools_count": 8, + "risk_score": 9.8, + "findings_count": 2, + "toxic_flows_count": 1, + "findings": [ + { + "rule_id": "bawbel-content-type-mismatch", + "ave_id": "AVE-2026-00024", + "title": "Supply chain: content type mismatch (.md file contains yaml)", + "description": "File 'smithery_scan_0e5_6mlx.md' has extension '.md' but Magika identifies its content as 'yaml' (confidence 78%). Expected one of: ['markdown', 'text', 'txt'].", + "severity": "HIGH", + "aivss_score": 6.8, + "aivss": { + "cvss_base": 0.0, + "aarf": { + "autonomy": 0.5, + "tool_use": 0.5, + "multi_agent": 0.0, + "non_determinism": 0.5, + "self_modification": 0.0, + "dynamic_identity": 0.0, + "persistent_memory": 0.0, + "natural_language_input": 1.0, + "data_access": 0.5, + "external_dependencies": 0.0 + }, + "aars": 0.0, + "thm": 0.75, + "mitigation_factor": 1.0, + "aivss_score": 6.8, + "aivss_severity": "HIGH", + "spec_version": "0.8" + }, + "line": null, + "match": ".md -> yaml", + "engine": "magika", + "owasp": [ + "ASI07" + ], + "owasp_mcp": [ + "MCP04" + ], + "piranha_url": "https://api.piranha.bawbel.io/records/AVE-2026-00024" + }, + { + "rule_id": "bawbel-pii-exfiltration", + "ave_id": "AVE-2026-00013", + "title": "PII exfiltration pattern detected", + "description": "Component instructs agent to collect and transmit personally identifiable information (PII) to an external destination.", + "severity": "HIGH", + "aivss_score": 6.5, + "aivss": { + "cvss_base": 0.0, + "aarf": { + "autonomy": 0.5, + "tool_use": 0.5, + "multi_agent": 0.0, + "non_determinism": 0.5, + "self_modification": 0.0, + "dynamic_identity": 0.0, + "persistent_memory": 0.0, + "natural_language_input": 1.0, + "data_access": 0.5, + "external_dependencies": 0.0 + }, + "aars": 0.0, + "thm": 0.75, + "mitigation_factor": 1.0, + "aivss_score": 6.5, + "aivss_severity": "HIGH", + "spec_version": "0.8" + }, + "line": 10, + "match": "Extract structured legal document fields from a raw conversation (WhatsApp, emai", + "engine": "pattern", + "owasp": [ + "ASI06" + ], + "owasp_mcp": [ + "MCP01", + "MCP05" + ], + "piranha_url": "https://api.piranha.bawbel.io/records/AVE-2026-00013" + } + ], + "toxic_flows": [ + { + "flow_id": "credential-exfiltration", + "title": "Credential Exfiltration Chain", + "ave_ids": [ + "AVE-2026-00013" + ], + "capabilities": [ + "credential-read", + "data-exfil" + ], + "severity": "CRITICAL", + "aivss_score": 9.8, + "description": "Component reads credentials or secrets AND transmits data externally. Complete credential theft attack chain - reads API keys, .env files, or tokens, then encodes and exfiltrates them to an attacker-controlled endpoint.", + "owasp_mcp": [ + "MCP01", + "MCP05" + ], + "remediation": "1. Remove all credential-read patterns - agent should never instruct the model to read .env, API keys, or tokens. 2. Remove all external transmission instructions. 3. If both cannot be removed, isolate them into separate components with no shared execution context." + } + ], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:21:59.323278+00:00" + }, + { + "rank": 258, + "qualified_name": "ebenova/legal-docs", + "display_name": "legal-docs", + "tools_count": 8, + "risk_score": 9.8, + "findings_count": 2, + "toxic_flows_count": 1, + "findings": [ + { + "rule_id": "bawbel-content-type-mismatch", + "ave_id": "AVE-2026-00024", + "title": "Supply chain: content type mismatch (.md file contains yaml)", + "description": "File 'smithery_scan_3jdkun29.md' has extension '.md' but Magika identifies its content as 'yaml' (confidence 78%). Expected one of: ['markdown', 'text', 'txt'].", + "severity": "HIGH", + "aivss_score": 6.8, + "aivss": { + "cvss_base": 0.0, + "aarf": { + "autonomy": 0.5, + "tool_use": 0.5, + "multi_agent": 0.0, + "non_determinism": 0.5, + "self_modification": 0.0, + "dynamic_identity": 0.0, + "persistent_memory": 0.0, + "natural_language_input": 1.0, + "data_access": 0.5, + "external_dependencies": 0.0 + }, + "aars": 0.0, + "thm": 0.75, + "mitigation_factor": 1.0, + "aivss_score": 6.8, + "aivss_severity": "HIGH", + "spec_version": "0.8" + }, + "line": null, + "match": ".md -> yaml", + "engine": "magika", + "owasp": [ + "ASI07" + ], + "owasp_mcp": [ + "MCP04" + ], + "piranha_url": "https://api.piranha.bawbel.io/records/AVE-2026-00024" + }, + { + "rule_id": "bawbel-pii-exfiltration", + "ave_id": "AVE-2026-00013", + "title": "PII exfiltration pattern detected", + "description": "Component instructs agent to collect and transmit personally identifiable information (PII) to an external destination.", + "severity": "HIGH", + "aivss_score": 6.5, + "aivss": { + "cvss_base": 0.0, + "aarf": { + "autonomy": 0.5, + "tool_use": 0.5, + "multi_agent": 0.0, + "non_determinism": 0.5, + "self_modification": 0.0, + "dynamic_identity": 0.0, + "persistent_memory": 0.0, + "natural_language_input": 1.0, + "data_access": 0.5, + "external_dependencies": 0.0 + }, + "aars": 0.0, + "thm": 0.75, + "mitigation_factor": 1.0, + "aivss_score": 6.5, + "aivss_severity": "HIGH", + "spec_version": "0.8" + }, + "line": 10, + "match": "Extract structured legal document fields from a raw conversation (WhatsApp, emai", + "engine": "pattern", + "owasp": [ + "ASI06" + ], + "owasp_mcp": [ + "MCP01", + "MCP05" + ], + "piranha_url": "https://api.piranha.bawbel.io/records/AVE-2026-00013" + } + ], + "toxic_flows": [ + { + "flow_id": "credential-exfiltration", + "title": "Credential Exfiltration Chain", + "ave_ids": [ + "AVE-2026-00013" + ], + "capabilities": [ + "credential-read", + "data-exfil" + ], + "severity": "CRITICAL", + "aivss_score": 9.8, + "description": "Component reads credentials or secrets AND transmits data externally. Complete credential theft attack chain - reads API keys, .env files, or tokens, then encodes and exfiltrates them to an attacker-controlled endpoint.", + "owasp_mcp": [ + "MCP01", + "MCP05" + ], + "remediation": "1. Remove all credential-read patterns - agent should never instruct the model to read .env, API keys, or tokens. 2. Remove all external transmission instructions. 3. If both cannot be removed, isolate them into separate components with no shared execution context." + } + ], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:22:50.068148+00:00" + }, + { + "rank": 258, + "qualified_name": "ebenova/legal-docs", + "display_name": "legal-docs", + "tools_count": 8, + "risk_score": 9.8, + "findings_count": 2, + "toxic_flows_count": 1, + "findings": [ + { + "rule_id": "bawbel-content-type-mismatch", + "ave_id": "AVE-2026-00024", + "title": "Supply chain: content type mismatch (.md file contains yaml)", + "description": "File 'smithery_scan_jntwdps1.md' has extension '.md' but Magika identifies its content as 'yaml' (confidence 78%). Expected one of: ['markdown', 'text', 'txt'].", + "severity": "HIGH", + "aivss_score": 6.8, + "aivss": { + "cvss_base": 0.0, + "aarf": { + "autonomy": 0.5, + "tool_use": 0.5, + "multi_agent": 0.0, + "non_determinism": 0.5, + "self_modification": 0.0, + "dynamic_identity": 0.0, + "persistent_memory": 0.0, + "natural_language_input": 1.0, + "data_access": 0.5, + "external_dependencies": 0.0 + }, + "aars": 0.0, + "thm": 0.75, + "mitigation_factor": 1.0, + "aivss_score": 6.8, + "aivss_severity": "HIGH", + "spec_version": "0.8" + }, + "line": null, + "match": ".md -> yaml", + "engine": "magika", + "owasp": [ + "ASI07" + ], + "owasp_mcp": [ + "MCP04" + ], + "piranha_url": "https://api.piranha.bawbel.io/records/AVE-2026-00024" + }, + { + "rule_id": "bawbel-pii-exfiltration", + "ave_id": "AVE-2026-00013", + "title": "PII exfiltration pattern detected", + "description": "Component instructs agent to collect and transmit personally identifiable information (PII) to an external destination.", + "severity": "HIGH", + "aivss_score": 6.5, + "aivss": { + "cvss_base": 0.0, + "aarf": { + "autonomy": 0.5, + "tool_use": 0.5, + "multi_agent": 0.0, + "non_determinism": 0.5, + "self_modification": 0.0, + "dynamic_identity": 0.0, + "persistent_memory": 0.0, + "natural_language_input": 1.0, + "data_access": 0.5, + "external_dependencies": 0.0 + }, + "aars": 0.0, + "thm": 0.75, + "mitigation_factor": 1.0, + "aivss_score": 6.5, + "aivss_severity": "HIGH", + "spec_version": "0.8" + }, + "line": 10, + "match": "Extract structured legal document fields from a raw conversation (WhatsApp, emai", + "engine": "pattern", + "owasp": [ + "ASI06" + ], + "owasp_mcp": [ + "MCP01", + "MCP05" + ], + "piranha_url": "https://api.piranha.bawbel.io/records/AVE-2026-00013" + } + ], + "toxic_flows": [ + { + "flow_id": "credential-exfiltration", + "title": "Credential Exfiltration Chain", + "ave_ids": [ + "AVE-2026-00013" + ], + "capabilities": [ + "credential-read", + "data-exfil" + ], + "severity": "CRITICAL", + "aivss_score": 9.8, + "description": "Component reads credentials or secrets AND transmits data externally. Complete credential theft attack chain - reads API keys, .env files, or tokens, then encodes and exfiltrates them to an attacker-controlled endpoint.", + "owasp_mcp": [ + "MCP01", + "MCP05" + ], + "remediation": "1. Remove all credential-read patterns - agent should never instruct the model to read .env, API keys, or tokens. 2. Remove all external transmission instructions. 3. If both cannot be removed, isolate them into separate components with no shared execution context." + } + ], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:23:37.978794+00:00" + }, + { + "rank": 259, + "qualified_name": "rahular101/test-101", + "display_name": "test-101", + "tools_count": 3, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:22:01.658864+00:00" + }, + { + "rank": 259, + "qualified_name": "rahular101/test-101", + "display_name": "test-101", + "tools_count": 3, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:22:50.390891+00:00" + }, + { + "rank": 259, + "qualified_name": "rahular101/test-101", + "display_name": "test-101", + "tools_count": 3, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:23:38.277856+00:00" + }, + { + "rank": 301, + "qualified_name": "anusha5191/aicollectivetest", + "display_name": "Zuplo Weather", + "tools_count": 58, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:22:03.291800+00:00" + }, + { + "rank": 301, + "qualified_name": "anusha5191/aicollectivetest", + "display_name": "Zuplo Weather", + "tools_count": 58, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:22:50.724760+00:00" + }, + { + "rank": 301, + "qualified_name": "anusha5191/aicollectivetest", + "display_name": "Zuplo Weather", + "tools_count": 58, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:23:38.509812+00:00" + }, + { + "rank": 301, + "qualified_name": "anusha5191/aicollectivetest", + "display_name": "Zuplo Weather", + "tools_count": 58, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:24:28.573558+00:00" + }, + { + "rank": 302, + "qualified_name": "lochmueller/muell-io", + "display_name": "muell-io", + "tools_count": 1, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:22:03.946590+00:00" + }, + { + "rank": 302, + "qualified_name": "lochmueller/muell-io", + "display_name": "muell-io", + "tools_count": 1, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:22:53.027426+00:00" + }, + { + "rank": 302, + "qualified_name": "lochmueller/muell-io", + "display_name": "muell-io", + "tools_count": 1, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:23:39.320423+00:00" + }, + { + "rank": 302, + "qualified_name": "lochmueller/muell-io", + "display_name": "muell-io", + "tools_count": 1, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:24:31.800278+00:00" + }, + { + "rank": 303, + "qualified_name": "gigachadtrey/websimm", + "display_name": "WebSim Explorer", + "tools_count": 11, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:22:04.178290+00:00" + }, + { + "rank": 303, + "qualified_name": "gigachadtrey/websimm", + "display_name": "WebSim Explorer", + "tools_count": 11, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:22:55.018400+00:00" + }, + { + "rank": 303, + "qualified_name": "gigachadtrey/websimm", + "display_name": "WebSim Explorer", + "tools_count": 11, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:23:42.753529+00:00" + }, + { + "rank": 303, + "qualified_name": "gigachadtrey/websimm", + "display_name": "WebSim Explorer", + "tools_count": 11, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:24:32.310090+00:00" + }, + { + "rank": 304, + "qualified_name": "algovault/crypto-quant-signal-mcp", + "display_name": "crypto-quant-signal-mcp", + "tools_count": 3, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:22:07.061276+00:00" + }, + { + "rank": 304, + "qualified_name": "algovault/crypto-quant-signal-mcp", + "display_name": "crypto-quant-signal-mcp", + "tools_count": 3, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:22:55.193888+00:00" + }, + { + "rank": 304, + "qualified_name": "algovault/crypto-quant-signal-mcp", + "display_name": "crypto-quant-signal-mcp", + "tools_count": 3, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:23:42.997251+00:00" + }, + { + "rank": 304, + "qualified_name": "algovault/crypto-quant-signal-mcp", + "display_name": "crypto-quant-signal-mcp", + "tools_count": 3, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:24:34.081721+00:00" + }, + { + "rank": 305, + "qualified_name": "jarvis-stark1985/superhero-mcp-server", + "display_name": "SuperHero MCP Server", + "tools_count": 24, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:22:09.601646+00:00" + }, + { + "rank": 305, + "qualified_name": "jarvis-stark1985/superhero-mcp-server", + "display_name": "SuperHero MCP Server", + "tools_count": 24, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:22:57.105121+00:00" + }, + { + "rank": 305, + "qualified_name": "jarvis-stark1985/superhero-mcp-server", + "display_name": "SuperHero MCP Server", + "tools_count": 24, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:23:43.175818+00:00" + }, + { + "rank": 305, + "qualified_name": "jarvis-stark1985/superhero-mcp-server", + "display_name": "SuperHero MCP Server", + "tools_count": 24, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:24:34.458656+00:00" + }, + { + "rank": 306, + "qualified_name": "aparajithn/agent-utils-mcp-new", + "display_name": "Developer Utilities", + "tools_count": 18, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:22:57.697904+00:00" + }, + { + "rank": 306, + "qualified_name": "aparajithn/agent-utils-mcp-new", + "display_name": "Developer Utilities", + "tools_count": 18, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:23:43.901058+00:00" + }, + { + "rank": 306, + "qualified_name": "aparajithn/agent-utils-mcp-new", + "display_name": "Developer Utilities", + "tools_count": 18, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:24:37.373018+00:00" + }, + { + "rank": 307, + "qualified_name": "hashirsiddiqui15/ami-bookstore-mcp-h", + "display_name": "Islamic Books & Quran Reference Library", + "tools_count": 9, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:23:01.693867+00:00" + }, + { + "rank": 307, + "qualified_name": "hashirsiddiqui15/ami-bookstore-mcp-h", + "display_name": "Islamic Books & Quran Reference Library", + "tools_count": 9, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:23:47.520650+00:00" + }, + { + "rank": 307, + "qualified_name": "hashirsiddiqui15/ami-bookstore-mcp-h", + "display_name": "Islamic Books & Quran Reference Library", + "tools_count": 9, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:24:37.690418+00:00" + }, + { + "rank": 308, + "qualified_name": "garfield-bb/hap_paas2025", + "display_name": "FlowSheets", + "tools_count": 36, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:23:01.836077+00:00" + }, + { + "rank": 308, + "qualified_name": "garfield-bb/hap_paas2025", + "display_name": "FlowSheets", + "tools_count": 36, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:23:47.810710+00:00" + }, + { + "rank": 308, + "qualified_name": "garfield-bb/hap_paas2025", + "display_name": "FlowSheets", + "tools_count": 36, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:24:39.638175+00:00" + }, + { + "rank": 309, + "qualified_name": "sidearmdrm/sidearm", + "display_name": "Sidearm", + "tools_count": 19, + "risk_score": 9.8, + "findings_count": 2, + "toxic_flows_count": 1, + "findings": [ + { + "rule_id": "AVE_ToolOutputExfil", + "ave_id": "AVE-2026-00026", + "title": "AVE_ToolOutputExfil", + "description": "YARA rule matched", + "severity": "CRITICAL", + "aivss_score": 9.1, + "aivss": { + "cvss_base": 0.0, + "aarf": { + "autonomy": 0.5, + "tool_use": 0.5, + "multi_agent": 0.0, + "non_determinism": 0.5, + "self_modification": 0.0, + "dynamic_identity": 0.0, + "persistent_memory": 0.0, + "natural_language_input": 1.0, + "data_access": 0.5, + "external_dependencies": 0.0 + }, + "aars": 0.0, + "thm": 0.75, + "mitigation_factor": 1.0, + "aivss_score": 9.1, + "aivss_severity": "CRITICAL", + "spec_version": "0.8" + }, + "line": null, + "match": "encode", + "engine": "yara", + "owasp": [], + "owasp_mcp": [ + "MCP01", + "MCP08" + ], + "piranha_url": "https://api.piranha.bawbel.io/records/AVE-2026-00026" + }, + { + "rule_id": "bawbel-env-exfiltration", + "ave_id": "AVE-2026-00003", + "title": "Credential exfiltration pattern detected", + "description": "Component instructs agent to read and transmit environment variables, API keys, or other credentials to an external destination.", + "severity": "HIGH", + "aivss_score": 6.8, + "aivss": { + "cvss_base": 0.0, + "aarf": { + "autonomy": 0.5, + "tool_use": 0.5, + "multi_agent": 0.0, + "non_determinism": 0.5, + "self_modification": 0.0, + "dynamic_identity": 0.0, + "persistent_memory": 0.0, + "natural_language_input": 1.0, + "data_access": 0.5, + "external_dependencies": 0.0 + }, + "aars": 0.0, + "thm": 0.75, + "mitigation_factor": 1.0, + "aivss_score": 6.8, + "aivss_severity": "HIGH", + "spec_version": "0.8" + }, + "line": 120, + "match": "uploading media, running searches, managing API key", + "engine": "pattern", + "owasp": [ + "ASI01", + "ASI06" + ], + "owasp_mcp": [ + "MCP01", + "MCP05" + ], + "piranha_url": "https://api.piranha.bawbel.io/records/AVE-2026-00003" + } + ], + "toxic_flows": [ + { + "flow_id": "credential-exfiltration", + "title": "Credential Exfiltration Chain", + "ave_ids": [ + "AVE-2026-00003", + "AVE-2026-00026" + ], + "capabilities": [ + "credential-read", + "data-exfil" + ], + "severity": "CRITICAL", + "aivss_score": 9.8, + "description": "Component reads credentials or secrets AND transmits data externally. Complete credential theft attack chain - reads API keys, .env files, or tokens, then encodes and exfiltrates them to an attacker-controlled endpoint.", + "owasp_mcp": [ + "MCP01", + "MCP05" + ], + "remediation": "1. Remove all credential-read patterns - agent should never instruct the model to read .env, API keys, or tokens. 2. Remove all external transmission instructions. 3. If both cannot be removed, isolate them into separate components with no shared execution context." + } + ], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:23:02.039638+00:00" + }, + { + "rank": 309, + "qualified_name": "sidearmdrm/sidearm", + "display_name": "Sidearm", + "tools_count": 19, + "risk_score": 9.8, + "findings_count": 2, + "toxic_flows_count": 1, + "findings": [ + { + "rule_id": "AVE_ToolOutputExfil", + "ave_id": "AVE-2026-00026", + "title": "AVE_ToolOutputExfil", + "description": "YARA rule matched", + "severity": "CRITICAL", + "aivss_score": 9.1, + "aivss": { + "cvss_base": 0.0, + "aarf": { + "autonomy": 0.5, + "tool_use": 0.5, + "multi_agent": 0.0, + "non_determinism": 0.5, + "self_modification": 0.0, + "dynamic_identity": 0.0, + "persistent_memory": 0.0, + "natural_language_input": 1.0, + "data_access": 0.5, + "external_dependencies": 0.0 + }, + "aars": 0.0, + "thm": 0.75, + "mitigation_factor": 1.0, + "aivss_score": 9.1, + "aivss_severity": "CRITICAL", + "spec_version": "0.8" + }, + "line": null, + "match": "encode", + "engine": "yara", + "owasp": [], + "owasp_mcp": [ + "MCP01", + "MCP08" + ], + "piranha_url": "https://api.piranha.bawbel.io/records/AVE-2026-00026" + }, + { + "rule_id": "bawbel-env-exfiltration", + "ave_id": "AVE-2026-00003", + "title": "Credential exfiltration pattern detected", + "description": "Component instructs agent to read and transmit environment variables, API keys, or other credentials to an external destination.", + "severity": "HIGH", + "aivss_score": 6.8, + "aivss": { + "cvss_base": 0.0, + "aarf": { + "autonomy": 0.5, + "tool_use": 0.5, + "multi_agent": 0.0, + "non_determinism": 0.5, + "self_modification": 0.0, + "dynamic_identity": 0.0, + "persistent_memory": 0.0, + "natural_language_input": 1.0, + "data_access": 0.5, + "external_dependencies": 0.0 + }, + "aars": 0.0, + "thm": 0.75, + "mitigation_factor": 1.0, + "aivss_score": 6.8, + "aivss_severity": "HIGH", + "spec_version": "0.8" + }, + "line": 120, + "match": "uploading media, running searches, managing API key", + "engine": "pattern", + "owasp": [ + "ASI01", + "ASI06" + ], + "owasp_mcp": [ + "MCP01", + "MCP05" + ], + "piranha_url": "https://api.piranha.bawbel.io/records/AVE-2026-00003" + } + ], + "toxic_flows": [ + { + "flow_id": "credential-exfiltration", + "title": "Credential Exfiltration Chain", + "ave_ids": [ + "AVE-2026-00003", + "AVE-2026-00026" + ], + "capabilities": [ + "credential-read", + "data-exfil" + ], + "severity": "CRITICAL", + "aivss_score": 9.8, + "description": "Component reads credentials or secrets AND transmits data externally. Complete credential theft attack chain - reads API keys, .env files, or tokens, then encodes and exfiltrates them to an attacker-controlled endpoint.", + "owasp_mcp": [ + "MCP01", + "MCP05" + ], + "remediation": "1. Remove all credential-read patterns - agent should never instruct the model to read .env, API keys, or tokens. 2. Remove all external transmission instructions. 3. If both cannot be removed, isolate them into separate components with no shared execution context." + } + ], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:23:47.978844+00:00" + }, + { + "rank": 309, + "qualified_name": "sidearmdrm/sidearm", + "display_name": "Sidearm", + "tools_count": 19, + "risk_score": 9.8, + "findings_count": 2, + "toxic_flows_count": 1, + "findings": [ + { + "rule_id": "AVE_ToolOutputExfil", + "ave_id": "AVE-2026-00026", + "title": "AVE_ToolOutputExfil", + "description": "YARA rule matched", + "severity": "CRITICAL", + "aivss_score": 9.1, + "aivss": { + "cvss_base": 0.0, + "aarf": { + "autonomy": 0.5, + "tool_use": 0.5, + "multi_agent": 0.0, + "non_determinism": 0.5, + "self_modification": 0.0, + "dynamic_identity": 0.0, + "persistent_memory": 0.0, + "natural_language_input": 1.0, + "data_access": 0.5, + "external_dependencies": 0.0 + }, + "aars": 0.0, + "thm": 0.75, + "mitigation_factor": 1.0, + "aivss_score": 9.1, + "aivss_severity": "CRITICAL", + "spec_version": "0.8" + }, + "line": null, + "match": "encode", + "engine": "yara", + "owasp": [], + "owasp_mcp": [ + "MCP01", + "MCP08" + ], + "piranha_url": "https://api.piranha.bawbel.io/records/AVE-2026-00026" + }, + { + "rule_id": "bawbel-env-exfiltration", + "ave_id": "AVE-2026-00003", + "title": "Credential exfiltration pattern detected", + "description": "Component instructs agent to read and transmit environment variables, API keys, or other credentials to an external destination.", + "severity": "HIGH", + "aivss_score": 6.8, + "aivss": { + "cvss_base": 0.0, + "aarf": { + "autonomy": 0.5, + "tool_use": 0.5, + "multi_agent": 0.0, + "non_determinism": 0.5, + "self_modification": 0.0, + "dynamic_identity": 0.0, + "persistent_memory": 0.0, + "natural_language_input": 1.0, + "data_access": 0.5, + "external_dependencies": 0.0 + }, + "aars": 0.0, + "thm": 0.75, + "mitigation_factor": 1.0, + "aivss_score": 6.8, + "aivss_severity": "HIGH", + "spec_version": "0.8" + }, + "line": 120, + "match": "uploading media, running searches, managing API key", + "engine": "pattern", + "owasp": [ + "ASI01", + "ASI06" + ], + "owasp_mcp": [ + "MCP01", + "MCP05" + ], + "piranha_url": "https://api.piranha.bawbel.io/records/AVE-2026-00003" + } + ], + "toxic_flows": [ + { + "flow_id": "credential-exfiltration", + "title": "Credential Exfiltration Chain", + "ave_ids": [ + "AVE-2026-00003", + "AVE-2026-00026" + ], + "capabilities": [ + "credential-read", + "data-exfil" + ], + "severity": "CRITICAL", + "aivss_score": 9.8, + "description": "Component reads credentials or secrets AND transmits data externally. Complete credential theft attack chain - reads API keys, .env files, or tokens, then encodes and exfiltrates them to an attacker-controlled endpoint.", + "owasp_mcp": [ + "MCP01", + "MCP05" + ], + "remediation": "1. Remove all credential-read patterns - agent should never instruct the model to read .env, API keys, or tokens. 2. Remove all external transmission instructions. 3. If both cannot be removed, isolate them into separate components with no shared execution context." + } + ], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:24:40.038689+00:00" + }, + { + "rank": 310, + "qualified_name": "janmacher02-xl8y/czech-vat-mcp", + "display_name": "czech-vat-mcp", + "tools_count": 4, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:23:02.603277+00:00" + }, + { + "rank": 310, + "qualified_name": "janmacher02-xl8y/czech-vat-mcp", + "display_name": "czech-vat-mcp", + "tools_count": 4, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:23:48.707232+00:00" + }, + { + "rank": 310, + "qualified_name": "janmacher02-xl8y/czech-vat-mcp", + "display_name": "czech-vat-mcp", + "tools_count": 4, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:24:42.447032+00:00" + }, + { + "rank": 311, + "qualified_name": "sgroy10/speclock", + "display_name": "SpecLock - AI Constraint Engine", + "tools_count": 44, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:23:06.053082+00:00" + }, + { + "rank": 311, + "qualified_name": "sgroy10/speclock", + "display_name": "SpecLock - AI Constraint Engine", + "tools_count": 44, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:23:53.093521+00:00" + }, + { + "rank": 311, + "qualified_name": "sgroy10/speclock", + "display_name": "SpecLock - AI Constraint Engine", + "tools_count": 44, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:24:42.538321+00:00" + }, + { + "rank": 312, + "qualified_name": "actiongate/actiongate", + "display_name": "ActionGate", + "tools_count": 3, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:23:09.030627+00:00" + }, + { + "rank": 312, + "qualified_name": "actiongate/actiongate", + "display_name": "ActionGate", + "tools_count": 3, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:23:53.724902+00:00" + }, + { + "rank": 312, + "qualified_name": "actiongate/actiongate", + "display_name": "ActionGate", + "tools_count": 3, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:24:44.559197+00:00" + }, + { + "rank": 313, + "qualified_name": "janwilmake/x-search-mcp", + "display_name": "Tweet Search", + "tools_count": 1, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:23:06.793398+00:00" + }, + { + "rank": 313, + "qualified_name": "janwilmake/x-search-mcp", + "display_name": "Tweet Search", + "tools_count": 1, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:23:53.771810+00:00" + }, + { + "rank": 313, + "qualified_name": "janwilmake/x-search-mcp", + "display_name": "Tweet Search", + "tools_count": 1, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:24:44.955522+00:00" + }, + { + "rank": 314, + "qualified_name": "arjunkmrm/devin", + "display_name": "GitHub Wiki Explorer", + "tools_count": 3, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:23:07.940276+00:00" + }, + { + "rank": 314, + "qualified_name": "arjunkmrm/devin", + "display_name": "GitHub Wiki Explorer", + "tools_count": 3, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:23:53.867089+00:00" + }, + { + "rank": 314, + "qualified_name": "arjunkmrm/devin", + "display_name": "GitHub Wiki Explorer", + "tools_count": 3, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:24:47.384153+00:00" + }, + { + "rank": 315, + "qualified_name": "nicholasemccormick/meetsync-mcp", + "display_name": "meetsync-mcp", + "tools_count": 19, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:23:11.715551+00:00" + }, + { + "rank": 315, + "qualified_name": "nicholasemccormick/meetsync-mcp", + "display_name": "meetsync-mcp", + "tools_count": 19, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:23:58.613170+00:00" + }, + { + "rank": 315, + "qualified_name": "nicholasemccormick/meetsync-mcp", + "display_name": "meetsync-mcp", + "tools_count": 19, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:24:47.581104+00:00" + }, + { + "rank": 316, + "qualified_name": "ateam-ai/ateam", + "display_name": "ADAS", + "tools_count": 12, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:23:11.928225+00:00" + }, + { + "rank": 316, + "qualified_name": "ateam-ai/ateam", + "display_name": "ADAS", + "tools_count": 12, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:23:59.102730+00:00" + }, + { + "rank": 316, + "qualified_name": "ateam-ai/ateam", + "display_name": "ADAS", + "tools_count": 12, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:24:49.120010+00:00" + }, + { + "rank": 317, + "qualified_name": "jbb1988/wheretohit", + "display_name": "wheretohit", + "tools_count": 6, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:23:59.137238+00:00" + }, + { + "rank": 317, + "qualified_name": "jbb1988/wheretohit", + "display_name": "wheretohit", + "tools_count": 6, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:24:49.585612+00:00" + }, + { + "rank": 351, + "qualified_name": "cuthongthai/vimo-financial-intelligence", + "display_name": "vimo-financial-intelligence", + "tools_count": 10, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:23:59.698266+00:00" + }, + { + "rank": 351, + "qualified_name": "cuthongthai/vimo-financial-intelligence", + "display_name": "vimo-financial-intelligence", + "tools_count": 10, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:24:52.351933+00:00" + }, + { + "rank": 351, + "qualified_name": "cuthongthai/vimo-financial-intelligence", + "display_name": "vimo-financial-intelligence", + "tools_count": 10, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:25:33.934784+00:00" + }, + { + "rank": 352, + "qualified_name": "ragalgo/ragalgo-mcp-server-v1", + "display_name": "ragalgo-mcp-server-v1", + "tools_count": 11, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:24:03.141179+00:00" + }, + { + "rank": 352, + "qualified_name": "ragalgo/ragalgo-mcp-server-v1", + "display_name": "ragalgo-mcp-server-v1", + "tools_count": 11, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:24:52.446911+00:00" + }, + { + "rank": 352, + "qualified_name": "ragalgo/ragalgo-mcp-server-v1", + "display_name": "ragalgo-mcp-server-v1", + "tools_count": 11, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:25:35.215212+00:00" + }, + { + "rank": 353, + "qualified_name": "apteka-health/apteka-cis", + "display_name": "apteka-cis", + "tools_count": 4, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:24:03.767719+00:00" + }, + { + "rank": 353, + "qualified_name": "apteka-health/apteka-cis", + "display_name": "apteka-cis", + "tools_count": 4, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:24:54.282484+00:00" + }, + { + "rank": 353, + "qualified_name": "apteka-health/apteka-cis", + "display_name": "apteka-cis", + "tools_count": 4, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:25:36.585912+00:00" + }, + { + "rank": 354, + "qualified_name": "arjunkmrm/grep", + "display_name": "GitHub Code Search", + "tools_count": 1, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:24:03.732355+00:00" + }, + { + "rank": 354, + "qualified_name": "arjunkmrm/grep", + "display_name": "GitHub Code Search", + "tools_count": 1, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:24:54.533213+00:00" + }, + { + "rank": 354, + "qualified_name": "arjunkmrm/grep", + "display_name": "GitHub Code Search", + "tools_count": 1, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:25:37.878615+00:00" + }, + { + "rank": 355, + "qualified_name": "nefesh-ai/human-state", + "display_name": "human-state", + "tools_count": 6, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:24:04.290845+00:00" + }, + { + "rank": 355, + "qualified_name": "nefesh-ai/human-state", + "display_name": "human-state", + "tools_count": 6, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:24:57.132273+00:00" + }, + { + "rank": 355, + "qualified_name": "nefesh-ai/human-state", + "display_name": "human-state", + "tools_count": 6, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:25:39.324502+00:00" + }, + { + "rank": 356, + "qualified_name": "nicholasemccormick/docpulse-mcp", + "display_name": "docpulse-mcp", + "tools_count": 4, + "risk_score": 6.5, + "findings_count": 1, + "toxic_flows_count": 0, + "findings": [ + { + "rule_id": "bawbel-pii-exfiltration", + "ave_id": "AVE-2026-00013", + "title": "PII exfiltration pattern detected", + "description": "Component instructs agent to collect and transmit personally identifiable information (PII) to an external destination.", + "severity": "HIGH", + "aivss_score": 6.5, + "aivss": { + "cvss_base": 0.0, + "aarf": { + "autonomy": 0.5, + "tool_use": 0.5, + "multi_agent": 0.0, + "non_determinism": 0.5, + "self_modification": 0.0, + "dynamic_identity": 0.0, + "persistent_memory": 0.0, + "natural_language_input": 1.0, + "data_access": 0.5, + "external_dependencies": 0.0 + }, + "aars": 0.0, + "thm": 0.75, + "mitigation_factor": 1.0, + "aivss_score": 6.5, + "aivss_severity": "HIGH", + "spec_version": "0.8" + }, + "line": 24, + "match": "Extract specific named fields from a document using Claude AI. Returns a JSON ob", + "engine": "pattern", + "owasp": [ + "ASI06" + ], + "owasp_mcp": [ + "MCP01", + "MCP05" + ], + "piranha_url": "https://api.piranha.bawbel.io/records/AVE-2026-00013" + } + ], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:24:07.720603+00:00" + }, + { + "rank": 356, + "qualified_name": "nicholasemccormick/docpulse-mcp", + "display_name": "docpulse-mcp", + "tools_count": 4, + "risk_score": 6.5, + "findings_count": 1, + "toxic_flows_count": 0, + "findings": [ + { + "rule_id": "bawbel-pii-exfiltration", + "ave_id": "AVE-2026-00013", + "title": "PII exfiltration pattern detected", + "description": "Component instructs agent to collect and transmit personally identifiable information (PII) to an external destination.", + "severity": "HIGH", + "aivss_score": 6.5, + "aivss": { + "cvss_base": 0.0, + "aarf": { + "autonomy": 0.5, + "tool_use": 0.5, + "multi_agent": 0.0, + "non_determinism": 0.5, + "self_modification": 0.0, + "dynamic_identity": 0.0, + "persistent_memory": 0.0, + "natural_language_input": 1.0, + "data_access": 0.5, + "external_dependencies": 0.0 + }, + "aars": 0.0, + "thm": 0.75, + "mitigation_factor": 1.0, + "aivss_score": 6.5, + "aivss_severity": "HIGH", + "spec_version": "0.8" + }, + "line": 24, + "match": "Extract specific named fields from a document using Claude AI. Returns a JSON ob", + "engine": "pattern", + "owasp": [ + "ASI06" + ], + "owasp_mcp": [ + "MCP01", + "MCP05" + ], + "piranha_url": "https://api.piranha.bawbel.io/records/AVE-2026-00013" + } + ], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:24:57.236646+00:00" + }, + { + "rank": 356, + "qualified_name": "nicholasemccormick/docpulse-mcp", + "display_name": "docpulse-mcp", + "tools_count": 4, + "risk_score": 6.5, + "findings_count": 1, + "toxic_flows_count": 0, + "findings": [ + { + "rule_id": "bawbel-pii-exfiltration", + "ave_id": "AVE-2026-00013", + "title": "PII exfiltration pattern detected", + "description": "Component instructs agent to collect and transmit personally identifiable information (PII) to an external destination.", + "severity": "HIGH", + "aivss_score": 6.5, + "aivss": { + "cvss_base": 0.0, + "aarf": { + "autonomy": 0.5, + "tool_use": 0.5, + "multi_agent": 0.0, + "non_determinism": 0.5, + "self_modification": 0.0, + "dynamic_identity": 0.0, + "persistent_memory": 0.0, + "natural_language_input": 1.0, + "data_access": 0.5, + "external_dependencies": 0.0 + }, + "aars": 0.0, + "thm": 0.75, + "mitigation_factor": 1.0, + "aivss_score": 6.5, + "aivss_severity": "HIGH", + "spec_version": "0.8" + }, + "line": 24, + "match": "Extract specific named fields from a document using Claude AI. Returns a JSON ob", + "engine": "pattern", + "owasp": [ + "ASI06" + ], + "owasp_mcp": [ + "MCP01", + "MCP05" + ], + "piranha_url": "https://api.piranha.bawbel.io/records/AVE-2026-00013" + } + ], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:25:40.294150+00:00" + }, + { + "rank": 357, + "qualified_name": "zobr-script/zobr-script", + "display_name": "ZS - Zobr Script", + "tools_count": 3, + "risk_score": 8.2, + "findings_count": 1, + "toxic_flows_count": 0, + "findings": [ + { + "rule_id": "AVE_DynamicToolCall", + "ave_id": "AVE-2026-00011", + "title": "Skill embeds explicit tool invocations with attacker-controlled parameters", + "description": "Skill embeds explicit tool invocations with attacker-controlled parameters", + "severity": "HIGH", + "aivss_score": 8.2, + "aivss": { + "cvss_base": 0.0, + "aarf": { + "autonomy": 0.5, + "tool_use": 0.5, + "multi_agent": 0.0, + "non_determinism": 0.5, + "self_modification": 0.0, + "dynamic_identity": 0.0, + "persistent_memory": 0.0, + "natural_language_input": 1.0, + "data_access": 0.5, + "external_dependencies": 0.0 + }, + "aars": 0.0, + "thm": 0.75, + "mitigation_factor": 1.0, + "aivss_score": 8.2, + "aivss_severity": "HIGH", + "spec_version": "0.8" + }, + "line": null, + "match": "call this tool with", + "engine": "yara", + "owasp": [ + "ASI07" + ], + "owasp_mcp": [ + "MCP03", + "MCP05" + ], + "piranha_url": "https://api.piranha.bawbel.io/records/AVE-2026-00011" + } + ], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:24:08.280342+00:00" + }, + { + "rank": 357, + "qualified_name": "zobr-script/zobr-script", + "display_name": "ZS - Zobr Script", + "tools_count": 3, + "risk_score": 8.2, + "findings_count": 1, + "toxic_flows_count": 0, + "findings": [ + { + "rule_id": "AVE_DynamicToolCall", + "ave_id": "AVE-2026-00011", + "title": "Skill embeds explicit tool invocations with attacker-controlled parameters", + "description": "Skill embeds explicit tool invocations with attacker-controlled parameters", + "severity": "HIGH", + "aivss_score": 8.2, + "aivss": { + "cvss_base": 0.0, + "aarf": { + "autonomy": 0.5, + "tool_use": 0.5, + "multi_agent": 0.0, + "non_determinism": 0.5, + "self_modification": 0.0, + "dynamic_identity": 0.0, + "persistent_memory": 0.0, + "natural_language_input": 1.0, + "data_access": 0.5, + "external_dependencies": 0.0 + }, + "aars": 0.0, + "thm": 0.75, + "mitigation_factor": 1.0, + "aivss_score": 8.2, + "aivss_severity": "HIGH", + "spec_version": "0.8" + }, + "line": null, + "match": "call this tool with", + "engine": "yara", + "owasp": [ + "ASI07" + ], + "owasp_mcp": [ + "MCP03", + "MCP05" + ], + "piranha_url": "https://api.piranha.bawbel.io/records/AVE-2026-00011" + } + ], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:24:58.981064+00:00" + }, + { + "rank": 357, + "qualified_name": "zobr-script/zobr-script", + "display_name": "ZS - Zobr Script", + "tools_count": 3, + "risk_score": 8.2, + "findings_count": 1, + "toxic_flows_count": 0, + "findings": [ + { + "rule_id": "AVE_DynamicToolCall", + "ave_id": "AVE-2026-00011", + "title": "Skill embeds explicit tool invocations with attacker-controlled parameters", + "description": "Skill embeds explicit tool invocations with attacker-controlled parameters", + "severity": "HIGH", + "aivss_score": 8.2, + "aivss": { + "cvss_base": 0.0, + "aarf": { + "autonomy": 0.5, + "tool_use": 0.5, + "multi_agent": 0.0, + "non_determinism": 0.5, + "self_modification": 0.0, + "dynamic_identity": 0.0, + "persistent_memory": 0.0, + "natural_language_input": 1.0, + "data_access": 0.5, + "external_dependencies": 0.0 + }, + "aars": 0.0, + "thm": 0.75, + "mitigation_factor": 1.0, + "aivss_score": 8.2, + "aivss_severity": "HIGH", + "spec_version": "0.8" + }, + "line": null, + "match": "call this tool with", + "engine": "yara", + "owasp": [ + "ASI07" + ], + "owasp_mcp": [ + "MCP03", + "MCP05" + ], + "piranha_url": "https://api.piranha.bawbel.io/records/AVE-2026-00011" + } + ], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:25:42.741784+00:00" + }, + { + "rank": 358, + "qualified_name": "atomadictech-ud4n/aaaa-nexus", + "display_name": "aaaa-nexus", + "tools_count": 9, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:24:08.836377+00:00" + }, + { + "rank": 358, + "qualified_name": "atomadictech-ud4n/aaaa-nexus", + "display_name": "aaaa-nexus", + "tools_count": 9, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:24:59.165515+00:00" + }, + { + "rank": 358, + "qualified_name": "atomadictech-ud4n/aaaa-nexus", + "display_name": "aaaa-nexus", + "tools_count": 9, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:25:43.033282+00:00" + }, + { + "rank": 359, + "qualified_name": "santiago.blanco.vilchez/aaa", + "display_name": "Tenant Builder", + "tools_count": 4, + "risk_score": 6.8, + "findings_count": 1, + "toxic_flows_count": 0, + "findings": [ + { + "rule_id": "bawbel-content-type-mismatch", + "ave_id": "AVE-2026-00024", + "title": "Supply chain: content type mismatch (.md file contains yaml)", + "description": "File 'smithery_scan_nwewmmhe.md' has extension '.md' but Magika identifies its content as 'yaml' (confidence 89%). Expected one of: ['markdown', 'text', 'txt'].", + "severity": "HIGH", + "aivss_score": 6.8, + "aivss": { + "cvss_base": 0.0, + "aarf": { + "autonomy": 0.5, + "tool_use": 0.5, + "multi_agent": 0.0, + "non_determinism": 0.5, + "self_modification": 0.0, + "dynamic_identity": 0.0, + "persistent_memory": 0.0, + "natural_language_input": 1.0, + "data_access": 0.5, + "external_dependencies": 0.0 + }, + "aars": 0.0, + "thm": 0.75, + "mitigation_factor": 1.0, + "aivss_score": 6.8, + "aivss_severity": "HIGH", + "spec_version": "0.8" + }, + "line": null, + "match": ".md -> yaml", + "engine": "magika", + "owasp": [ + "ASI07" + ], + "owasp_mcp": [ + "MCP04" + ], + "piranha_url": "https://api.piranha.bawbel.io/records/AVE-2026-00024" + } + ], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:25:01.678090+00:00" + }, + { + "rank": 359, + "qualified_name": "santiago.blanco.vilchez/aaa", + "display_name": "Tenant Builder", + "tools_count": 4, + "risk_score": 6.8, + "findings_count": 1, + "toxic_flows_count": 0, + "findings": [ + { + "rule_id": "bawbel-content-type-mismatch", + "ave_id": "AVE-2026-00024", + "title": "Supply chain: content type mismatch (.md file contains yaml)", + "description": "File 'smithery_scan_i2y9dkcv.md' has extension '.md' but Magika identifies its content as 'yaml' (confidence 89%). Expected one of: ['markdown', 'text', 'txt'].", + "severity": "HIGH", + "aivss_score": 6.8, + "aivss": { + "cvss_base": 0.0, + "aarf": { + "autonomy": 0.5, + "tool_use": 0.5, + "multi_agent": 0.0, + "non_determinism": 0.5, + "self_modification": 0.0, + "dynamic_identity": 0.0, + "persistent_memory": 0.0, + "natural_language_input": 1.0, + "data_access": 0.5, + "external_dependencies": 0.0 + }, + "aars": 0.0, + "thm": 0.75, + "mitigation_factor": 1.0, + "aivss_score": 6.8, + "aivss_severity": "HIGH", + "spec_version": "0.8" + }, + "line": null, + "match": ".md -> yaml", + "engine": "magika", + "owasp": [ + "ASI07" + ], + "owasp_mcp": [ + "MCP04" + ], + "piranha_url": "https://api.piranha.bawbel.io/records/AVE-2026-00024" + } + ], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:25:44.553756+00:00" + }, + { + "rank": 360, + "qualified_name": "ThierryThevenet/talao", + "display_name": "Data Wallet Verification", + "tools_count": 4, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:25:01.902785+00:00" + }, + { + "rank": 360, + "qualified_name": "ThierryThevenet/talao", + "display_name": "Data Wallet Verification", + "tools_count": 4, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:25:45.632826+00:00" + }, + { + "rank": 361, + "qualified_name": "sincetoday/podcast-commerce-mcp", + "display_name": "Podcast Commerce Intelligence", + "tools_count": 5, + "risk_score": 6.5, + "findings_count": 1, + "toxic_flows_count": 0, + "findings": [ + { + "rule_id": "bawbel-pii-exfiltration", + "ave_id": "AVE-2026-00013", + "title": "PII exfiltration pattern detected", + "description": "Component instructs agent to collect and transmit personally identifiable information (PII) to an external destination.", + "severity": "HIGH", + "aivss_score": 6.5, + "aivss": { + "cvss_base": 0.0, + "aarf": { + "autonomy": 0.5, + "tool_use": 0.5, + "multi_agent": 0.0, + "non_determinism": 0.5, + "self_modification": 0.0, + "dynamic_identity": 0.0, + "persistent_memory": 0.0, + "natural_language_input": 1.0, + "data_access": 0.5, + "external_dependencies": 0.0 + }, + "aars": 0.0, + "thm": 0.75, + "mitigation_factor": 1.0, + "aivss_score": 6.5, + "aivss_severity": "HIGH", + "spec_version": "0.8" + }, + "line": 3, + "match": "Extract product mentions, sponsors, and trends from podcast transcripts. Returns", + "engine": "pattern", + "owasp": [ + "ASI06" + ], + "owasp_mcp": [ + "MCP01", + "MCP05" + ], + "piranha_url": "https://api.piranha.bawbel.io/records/AVE-2026-00013" + } + ], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:25:03.953959+00:00" + }, + { + "rank": 361, + "qualified_name": "sincetoday/podcast-commerce-mcp", + "display_name": "Podcast Commerce Intelligence", + "tools_count": 5, + "risk_score": 6.5, + "findings_count": 1, + "toxic_flows_count": 0, + "findings": [ + { + "rule_id": "bawbel-pii-exfiltration", + "ave_id": "AVE-2026-00013", + "title": "PII exfiltration pattern detected", + "description": "Component instructs agent to collect and transmit personally identifiable information (PII) to an external destination.", + "severity": "HIGH", + "aivss_score": 6.5, + "aivss": { + "cvss_base": 0.0, + "aarf": { + "autonomy": 0.5, + "tool_use": 0.5, + "multi_agent": 0.0, + "non_determinism": 0.5, + "self_modification": 0.0, + "dynamic_identity": 0.0, + "persistent_memory": 0.0, + "natural_language_input": 1.0, + "data_access": 0.5, + "external_dependencies": 0.0 + }, + "aars": 0.0, + "thm": 0.75, + "mitigation_factor": 1.0, + "aivss_score": 6.5, + "aivss_severity": "HIGH", + "spec_version": "0.8" + }, + "line": 3, + "match": "Extract product mentions, sponsors, and trends from podcast transcripts. Returns", + "engine": "pattern", + "owasp": [ + "ASI06" + ], + "owasp_mcp": [ + "MCP01", + "MCP05" + ], + "piranha_url": "https://api.piranha.bawbel.io/records/AVE-2026-00013" + } + ], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:25:47.908588+00:00" + }, + { + "rank": 362, + "qualified_name": "pranaviate/statscan-mcp", + "display_name": "Statistics Canada", + "tools_count": 15, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:25:04.329417+00:00" + }, + { + "rank": 362, + "qualified_name": "pranaviate/statscan-mcp", + "display_name": "Statistics Canada", + "tools_count": 15, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:25:48.093612+00:00" + }, + { + "rank": 401, + "qualified_name": "vdineshk/sg-cpf-calculator-mcp", + "display_name": "sg-cpf-calculator-mcp", + "tools_count": 4, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:25:06.787318+00:00" + }, + { + "rank": 401, + "qualified_name": "vdineshk/sg-cpf-calculator-mcp", + "display_name": "sg-cpf-calculator-mcp", + "tools_count": 4, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:25:49.238641+00:00" + }, + { + "rank": 401, + "qualified_name": "vdineshk/sg-cpf-calculator-mcp", + "display_name": "sg-cpf-calculator-mcp", + "tools_count": 4, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:26:38.495593+00:00" + }, + { + "rank": 402, + "qualified_name": "vdineshk/sg-gst-calculator-mcp", + "display_name": "sg-gst-calculator-mcp", + "tools_count": 4, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:25:06.972227+00:00" + }, + { + "rank": 402, + "qualified_name": "vdineshk/sg-gst-calculator-mcp", + "display_name": "sg-gst-calculator-mcp", + "tools_count": 4, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:25:50.272139+00:00" + }, + { + "rank": 402, + "qualified_name": "vdineshk/sg-gst-calculator-mcp", + "display_name": "sg-gst-calculator-mcp", + "tools_count": 4, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:26:40.638940+00:00" + }, + { + "rank": 403, + "qualified_name": "sentinelsignal/verify", + "display_name": "Verify", + "tools_count": 4, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:25:09.036551+00:00" + }, + { + "rank": 403, + "qualified_name": "sentinelsignal/verify", + "display_name": "Verify", + "tools_count": 4, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:25:53.571871+00:00" + }, + { + "rank": 403, + "qualified_name": "sentinelsignal/verify", + "display_name": "Verify", + "tools_count": 4, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:26:42.455097+00:00" + }, + { + "rank": 404, + "qualified_name": "AgentWings/exa-mcp-server", + "display_name": "exa-mcp", + "tools_count": 2, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:25:09.289936+00:00" + }, + { + "rank": 404, + "qualified_name": "AgentWings/exa-mcp-server", + "display_name": "exa-mcp", + "tools_count": 2, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:25:53.122872+00:00" + }, + { + "rank": 404, + "qualified_name": "AgentWings/exa-mcp-server", + "display_name": "exa-mcp", + "tools_count": 2, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:26:42.217435+00:00" + }, + { + "rank": 451, + "qualified_name": "ing-christopherleon/preciomx", + "display_name": "PrecioMX - Price Tracker Mexico", + "tools_count": 6, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:25:54.280452+00:00" + }, + { + "rank": 451, + "qualified_name": "ing-christopherleon/preciomx", + "display_name": "PrecioMX - Price Tracker Mexico", + "tools_count": 6, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:26:43.914133+00:00" + }, + { + "rank": 451, + "qualified_name": "ing-christopherleon/preciomx", + "display_name": "PrecioMX - Price Tracker Mexico", + "tools_count": 6, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:27:40.663278+00:00" + }, + { + "rank": 452, + "qualified_name": "vdineshk/sg-regulatory-data-mcp", + "display_name": "sg-regulatory-data-mcp", + "tools_count": 7, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:25:55.017270+00:00" + }, + { + "rank": 452, + "qualified_name": "vdineshk/sg-regulatory-data-mcp", + "display_name": "sg-regulatory-data-mcp", + "tools_count": 7, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:26:46.334843+00:00" + }, + { + "rank": 452, + "qualified_name": "vdineshk/sg-regulatory-data-mcp", + "display_name": "sg-regulatory-data-mcp", + "tools_count": 7, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:27:41.829543+00:00" + }, + { + "rank": 453, + "qualified_name": "santiago.blanco.vilchez/cpa-esteban", + "display_name": "Tenant Launchpad", + "tools_count": 4, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:25:59.351210+00:00" + }, + { + "rank": 453, + "qualified_name": "santiago.blanco.vilchez/cpa-esteban", + "display_name": "Tenant Launchpad", + "tools_count": 4, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:26:47.521006+00:00" + }, + { + "rank": 453, + "qualified_name": "santiago.blanco.vilchez/cpa-esteban", + "display_name": "Tenant Launchpad", + "tools_count": 4, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:27:42.274082+00:00" + }, + { + "rank": 454, + "qualified_name": "santiago.blanco.vilchez/asd", + "display_name": "Tenant Template Manager", + "tools_count": 4, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:25:58.717640+00:00" + }, + { + "rank": 454, + "qualified_name": "santiago.blanco.vilchez/asd", + "display_name": "Tenant Template Manager", + "tools_count": 4, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:26:48.051967+00:00" + }, + { + "rank": 454, + "qualified_name": "santiago.blanco.vilchez/asd", + "display_name": "Tenant Template Manager", + "tools_count": 4, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:27:43.713501+00:00" + }, + { + "rank": 455, + "qualified_name": "santiago.blanco.vilchez/santiago-cpa", + "display_name": "Tenant Builder", + "tools_count": 4, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:25:59.214448+00:00" + }, + { + "rank": 455, + "qualified_name": "santiago.blanco.vilchez/santiago-cpa", + "display_name": "Tenant Builder", + "tools_count": 4, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:26:49.711485+00:00" + }, + { + "rank": 455, + "qualified_name": "santiago.blanco.vilchez/santiago-cpa", + "display_name": "Tenant Builder", + "tools_count": 4, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:27:45.053266+00:00" + }, + { + "rank": 456, + "qualified_name": "vdineshk/sg-finance-data-mcp", + "display_name": "sg-finance-data-mcp", + "tools_count": 4, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:25:59.821887+00:00" + }, + { + "rank": 456, + "qualified_name": "vdineshk/sg-finance-data-mcp", + "display_name": "sg-finance-data-mcp", + "tools_count": 4, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:26:51.212453+00:00" + }, + { + "rank": 456, + "qualified_name": "vdineshk/sg-finance-data-mcp", + "display_name": "sg-finance-data-mcp", + "tools_count": 4, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:27:46.251624+00:00" + }, + { + "rank": 457, + "qualified_name": "nicholasemccormick/loopin-mcp", + "display_name": "loopin-mcp", + "tools_count": 6, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:26:04.093810+00:00" + }, + { + "rank": 457, + "qualified_name": "nicholasemccormick/loopin-mcp", + "display_name": "loopin-mcp", + "tools_count": 6, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:26:52.395624+00:00" + }, + { + "rank": 457, + "qualified_name": "nicholasemccormick/loopin-mcp", + "display_name": "loopin-mcp", + "tools_count": 6, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:27:46.741353+00:00" + }, + { + "rank": 458, + "qualified_name": "waleed-2002/prompt-enhancer", + "display_name": "Prompt Refiner", + "tools_count": 1, + "risk_score": 4.5, + "findings_count": 1, + "toxic_flows_count": 0, + "findings": [ + { + "rule_id": "bawbel-autonomous-action", + "ave_id": "AVE-2026-00021", + "title": "Autonomous action without user confirmation", + "description": "Component instructs agent to take irreversible or high-impact actions without requesting user confirmation.", + "severity": "HIGH", + "aivss_score": 4.5, + "aivss": { + "cvss_base": 0.0, + "aarf": { + "autonomy": 0.5, + "tool_use": 0.5, + "multi_agent": 0.0, + "non_determinism": 0.5, + "self_modification": 0.0, + "dynamic_identity": 0.0, + "persistent_memory": 0.0, + "natural_language_input": 1.0, + "data_access": 0.5, + "external_dependencies": 0.0 + }, + "aars": 0.0, + "thm": 0.75, + "mitigation_factor": 1.0, + "aivss_score": 4.5, + "aivss_severity": "HIGH", + "spec_version": "0.8" + }, + "line": 8, + "match": "execute immediately", + "engine": "pattern", + "owasp": [ + "ASI07" + ], + "owasp_mcp": [ + "MCP02", + "MCP08" + ], + "piranha_url": "https://api.piranha.bawbel.io/records/AVE-2026-00021" + } + ], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:26:04.941895+00:00" + }, + { + "rank": 458, + "qualified_name": "waleed-2002/prompt-enhancer", + "display_name": "Prompt Refiner", + "tools_count": 1, + "risk_score": 4.5, + "findings_count": 1, + "toxic_flows_count": 0, + "findings": [ + { + "rule_id": "bawbel-autonomous-action", + "ave_id": "AVE-2026-00021", + "title": "Autonomous action without user confirmation", + "description": "Component instructs agent to take irreversible or high-impact actions without requesting user confirmation.", + "severity": "HIGH", + "aivss_score": 4.5, + "aivss": { + "cvss_base": 0.0, + "aarf": { + "autonomy": 0.5, + "tool_use": 0.5, + "multi_agent": 0.0, + "non_determinism": 0.5, + "self_modification": 0.0, + "dynamic_identity": 0.0, + "persistent_memory": 0.0, + "natural_language_input": 1.0, + "data_access": 0.5, + "external_dependencies": 0.0 + }, + "aars": 0.0, + "thm": 0.75, + "mitigation_factor": 1.0, + "aivss_score": 4.5, + "aivss_severity": "HIGH", + "spec_version": "0.8" + }, + "line": 8, + "match": "execute immediately", + "engine": "pattern", + "owasp": [ + "ASI07" + ], + "owasp_mcp": [ + "MCP02", + "MCP08" + ], + "piranha_url": "https://api.piranha.bawbel.io/records/AVE-2026-00021" + } + ], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:26:53.023589+00:00" + }, + { + "rank": 458, + "qualified_name": "waleed-2002/prompt-enhancer", + "display_name": "Prompt Refiner", + "tools_count": 1, + "risk_score": 4.5, + "findings_count": 1, + "toxic_flows_count": 0, + "findings": [ + { + "rule_id": "bawbel-autonomous-action", + "ave_id": "AVE-2026-00021", + "title": "Autonomous action without user confirmation", + "description": "Component instructs agent to take irreversible or high-impact actions without requesting user confirmation.", + "severity": "HIGH", + "aivss_score": 4.5, + "aivss": { + "cvss_base": 0.0, + "aarf": { + "autonomy": 0.5, + "tool_use": 0.5, + "multi_agent": 0.0, + "non_determinism": 0.5, + "self_modification": 0.0, + "dynamic_identity": 0.0, + "persistent_memory": 0.0, + "natural_language_input": 1.0, + "data_access": 0.5, + "external_dependencies": 0.0 + }, + "aars": 0.0, + "thm": 0.75, + "mitigation_factor": 1.0, + "aivss_score": 4.5, + "aivss_severity": "HIGH", + "spec_version": "0.8" + }, + "line": 8, + "match": "execute immediately", + "engine": "pattern", + "owasp": [ + "ASI07" + ], + "owasp_mcp": [ + "MCP02", + "MCP08" + ], + "piranha_url": "https://api.piranha.bawbel.io/records/AVE-2026-00021" + } + ], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:27:48.714172+00:00" + }, + { + "rank": 459, + "qualified_name": "vdineshk/sg-weather-data-mcp", + "display_name": "sg-weather-data-mcp", + "tools_count": 4, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:26:04.746973+00:00" + }, + { + "rank": 459, + "qualified_name": "vdineshk/sg-weather-data-mcp", + "display_name": "sg-weather-data-mcp", + "tools_count": 4, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:26:54.904942+00:00" + }, + { + "rank": 459, + "qualified_name": "vdineshk/sg-weather-data-mcp", + "display_name": "sg-weather-data-mcp", + "tools_count": 4, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:27:49.483277+00:00" + }, + { + "rank": 460, + "qualified_name": "wcsdproducer/employee-zero", + "display_name": "Employee Zeroemployee-zero", + "tools_count": 4, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:26:05.110766+00:00" + }, + { + "rank": 460, + "qualified_name": "wcsdproducer/employee-zero", + "display_name": "Employee Zeroemployee-zero", + "tools_count": 4, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:26:56.365032+00:00" + }, + { + "rank": 460, + "qualified_name": "wcsdproducer/employee-zero", + "display_name": "Employee Zeroemployee-zero", + "tools_count": 4, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:27:50.993603+00:00" + }, + { + "rank": 461, + "qualified_name": "maxsambento/morfex", + "display_name": "morfex", + "tools_count": 4, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:26:09.210747+00:00" + }, + { + "rank": 461, + "qualified_name": "maxsambento/morfex", + "display_name": "morfex", + "tools_count": 4, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:26:57.499985+00:00" + }, + { + "rank": 461, + "qualified_name": "maxsambento/morfex", + "display_name": "morfex", + "tools_count": 4, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:27:51.320076+00:00" + }, + { + "rank": 462, + "qualified_name": "securityscan-api/securityscan", + "display_name": "SecurityScan", + "tools_count": 4, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:26:10.023130+00:00" + }, + { + "rank": 462, + "qualified_name": "securityscan-api/securityscan", + "display_name": "SecurityScan", + "tools_count": 4, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:26:57.791627+00:00" + }, + { + "rank": 462, + "qualified_name": "securityscan-api/securityscan", + "display_name": "SecurityScan", + "tools_count": 4, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:27:53.133418+00:00" + }, + { + "rank": 463, + "qualified_name": "refund-decide/notary", + "display_name": "Subscription Refunds", + "tools_count": 1, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:26:10.285752+00:00" + }, + { + "rank": 463, + "qualified_name": "refund-decide/notary", + "display_name": "Subscription Refunds", + "tools_count": 1, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:26:59.889357+00:00" + }, + { + "rank": 463, + "qualified_name": "refund-decide/notary", + "display_name": "Subscription Refunds", + "tools_count": 1, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:27:53.949271+00:00" + }, + { + "rank": 464, + "qualified_name": "santiago.blanco.vilchez/aaav", + "display_name": "CPA Tenant Onboarding", + "tools_count": 4, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:26:10.435325+00:00" + }, + { + "rank": 464, + "qualified_name": "santiago.blanco.vilchez/aaav", + "display_name": "CPA Tenant Onboarding", + "tools_count": 4, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:27:01.235076+00:00" + }, + { + "rank": 464, + "qualified_name": "santiago.blanco.vilchez/aaav", + "display_name": "CPA Tenant Onboarding", + "tools_count": 4, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:27:55.558175+00:00" + }, + { + "rank": 465, + "qualified_name": "vdineshk/sg-workpass-compass-mcp", + "display_name": "sg-workpass-compass-mcp", + "tools_count": 4, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:26:14.022285+00:00" + }, + { + "rank": 465, + "qualified_name": "vdineshk/sg-workpass-compass-mcp", + "display_name": "sg-workpass-compass-mcp", + "tools_count": 4, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:27:02.352061+00:00" + }, + { + "rank": 465, + "qualified_name": "vdineshk/sg-workpass-compass-mcp", + "display_name": "sg-workpass-compass-mcp", + "tools_count": 4, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:27:55.990283+00:00" + }, + { + "rank": 466, + "qualified_name": "AITutor3/icn-mcp", + "display_name": "Incheon Airport Live", + "tools_count": 5, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:27:02.693362+00:00" + }, + { + "rank": 466, + "qualified_name": "AITutor3/icn-mcp", + "display_name": "Incheon Airport Live", + "tools_count": 5, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:27:57.605711+00:00" + }, + { + "rank": 467, + "qualified_name": "delx/delx-mcp", + "display_name": "Delx MCP Server", + "tools_count": 94, + "risk_score": 9.8, + "findings_count": 2, + "toxic_flows_count": 1, + "findings": [ + { + "rule_id": "bawbel-pii-exfiltration", + "ave_id": "AVE-2026-00013", + "title": "PII exfiltration pattern detected", + "description": "Component instructs agent to collect and transmit personally identifiable information (PII) to an external destination.", + "severity": "HIGH", + "aivss_score": 6.5, + "aivss": { + "cvss_base": 0.0, + "aarf": { + "autonomy": 0.5, + "tool_use": 0.5, + "multi_agent": 0.0, + "non_determinism": 0.5, + "self_modification": 0.0, + "dynamic_identity": 0.0, + "persistent_memory": 0.0, + "natural_language_input": 1.0, + "data_access": 0.5, + "external_dependencies": 0.0 + }, + "aars": 0.0, + "thm": 0.75, + "mitigation_factor": 1.0, + "aivss_score": 6.5, + "aivss_severity": "HIGH", + "spec_version": "0.8" + }, + "line": 549, + "match": "Extract emails, phone", + "engine": "pattern", + "owasp": [ + "ASI06" + ], + "owasp_mcp": [ + "MCP01", + "MCP05" + ], + "piranha_url": "https://api.piranha.bawbel.io/records/AVE-2026-00013" + }, + { + "rule_id": "AVE_A2AInjection", + "ave_id": "AVE-2026-00020", + "title": "AVE_A2AInjection", + "description": "YARA rule matched", + "severity": "HIGH", + "aivss_score": 8.7, + "aivss": { + "cvss_base": 0.0, + "aarf": { + "autonomy": 0.5, + "tool_use": 0.5, + "multi_agent": 0.0, + "non_determinism": 0.5, + "self_modification": 0.0, + "dynamic_identity": 0.0, + "persistent_memory": 0.0, + "natural_language_input": 1.0, + "data_access": 0.5, + "external_dependencies": 0.0 + }, + "aars": 0.0, + "thm": 0.75, + "mitigation_factor": 1.0, + "aivss_score": 8.7, + "aivss_severity": "HIGH", + "spec_version": "0.8" + }, + "line": null, + "match": "downstream agent", + "engine": "yara", + "owasp": [ + "ASI01", + "ASI08" + ], + "owasp_mcp": [ + "MCP10", + "MCP06" + ], + "piranha_url": "https://api.piranha.bawbel.io/records/AVE-2026-00020" + } + ], + "toxic_flows": [ + { + "flow_id": "credential-exfiltration", + "title": "Credential Exfiltration Chain", + "ave_ids": [ + "AVE-2026-00013" + ], + "capabilities": [ + "credential-read", + "data-exfil" + ], + "severity": "CRITICAL", + "aivss_score": 9.8, + "description": "Component reads credentials or secrets AND transmits data externally. Complete credential theft attack chain - reads API keys, .env files, or tokens, then encodes and exfiltrates them to an attacker-controlled endpoint.", + "owasp_mcp": [ + "MCP01", + "MCP05" + ], + "remediation": "1. Remove all credential-read patterns - agent should never instruct the model to read .env, API keys, or tokens. 2. Remove all external transmission instructions. 3. If both cannot be removed, isolate them into separate components with no shared execution context." + } + ], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:27:05.796054+00:00" + }, + { + "rank": 467, + "qualified_name": "delx/delx-mcp", + "display_name": "Delx MCP Server", + "tools_count": 94, + "risk_score": 9.8, + "findings_count": 2, + "toxic_flows_count": 1, + "findings": [ + { + "rule_id": "bawbel-pii-exfiltration", + "ave_id": "AVE-2026-00013", + "title": "PII exfiltration pattern detected", + "description": "Component instructs agent to collect and transmit personally identifiable information (PII) to an external destination.", + "severity": "HIGH", + "aivss_score": 6.5, + "aivss": { + "cvss_base": 0.0, + "aarf": { + "autonomy": 0.5, + "tool_use": 0.5, + "multi_agent": 0.0, + "non_determinism": 0.5, + "self_modification": 0.0, + "dynamic_identity": 0.0, + "persistent_memory": 0.0, + "natural_language_input": 1.0, + "data_access": 0.5, + "external_dependencies": 0.0 + }, + "aars": 0.0, + "thm": 0.75, + "mitigation_factor": 1.0, + "aivss_score": 6.5, + "aivss_severity": "HIGH", + "spec_version": "0.8" + }, + "line": 549, + "match": "Extract emails, phone", + "engine": "pattern", + "owasp": [ + "ASI06" + ], + "owasp_mcp": [ + "MCP01", + "MCP05" + ], + "piranha_url": "https://api.piranha.bawbel.io/records/AVE-2026-00013" + }, + { + "rule_id": "AVE_A2AInjection", + "ave_id": "AVE-2026-00020", + "title": "AVE_A2AInjection", + "description": "YARA rule matched", + "severity": "HIGH", + "aivss_score": 8.7, + "aivss": { + "cvss_base": 0.0, + "aarf": { + "autonomy": 0.5, + "tool_use": 0.5, + "multi_agent": 0.0, + "non_determinism": 0.5, + "self_modification": 0.0, + "dynamic_identity": 0.0, + "persistent_memory": 0.0, + "natural_language_input": 1.0, + "data_access": 0.5, + "external_dependencies": 0.0 + }, + "aars": 0.0, + "thm": 0.75, + "mitigation_factor": 1.0, + "aivss_score": 8.7, + "aivss_severity": "HIGH", + "spec_version": "0.8" + }, + "line": null, + "match": "downstream agent", + "engine": "yara", + "owasp": [ + "ASI01", + "ASI08" + ], + "owasp_mcp": [ + "MCP10", + "MCP06" + ], + "piranha_url": "https://api.piranha.bawbel.io/records/AVE-2026-00020" + } + ], + "toxic_flows": [ + { + "flow_id": "credential-exfiltration", + "title": "Credential Exfiltration Chain", + "ave_ids": [ + "AVE-2026-00013" + ], + "capabilities": [ + "credential-read", + "data-exfil" + ], + "severity": "CRITICAL", + "aivss_score": 9.8, + "description": "Component reads credentials or secrets AND transmits data externally. Complete credential theft attack chain - reads API keys, .env files, or tokens, then encodes and exfiltrates them to an attacker-controlled endpoint.", + "owasp_mcp": [ + "MCP01", + "MCP05" + ], + "remediation": "1. Remove all credential-read patterns - agent should never instruct the model to read .env, API keys, or tokens. 2. Remove all external transmission instructions. 3. If both cannot be removed, isolate them into separate components with no shared execution context." + } + ], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:27:58.850748+00:00" + }, + { + "rank": 468, + "qualified_name": "acedatacloud-mcp/mcp-sora", + "display_name": "mcp-sora", + "tools_count": 10, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:27:06.204317+00:00" + }, + { + "rank": 468, + "qualified_name": "acedatacloud-mcp/mcp-sora", + "display_name": "mcp-sora", + "tools_count": 10, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:27:59.957250+00:00" + }, + { + "rank": 469, + "qualified_name": "aigen/defi-data", + "display_name": "AIGEN DeFi Data — Yields, Gas, Prices Across 6 Chains", + "tools_count": 37, + "risk_score": 4.0, + "findings_count": 1, + "toxic_flows_count": 0, + "findings": [ + { + "rule_id": "bawbel-network-recon", + "ave_id": "AVE-2026-00032", + "title": "Network reconnaissance instruction", + "description": "Component instructs the agent to probe internal network topology, scan ports, or enumerate services beyond declared scope.", + "severity": "HIGH", + "aivss_score": 4.0, + "aivss": { + "cvss_base": 0.0, + "aarf": { + "autonomy": 0.5, + "tool_use": 0.5, + "multi_agent": 0.0, + "non_determinism": 0.5, + "self_modification": 0.0, + "dynamic_identity": 0.0, + "persistent_memory": 0.0, + "natural_language_input": 1.0, + "data_access": 0.5, + "external_dependencies": 0.0 + }, + "aars": 0.0, + "thm": 0.75, + "mitigation_factor": 1.0, + "aivss_score": 4.0, + "aivss_severity": "HIGH", + "spec_version": "0.8" + }, + "line": 259, + "match": "Discover service", + "engine": "pattern", + "owasp": [ + "ASI05", + "ASI06" + ], + "owasp_mcp": [ + "MCP05", + "MCP02" + ], + "piranha_url": "https://api.piranha.bawbel.io/records/AVE-2026-00032" + } + ], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:27:08.121228+00:00" + }, + { + "rank": 469, + "qualified_name": "aigen/defi-data", + "display_name": "AIGEN DeFi Data — Yields, Gas, Prices Across 6 Chains", + "tools_count": 37, + "risk_score": 4.0, + "findings_count": 1, + "toxic_flows_count": 0, + "findings": [ + { + "rule_id": "bawbel-network-recon", + "ave_id": "AVE-2026-00032", + "title": "Network reconnaissance instruction", + "description": "Component instructs the agent to probe internal network topology, scan ports, or enumerate services beyond declared scope.", + "severity": "HIGH", + "aivss_score": 4.0, + "aivss": { + "cvss_base": 0.0, + "aarf": { + "autonomy": 0.5, + "tool_use": 0.5, + "multi_agent": 0.0, + "non_determinism": 0.5, + "self_modification": 0.0, + "dynamic_identity": 0.0, + "persistent_memory": 0.0, + "natural_language_input": 1.0, + "data_access": 0.5, + "external_dependencies": 0.0 + }, + "aars": 0.0, + "thm": 0.75, + "mitigation_factor": 1.0, + "aivss_score": 4.0, + "aivss_severity": "HIGH", + "spec_version": "0.8" + }, + "line": 259, + "match": "Discover service", + "engine": "pattern", + "owasp": [ + "ASI05", + "ASI06" + ], + "owasp_mcp": [ + "MCP05", + "MCP02" + ], + "piranha_url": "https://api.piranha.bawbel.io/records/AVE-2026-00032" + } + ], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:28:01.707645+00:00" + }, + { + "rank": 470, + "qualified_name": "intake-triage/steadyfetch", + "display_name": "SteadyFetch", + "tools_count": 5, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:27:07.866394+00:00" + }, + { + "rank": 470, + "qualified_name": "intake-triage/steadyfetch", + "display_name": "SteadyFetch", + "tools_count": 5, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:28:02.007004+00:00" + }, + { + "rank": 471, + "qualified_name": "santiago.blanco.vilchez/la-final", + "display_name": "Tenant Onboarding & Templates", + "tools_count": 4, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:27:12.111430+00:00" + }, + { + "rank": 471, + "qualified_name": "santiago.blanco.vilchez/la-final", + "display_name": "Tenant Onboarding & Templates", + "tools_count": 4, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:28:03.175859+00:00" + }, + { + "rank": 472, + "qualified_name": "lenderwiki/lending-data", + "display_name": "LenderWiki", + "tools_count": 4, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:27:11.492284+00:00" + }, + { + "rank": 472, + "qualified_name": "lenderwiki/lending-data", + "display_name": "LenderWiki", + "tools_count": 4, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:28:05.098441+00:00" + }, + { + "rank": 473, + "qualified_name": "safeagent/token-safety", + "display_name": "SafeAgent Token Safety — 38 MCP Tools for DeFi Security", + "tools_count": 34, + "risk_score": 4.0, + "findings_count": 1, + "toxic_flows_count": 0, + "findings": [ + { + "rule_id": "bawbel-network-recon", + "ave_id": "AVE-2026-00032", + "title": "Network reconnaissance instruction", + "description": "Component instructs the agent to probe internal network topology, scan ports, or enumerate services beyond declared scope.", + "severity": "HIGH", + "aivss_score": 4.0, + "aivss": { + "cvss_base": 0.0, + "aarf": { + "autonomy": 0.5, + "tool_use": 0.5, + "multi_agent": 0.0, + "non_determinism": 0.5, + "self_modification": 0.0, + "dynamic_identity": 0.0, + "persistent_memory": 0.0, + "natural_language_input": 1.0, + "data_access": 0.5, + "external_dependencies": 0.0 + }, + "aars": 0.0, + "thm": 0.75, + "mitigation_factor": 1.0, + "aivss_score": 4.0, + "aivss_severity": "HIGH", + "spec_version": "0.8" + }, + "line": 259, + "match": "Discover service", + "engine": "pattern", + "owasp": [ + "ASI05", + "ASI06" + ], + "owasp_mcp": [ + "MCP05", + "MCP02" + ], + "piranha_url": "https://api.piranha.bawbel.io/records/AVE-2026-00032" + } + ], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:27:13.386869+00:00" + }, + { + "rank": 473, + "qualified_name": "safeagent/token-safety", + "display_name": "SafeAgent Token Safety — 38 MCP Tools for DeFi Security", + "tools_count": 34, + "risk_score": 4.0, + "findings_count": 1, + "toxic_flows_count": 0, + "findings": [ + { + "rule_id": "bawbel-network-recon", + "ave_id": "AVE-2026-00032", + "title": "Network reconnaissance instruction", + "description": "Component instructs the agent to probe internal network topology, scan ports, or enumerate services beyond declared scope.", + "severity": "HIGH", + "aivss_score": 4.0, + "aivss": { + "cvss_base": 0.0, + "aarf": { + "autonomy": 0.5, + "tool_use": 0.5, + "multi_agent": 0.0, + "non_determinism": 0.5, + "self_modification": 0.0, + "dynamic_identity": 0.0, + "persistent_memory": 0.0, + "natural_language_input": 1.0, + "data_access": 0.5, + "external_dependencies": 0.0 + }, + "aars": 0.0, + "thm": 0.75, + "mitigation_factor": 1.0, + "aivss_score": 4.0, + "aivss_severity": "HIGH", + "spec_version": "0.8" + }, + "line": 259, + "match": "Discover service", + "engine": "pattern", + "owasp": [ + "ASI05", + "ASI06" + ], + "owasp_mcp": [ + "MCP05", + "MCP02" + ], + "piranha_url": "https://api.piranha.bawbel.io/records/AVE-2026-00032" + } + ], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:28:06.766609+00:00" + }, + { + "rank": 474, + "qualified_name": "kongyo2/zod", + "display_name": "Inkeep Zod v4", + "tools_count": 2, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:27:13.209962+00:00" + }, + { + "rank": 474, + "qualified_name": "kongyo2/zod", + "display_name": "Inkeep Zod v4", + "tools_count": 2, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:28:06.518644+00:00" + }, + { + "rank": 475, + "qualified_name": "exploreaisb/aivsf", + "display_name": "aivsf", + "tools_count": 1, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:27:16.553419+00:00" + }, + { + "rank": 475, + "qualified_name": "exploreaisb/aivsf", + "display_name": "aivsf", + "tools_count": 1, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:28:07.721276+00:00" + }, + { + "rank": 476, + "qualified_name": "luis.ticas1/vsfclub4", + "display_name": "vsfclub4", + "tools_count": 1, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:28:10.453062+00:00" + }, + { + "rank": 477, + "qualified_name": "janmacher02-xl8y/czech-legal-mcp", + "display_name": "czech-legal-mcp", + "tools_count": 8, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:28:11.115502+00:00" + }, + { + "rank": 478, + "qualified_name": "XJTLUmedia/x23", + "display_name": "AI Answer Copier", + "tools_count": 34, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:28:11.857992+00:00" + }, + { + "rank": 479, + "qualified_name": "janmacher02-xl8y/sec-edgar-mcp", + "display_name": "sec-edgar-mcp", + "tools_count": 6, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:28:12.244275+00:00" + }, + { + "rank": 480, + "qualified_name": "flrngel/mcp-painter", + "display_name": "Drawing Tool for AI Assistants", + "tools_count": 4, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:21:11.744657+00:00" + }, + { + "rank": 480, + "qualified_name": "flrngel/mcp-painter", + "display_name": "Drawing Tool for AI Assistants", + "tools_count": 4, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:22:10.078570+00:00" + }, + { + "rank": 480, + "qualified_name": "flrngel/mcp-painter", + "display_name": "Drawing Tool for AI Assistants", + "tools_count": 4, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:23:13.083091+00:00" + }, + { + "rank": 480, + "qualified_name": "flrngel/mcp-painter", + "display_name": "Drawing Tool for AI Assistants", + "tools_count": 4, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:24:08.790964+00:00" + }, + { + "rank": 480, + "qualified_name": "flrngel/mcp-painter", + "display_name": "Drawing Tool for AI Assistants", + "tools_count": 4, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:25:11.650146+00:00" + }, + { + "rank": 480, + "qualified_name": "flrngel/mcp-painter", + "display_name": "Drawing Tool for AI Assistants", + "tools_count": 4, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:26:15.113493+00:00" + }, + { + "rank": 480, + "qualified_name": "flrngel/mcp-painter", + "display_name": "Drawing Tool for AI Assistants", + "tools_count": 4, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:27:17.110819+00:00" + }, + { + "rank": 480, + "qualified_name": "flrngel/mcp-painter", + "display_name": "Drawing Tool for AI Assistants", + "tools_count": 4, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:28:15.046749+00:00" + }, + { + "rank": 481, + "qualified_name": "wangtsiao/pulse-cn-mcp", + "display_name": "Pulse CN MCP Server", + "tools_count": 18, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:22:10.671514+00:00" + }, + { + "rank": 481, + "qualified_name": "wangtsiao/pulse-cn-mcp", + "display_name": "Pulse CN MCP Server", + "tools_count": 18, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:23:14.052271+00:00" + }, + { + "rank": 481, + "qualified_name": "wangtsiao/pulse-cn-mcp", + "display_name": "Pulse CN MCP Server", + "tools_count": 18, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:24:12.276288+00:00" + }, + { + "rank": 481, + "qualified_name": "wangtsiao/pulse-cn-mcp", + "display_name": "Pulse CN MCP Server", + "tools_count": 18, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:25:11.919563+00:00" + }, + { + "rank": 481, + "qualified_name": "wangtsiao/pulse-cn-mcp", + "display_name": "Pulse CN MCP Server", + "tools_count": 18, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:26:15.483824+00:00" + }, + { + "rank": 481, + "qualified_name": "wangtsiao/pulse-cn-mcp", + "display_name": "Pulse CN MCP Server", + "tools_count": 18, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:27:18.234238+00:00" + }, + { + "rank": 481, + "qualified_name": "wangtsiao/pulse-cn-mcp", + "display_name": "Pulse CN MCP Server", + "tools_count": 18, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:28:16.111843+00:00" + }, + { + "rank": 482, + "qualified_name": "seahbk1006/seahboonkeong-chat-opendosm", + "display_name": "Seah Boon Keong - Chat with OpenDOSM Datasets", + "tools_count": 7, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:20:09.640277+00:00" + }, + { + "rank": 482, + "qualified_name": "seahbk1006/seahboonkeong-chat-opendosm", + "display_name": "Seah Boon Keong - Chat with OpenDOSM Datasets", + "tools_count": 7, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:21:13.839195+00:00" + }, + { + "rank": 482, + "qualified_name": "seahbk1006/seahboonkeong-chat-opendosm", + "display_name": "Seah Boon Keong - Chat with OpenDOSM Datasets", + "tools_count": 7, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:22:12.868138+00:00" + }, + { + "rank": 482, + "qualified_name": "seahbk1006/seahboonkeong-chat-opendosm", + "display_name": "Seah Boon Keong - Chat with OpenDOSM Datasets", + "tools_count": 7, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:23:16.630987+00:00" + }, + { + "rank": 482, + "qualified_name": "seahbk1006/seahboonkeong-chat-opendosm", + "display_name": "Seah Boon Keong - Chat with OpenDOSM Datasets", + "tools_count": 7, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:24:12.996576+00:00" + }, + { + "rank": 482, + "qualified_name": "seahbk1006/seahboonkeong-chat-opendosm", + "display_name": "Seah Boon Keong - Chat with OpenDOSM Datasets", + "tools_count": 7, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:25:14.560444+00:00" + }, + { + "rank": 482, + "qualified_name": "seahbk1006/seahboonkeong-chat-opendosm", + "display_name": "Seah Boon Keong - Chat with OpenDOSM Datasets", + "tools_count": 7, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:26:15.252610+00:00" + }, + { + "rank": 482, + "qualified_name": "seahbk1006/seahboonkeong-chat-opendosm", + "display_name": "Seah Boon Keong - Chat with OpenDOSM Datasets", + "tools_count": 7, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:27:18.607267+00:00" + }, + { + "rank": 482, + "qualified_name": "seahbk1006/seahboonkeong-chat-opendosm", + "display_name": "Seah Boon Keong - Chat with OpenDOSM Datasets", + "tools_count": 7, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:28:16.338778+00:00" + }, + { + "rank": 483, + "qualified_name": "koreafintech/korean-crypto-mcp", + "display_name": "Korean Crypto", + "tools_count": 7, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:22:15.078836+00:00" + }, + { + "rank": 483, + "qualified_name": "koreafintech/korean-crypto-mcp", + "display_name": "Korean Crypto", + "tools_count": 7, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:23:16.908528+00:00" + }, + { + "rank": 483, + "qualified_name": "koreafintech/korean-crypto-mcp", + "display_name": "Korean Crypto", + "tools_count": 7, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:24:13.647482+00:00" + }, + { + "rank": 483, + "qualified_name": "koreafintech/korean-crypto-mcp", + "display_name": "Korean Crypto", + "tools_count": 7, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:25:13.962272+00:00" + }, + { + "rank": 483, + "qualified_name": "koreafintech/korean-crypto-mcp", + "display_name": "Korean Crypto", + "tools_count": 7, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:26:18.657476+00:00" + }, + { + "rank": 483, + "qualified_name": "koreafintech/korean-crypto-mcp", + "display_name": "Korean Crypto", + "tools_count": 7, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:27:21.304620+00:00" + }, + { + "rank": 483, + "qualified_name": "koreafintech/korean-crypto-mcp", + "display_name": "Korean Crypto", + "tools_count": 7, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:28:16.818136+00:00" + }, + { + "rank": 484, + "qualified_name": "hypnoticmeditations/meditation-recommender", + "display_name": "meditation-recommender", + "tools_count": 2, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:24:13.497402+00:00" + }, + { + "rank": 484, + "qualified_name": "hypnoticmeditations/meditation-recommender", + "display_name": "meditation-recommender", + "tools_count": 2, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:25:16.366705+00:00" + }, + { + "rank": 484, + "qualified_name": "hypnoticmeditations/meditation-recommender", + "display_name": "meditation-recommender", + "tools_count": 2, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:26:20.138769+00:00" + }, + { + "rank": 484, + "qualified_name": "hypnoticmeditations/meditation-recommender", + "display_name": "meditation-recommender", + "tools_count": 2, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:27:21.831601+00:00" + }, + { + "rank": 484, + "qualified_name": "hypnoticmeditations/meditation-recommender", + "display_name": "meditation-recommender", + "tools_count": 2, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:28:19.777229+00:00" + }, + { + "rank": 485, + "qualified_name": "peek", + "display_name": "Peek", + "tools_count": 0, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:22:15.742963+00:00" + }, + { + "rank": 485, + "qualified_name": "peek", + "display_name": "Peek", + "tools_count": 0, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:23:17.839270+00:00" + }, + { + "rank": 485, + "qualified_name": "peek", + "display_name": "Peek", + "tools_count": 0, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:24:17.181556+00:00" + }, + { + "rank": 485, + "qualified_name": "peek", + "display_name": "Peek", + "tools_count": 0, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:25:17.787809+00:00" + }, + { + "rank": 485, + "qualified_name": "peek", + "display_name": "Peek", + "tools_count": 0, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:26:20.168844+00:00" + }, + { + "rank": 485, + "qualified_name": "peek", + "display_name": "Peek", + "tools_count": 0, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:27:23.094687+00:00" + }, + { + "rank": 485, + "qualified_name": "peek", + "display_name": "Peek", + "tools_count": 0, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:28:20.702730+00:00" + }, + { + "rank": 486, + "qualified_name": "antvis/mcp-server-chart", + "display_name": "Visualization Charts Server", + "tools_count": 0, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:24:17.557206+00:00" + }, + { + "rank": 486, + "qualified_name": "antvis/mcp-server-chart", + "display_name": "Visualization Charts Server", + "tools_count": 0, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:25:18.863305+00:00" + }, + { + "rank": 486, + "qualified_name": "antvis/mcp-server-chart", + "display_name": "Visualization Charts Server", + "tools_count": 0, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:26:20.493170+00:00" + }, + { + "rank": 486, + "qualified_name": "antvis/mcp-server-chart", + "display_name": "Visualization Charts Server", + "tools_count": 0, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:27:23.362748+00:00" + }, + { + "rank": 486, + "qualified_name": "antvis/mcp-server-chart", + "display_name": "Visualization Charts Server", + "tools_count": 0, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:28:21.369267+00:00" + }, + { + "rank": 487, + "qualified_name": "metavolve-labs/intelligence-aeternum", + "display_name": "iAeternum", + "tools_count": 0, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:21:14.714874+00:00" + }, + { + "rank": 487, + "qualified_name": "metavolve-labs/intelligence-aeternum", + "display_name": "iAeternum", + "tools_count": 0, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:22:16.147710+00:00" + }, + { + "rank": 487, + "qualified_name": "metavolve-labs/intelligence-aeternum", + "display_name": "iAeternum", + "tools_count": 0, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:23:18.693267+00:00" + }, + { + "rank": 487, + "qualified_name": "metavolve-labs/intelligence-aeternum", + "display_name": "iAeternum", + "tools_count": 0, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:24:18.342922+00:00" + }, + { + "rank": 487, + "qualified_name": "metavolve-labs/intelligence-aeternum", + "display_name": "iAeternum", + "tools_count": 0, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:25:19.400052+00:00" + }, + { + "rank": 487, + "qualified_name": "metavolve-labs/intelligence-aeternum", + "display_name": "iAeternum", + "tools_count": 0, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:26:23.457605+00:00" + }, + { + "rank": 487, + "qualified_name": "metavolve-labs/intelligence-aeternum", + "display_name": "iAeternum", + "tools_count": 0, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:27:25.922375+00:00" + }, + { + "rank": 487, + "qualified_name": "metavolve-labs/intelligence-aeternum", + "display_name": "iAeternum", + "tools_count": 0, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:28:21.561262+00:00" + }, + { + "rank": 488, + "qualified_name": "greetwell/travel", + "display_name": "Greetwell Experiences", + "tools_count": 0, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:21:16.058559+00:00" + }, + { + "rank": 488, + "qualified_name": "greetwell/travel", + "display_name": "Greetwell Experiences", + "tools_count": 0, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:22:18.147423+00:00" + }, + { + "rank": 488, + "qualified_name": "greetwell/travel", + "display_name": "Greetwell Experiences", + "tools_count": 0, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:23:21.986949+00:00" + }, + { + "rank": 488, + "qualified_name": "greetwell/travel", + "display_name": "Greetwell Experiences", + "tools_count": 0, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:24:18.676281+00:00" + }, + { + "rank": 488, + "qualified_name": "greetwell/travel", + "display_name": "Greetwell Experiences", + "tools_count": 0, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:25:21.366206+00:00" + }, + { + "rank": 488, + "qualified_name": "greetwell/travel", + "display_name": "Greetwell Experiences", + "tools_count": 0, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:26:25.553647+00:00" + }, + { + "rank": 488, + "qualified_name": "greetwell/travel", + "display_name": "Greetwell Experiences", + "tools_count": 0, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:27:26.297124+00:00" + }, + { + "rank": 488, + "qualified_name": "greetwell/travel", + "display_name": "Greetwell Experiences", + "tools_count": 0, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:28:24.628409+00:00" + }, + { + "rank": 489, + "qualified_name": "info-ybpr/gantta-mcp", + "display_name": "Gantta", + "tools_count": 0, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:21:16.706908+00:00" + }, + { + "rank": 489, + "qualified_name": "info-ybpr/gantta-mcp", + "display_name": "Gantta", + "tools_count": 0, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:22:19.946550+00:00" + }, + { + "rank": 489, + "qualified_name": "info-ybpr/gantta-mcp", + "display_name": "Gantta", + "tools_count": 0, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:23:22.233298+00:00" + }, + { + "rank": 489, + "qualified_name": "info-ybpr/gantta-mcp", + "display_name": "Gantta", + "tools_count": 0, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:24:21.907500+00:00" + }, + { + "rank": 489, + "qualified_name": "info-ybpr/gantta-mcp", + "display_name": "Gantta", + "tools_count": 0, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:25:23.361754+00:00" + }, + { + "rank": 489, + "qualified_name": "info-ybpr/gantta-mcp", + "display_name": "Gantta", + "tools_count": 0, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:26:25.495284+00:00" + }, + { + "rank": 489, + "qualified_name": "info-ybpr/gantta-mcp", + "display_name": "Gantta", + "tools_count": 0, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:27:27.646725+00:00" + }, + { + "rank": 489, + "qualified_name": "info-ybpr/gantta-mcp", + "display_name": "Gantta", + "tools_count": 0, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:28:25.352147+00:00" + }, + { + "rank": 490, + "qualified_name": "securelend/financial-services", + "display_name": "Financial Services", + "tools_count": 0, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:22:20.517027+00:00" + }, + { + "rank": 490, + "qualified_name": "securelend/financial-services", + "display_name": "Financial Services", + "tools_count": 0, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:23:22.629071+00:00" + }, + { + "rank": 490, + "qualified_name": "securelend/financial-services", + "display_name": "Financial Services", + "tools_count": 0, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:24:22.284505+00:00" + }, + { + "rank": 490, + "qualified_name": "securelend/financial-services", + "display_name": "Financial Services", + "tools_count": 0, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:25:24.149273+00:00" + }, + { + "rank": 490, + "qualified_name": "securelend/financial-services", + "display_name": "Financial Services", + "tools_count": 0, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:26:26.075279+00:00" + }, + { + "rank": 490, + "qualified_name": "securelend/financial-services", + "display_name": "Financial Services", + "tools_count": 0, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:27:27.929820+00:00" + }, + { + "rank": 490, + "qualified_name": "securelend/financial-services", + "display_name": "Financial Services", + "tools_count": 0, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:28:25.984684+00:00" + }, + { + "rank": 491, + "qualified_name": "saurabhsharma2u/Call-for-papers", + "display_name": "Call-for-papers", + "tools_count": 0, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:22:21.017929+00:00" + }, + { + "rank": 491, + "qualified_name": "saurabhsharma2u/Call-for-papers", + "display_name": "Call-for-papers", + "tools_count": 0, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:23:23.571433+00:00" + }, + { + "rank": 491, + "qualified_name": "saurabhsharma2u/Call-for-papers", + "display_name": "Call-for-papers", + "tools_count": 0, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:24:23.066275+00:00" + }, + { + "rank": 491, + "qualified_name": "saurabhsharma2u/Call-for-papers", + "display_name": "Call-for-papers", + "tools_count": 0, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:25:24.834937+00:00" + }, + { + "rank": 491, + "qualified_name": "saurabhsharma2u/Call-for-papers", + "display_name": "Call-for-papers", + "tools_count": 0, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:26:30.109275+00:00" + }, + { + "rank": 491, + "qualified_name": "saurabhsharma2u/Call-for-papers", + "display_name": "Call-for-papers", + "tools_count": 0, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:27:30.295914+00:00" + }, + { + "rank": 491, + "qualified_name": "saurabhsharma2u/Call-for-papers", + "display_name": "Call-for-papers", + "tools_count": 0, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:28:26.222260+00:00" + }, + { + "rank": 492, + "qualified_name": "dhanyyudi/bmkg-id", + "display_name": "BMKG MCP", + "tools_count": 0, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:23:28.497495+00:00" + }, + { + "rank": 492, + "qualified_name": "dhanyyudi/bmkg-id", + "display_name": "BMKG MCP", + "tools_count": 0, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:24:23.555992+00:00" + }, + { + "rank": 492, + "qualified_name": "dhanyyudi/bmkg-id", + "display_name": "BMKG MCP", + "tools_count": 0, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:25:26.459714+00:00" + }, + { + "rank": 492, + "qualified_name": "dhanyyudi/bmkg-id", + "display_name": "BMKG MCP", + "tools_count": 0, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:26:31.660972+00:00" + }, + { + "rank": 492, + "qualified_name": "dhanyyudi/bmkg-id", + "display_name": "BMKG MCP", + "tools_count": 0, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:27:30.746709+00:00" + }, + { + "rank": 492, + "qualified_name": "dhanyyudi/bmkg-id", + "display_name": "BMKG MCP", + "tools_count": 0, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:28:29.279411+00:00" + }, + { + "rank": 493, + "qualified_name": "symdex-100/symdex", + "display_name": "Symdex", + "tools_count": 0, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:24:26.411798+00:00" + }, + { + "rank": 493, + "qualified_name": "symdex-100/symdex", + "display_name": "Symdex", + "tools_count": 0, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:25:28.170534+00:00" + }, + { + "rank": 493, + "qualified_name": "symdex-100/symdex", + "display_name": "Symdex", + "tools_count": 0, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:26:31.479272+00:00" + }, + { + "rank": 493, + "qualified_name": "symdex-100/symdex", + "display_name": "Symdex", + "tools_count": 0, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:27:32.298271+00:00" + }, + { + "rank": 493, + "qualified_name": "symdex-100/symdex", + "display_name": "Symdex", + "tools_count": 0, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:28:30.065200+00:00" + }, + { + "rank": 494, + "qualified_name": "toreva/toreva", + "display_name": "toreva", + "tools_count": 0, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:24:26.666257+00:00" + }, + { + "rank": 494, + "qualified_name": "toreva/toreva", + "display_name": "toreva", + "tools_count": 0, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:25:29.362160+00:00" + }, + { + "rank": 494, + "qualified_name": "toreva/toreva", + "display_name": "toreva", + "tools_count": 0, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:26:31.805665+00:00" + }, + { + "rank": 494, + "qualified_name": "toreva/toreva", + "display_name": "toreva", + "tools_count": 0, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:27:32.311224+00:00" + }, + { + "rank": 494, + "qualified_name": "toreva/toreva", + "display_name": "toreva", + "tools_count": 0, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:28:30.574356+00:00" + }, + { + "rank": 495, + "qualified_name": "stockfilm/stockfilm-mcp", + "display_name": "Stockfilm. Authentic Vintage Footage", + "tools_count": 0, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:24:28.119692+00:00" + }, + { + "rank": 495, + "qualified_name": "stockfilm/stockfilm-mcp", + "display_name": "Stockfilm. Authentic Vintage Footage", + "tools_count": 0, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:25:30.031093+00:00" + }, + { + "rank": 495, + "qualified_name": "stockfilm/stockfilm-mcp", + "display_name": "Stockfilm. Authentic Vintage Footage", + "tools_count": 0, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:26:35.248684+00:00" + }, + { + "rank": 495, + "qualified_name": "stockfilm/stockfilm-mcp", + "display_name": "Stockfilm. Authentic Vintage Footage", + "tools_count": 0, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:27:34.727476+00:00" + }, + { + "rank": 495, + "qualified_name": "stockfilm/stockfilm-mcp", + "display_name": "Stockfilm. Authentic Vintage Footage", + "tools_count": 0, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:28:31.038248+00:00" + }, + { + "rank": 496, + "qualified_name": "hustcc/mcp-icon", + "display_name": "Icon", + "tools_count": 0, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:25:32.209658+00:00" + }, + { + "rank": 496, + "qualified_name": "hustcc/mcp-icon", + "display_name": "Icon", + "tools_count": 0, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:26:36.819846+00:00" + }, + { + "rank": 496, + "qualified_name": "hustcc/mcp-icon", + "display_name": "Icon", + "tools_count": 0, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:27:36.134934+00:00" + }, + { + "rank": 496, + "qualified_name": "hustcc/mcp-icon", + "display_name": "Icon", + "tools_count": 0, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:28:34.022147+00:00" + }, + { + "rank": 497, + "qualified_name": "plural-online/pinelab", + "display_name": "pinelabs-mcp", + "tools_count": 0, + "skipped": true + }, + { + "rank": 497, + "qualified_name": "plural-online/pinelab", + "display_name": "pinelabs-mcp", + "tools_count": 0, + "skipped": true + }, + { + "rank": 497, + "qualified_name": "plural-online/pinelab", + "display_name": "pinelabs-mcp", + "tools_count": 0, + "skipped": true + }, + { + "rank": 498, + "qualified_name": "kvz/transloadit-mcp-server", + "display_name": "Transloadit MCP Server", + "tools_count": 0, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:26:36.836146+00:00" + }, + { + "rank": 498, + "qualified_name": "kvz/transloadit-mcp-server", + "display_name": "Transloadit MCP Server", + "tools_count": 0, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:27:37.117587+00:00" + }, + { + "rank": 498, + "qualified_name": "kvz/transloadit-mcp-server", + "display_name": "Transloadit MCP Server", + "tools_count": 0, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:28:35.117855+00:00" + }, + { + "rank": 499, + "qualified_name": "science/mcp-atomictoolkit", + "display_name": "atomictoolkit", + "tools_count": 0, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:27:37.484790+00:00" + }, + { + "rank": 499, + "qualified_name": "science/mcp-atomictoolkit", + "display_name": "atomictoolkit", + "tools_count": 0, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:28:35.256804+00:00" + }, + { + "rank": 500, + "qualified_name": "kinescope/kinescope-mcp", + "display_name": "Kinescope MCP Server", + "tools_count": 0, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:27:39.241021+00:00" + }, + { + "rank": 500, + "qualified_name": "kinescope/kinescope-mcp", + "display_name": "Kinescope MCP Server", + "tools_count": 0, + "risk_score": 0.0, + "findings_count": 0, + "toxic_flows_count": 0, + "findings": [], + "toxic_flows": [], + "skipped": false, + "error": null, + "scanned_at": "2026-05-20T13:28:35.543619+00:00" + } + ] +} diff --git a/server.json b/server.json index 6184728..d40c977 100644 --- a/server.json +++ b/server.json @@ -3,7 +3,7 @@ "name": "io.github.bawbel/scanner", "title": "Bawbel Scanner", "description": "Security scanner for MCP servers and skill files. Detects AVE vulnerabilities before production.", - "version": "1.1.1", + "version": "1.2.2", "repository": { "url": "https://github.com/bawbel/scanner", "source": "github" @@ -13,7 +13,7 @@ "registryType": "pypi", "registryBaseUrl": "https://pypi.org", "identifier": "bawbel-scanner", - "version": "1.1.1", + "version": "1.2.2", "runtimeHint": "uvx", "transport": { "type": "stdio" @@ -38,7 +38,7 @@ "vulnerability" ], "threat_intel_api": "https://api.piranha.bawbel.io", - "ave_records": 45, + "ave_records": 48, "owasp_mcp_mapping": true } }