mcp-server-code-runner

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    53:     });
    54:     // Start the server
>>> 55:     const PORT = Number(port || process.env.PORT || 3088);
    56:     return new Promise((resolve, reject) => {
    57:         const appServer = app.listen(PORT, (error) => {

Node.js child process spawning

Detected by automated pattern matching (rule SC-005) with medium confidence. May be a false positive.

    5: import * as os from "os";
    6: import { languageIdToExecutorMap, languageIdToFileExtensionMap } from "./constants.js";
>>> 7: import { exec } from "child_process";
    8: export function createServer() {
    9:     const server = new McpServer({

Dynamic code execution via exec()

Detected by automated pattern matching (rule SC-003) with medium confidence. May be a false positive.

    55:     return new Promise((resolve, reject) => {
    56:         console.debug(`Executing command: ${command}`);
>>> 57:         exec(command, (error, stdout, stderr) => {
    58:             if (error) {
    59:                 reject(`Error: ${error.message}`);

Decoded base64 content: ��๨!��)^^�Ȩ�Ʃ

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��๨!��)^^�Ȩ�Ʃ

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: �֫�+ky��nW���Lr�����

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.