mcp-server-commands

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    22:         spawn_options.cwd = String(args.cwd);
    23:     }
>>> 24:     // PRN args.env
    25:     if (args?.timeout_ms) {
    26:         spawn_options.timeout = Number(args.timeout_ms);

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    40: }
    41: export function always_log(message, data) {
>>> 42:     const isJest = typeof process !== 'undefined' && !!process.env.JEST_WORKER_ID;
    43:     if (isJest) {
    44:         return;

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    41:             if (isShell) {
    42:                 const cmd = String(args?.command_line);
>>> 43:                 const shell = process.env.SHELL || (process.platform === 'win32' ? 'cmd.exe' : '/bin/sh');
    44:                 plan = `Shell mode: will execute command_line via ${shell}: ${cmd}`;
    45:             }

Decoded base64 content: �������� ��j�^�g)

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Node.js child process spawning

Detected by automated pattern matching (rule SC-005) with medium confidence. May be a false positive.

>>> 1: import { spawnSync } from 'node:child_process';
    2: // NOTES:
    3: // - blocks event loop in exchange for convenience

Node.js child process spawning

Detected by automated pattern matching (rule SC-005) with medium confidence. May be a false positive.

>>> 1: import { spawn } from 'node:child_process';
    2: import { once } from 'node:events';
    3: async function ls() {

Node.js child process spawning

Detected by automated pattern matching (rule SC-005) with medium confidence. May be a false positive.

    54: }
    55: // await sleep_abort();
>>> 56: async function shells(child_process) {
    57:     if (child_process.stdout) {
    58:         child_process.stdout.on('data', (data) => {

Node.js child process spawning

Detected by automated pattern matching (rule SC-005) with medium confidence. May be a false positive.

    55: // await sleep_abort();
    56: async function shells(child_process) {
>>> 57:     if (child_process.stdout) {
    58:         child_process.stdout.on('data', (data) => {
    59:             console.log(`stdout: ${data}`);

Node.js child process spawning

Detected by automated pattern matching (rule SC-005) with medium confidence. May be a false positive.

    56: async function shells(child_process) {
    57:     if (child_process.stdout) {
>>> 58:         child_process.stdout.on('data', (data) => {
    59:             console.log(`stdout: ${data}`);
    60:         });

Node.js child process spawning

Detected by automated pattern matching (rule SC-005) with medium confidence. May be a false positive.

    60:         });
    61:     }
>>> 62:     if (child_process.stderr) {
    63:         child_process.stderr.on('data', (data) => {
    64:             console.error(`stderr: ${data}`);

Node.js child process spawning

Detected by automated pattern matching (rule SC-005) with medium confidence. May be a false positive.

    61:     }
    62:     if (child_process.stderr) {
>>> 63:         child_process.stderr.on('data', (data) => {
    64:             console.error(`stderr: ${data}`);
    65:         });

Node.js child process spawning

Detected by automated pattern matching (rule SC-005) with medium confidence. May be a false positive.

    65:         });
    66:     }
>>> 67:     child_process.on('error', (err) => {
    68:         console.log("ERR", err);
    69:     });

Node.js child process spawning

Detected by automated pattern matching (rule SC-005) with medium confidence. May be a false positive.

    68:         console.log("ERR", err);
    69:     });
>>> 70:     const [code] = await once(child_process, 'close');
    71:     console.log(`child process exited with code ${code}`);
    72: }

Node.js child process spawning

Detected by automated pattern matching (rule SC-005) with medium confidence. May be a false positive.

    1: // TODO cleanup exec usages once spawn is ready
>>> 2: import { spawn } from "child_process";
    3: export async function spawn_wrapped(command, args, stdin, options) {
    4:     return new Promise((resolve, reject) => {

Node.js child process spawning

Detected by automated pattern matching (rule SC-005) with medium confidence. May be a false positive.

    31:         let errored = false;
    32:         child.on("error", (err) => {
>>> 33:             // ChildProcess 'error' docs: https://nodejs.org/api/child_process.html#event-error
    34:             // error running process
    35:             // IIUC not just b/c of command failed w/ non-zero exit code

Node.js child process spawning

Detected by automated pattern matching (rule SC-005) with medium confidence. May be a false positive.

    50:         });
    51:         child.on("close", (code, signal) => {
>>> 52:             // ChildProcess 'close' docs: https://nodejs.org/api/child_process.html#event-close
    53:             //   'close' is after child process ends AND stdio streams are closed
    54:             //   - after 'exit' or 'error'

Decoded base64 content: �Dũ����jm1�,j�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Node.js child process spawning

Detected by automated pattern matching (rule SC-005) with medium confidence. May be a false positive.

    16:     // * shared args
    17:     const spawn_options = {
>>> 18:         // spawn options: https://nodejs.org/api/child_process.html#child_processspawncommand-args-options
    19:         encoding: "utf8"
    20:     };

Node.js child process spawning

Detected by automated pattern matching (rule SC-005) with medium confidence. May be a false positive.

    31:     }
    32:     // PRN windowsHide on Windows, signal, killSignal
>>> 33:     // FYI spawn_options.stdio => default is perfect ['pipe', 'pipe', 'pipe'] https://nodejs.org/api/child_process.html#optionsstdio 
    34:     //   do not set inherit (this is what causes ripgrep to see STDIN socket and search it, thus hanging)
    35:     const stdin = args?.stdin ? String(args.stdin) : undefined; // TODO

Node.js child process spawning

Detected by automated pattern matching (rule SC-005) with medium confidence. May be a false positive.

    1: import { GetPromptRequestSchema, ListPromptsRequestSchema, } from "@modelcontextprotocol/sdk/types.js";
    2: import { verbose_log } from "./always_log.js";
>>> 3: import { exec } from "node:child_process";
    4: import { promisify } from "node:util";
    5: const execAsync = promisify(exec);

Decoded base64 content: .+->�&��z���Ԝ��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: .+->�&��z���Ԝ��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: �Dũ����jm1�,j�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.