@superinbox/mcp-server
v0.1.10SuperInbox MCP server (stdio)
39
Total
2
Critical
37
High
0
Medium
Findings
unknownEnvironment file access
Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.
11: import FormData from 'form-data';
12: const DEFAULT_BASE_URL = 'http://127.0.0.1:3000';
>>> 13: const getApiKey = () => process.env.SUPERINBOX_API_KEY;
14: const getBaseUrl = () => process.env.SUPERINBOX_BASE_URL || DEFAULT_BASE_URL;
15: const http = axios.create({Environment file access
Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.
12: const DEFAULT_BASE_URL = 'http://127.0.0.1:3000';
13: const getApiKey = () => process.env.SUPERINBOX_API_KEY;
>>> 14: const getBaseUrl = () => process.env.SUPERINBOX_BASE_URL || DEFAULT_BASE_URL;
15: const http = axios.create({
16: baseURL: getBaseUrl(),Dynamic code execution via exec()
Detected by automated pattern matching (rule SC-003) with medium confidence. May be a false positive.
151: if (!trimmed)
152: return null;
>>> 153: const dataUriMatch = /^data:([^;]+);base64,(.+)$/s.exec(trimmed);
154: if (dataUriMatch) {
155: return {Decoded base64 content: J�b�'���ӭ�즊�
Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.
Report false positiveDecoded base64 content: j�eȺ jT��-jjl
Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.
Report false positiveDecoded base64 content: j�eȺ jT��-jjl
Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.
Report false positiveDecoded base64 content: j�eȺ jT��-jjl
Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.
Report false positiveDecoded base64 content: r�������(�$���
Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.
Report false positiveDecoded base64 content: ��Z�����(�$���
Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.
Report false positiveDecoded base64 content: u�^�����(�$���
Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.
Report false positiveDecoded base64 content: j�eȺ jT��-jjl
Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.
Report false positiveDecoded base64 content: j�eȺ jT��-jjl
Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.
Report false positiveDecoded base64 content: j�eȺ jT��-jjl
Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.
Report false positiveDecoded base64 content: j�eȺ jT��-jjl
Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.
Report false positiveDecoded base64 content: j�eȺ jT��-jjl
Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.
Report false positiveDecoded base64 content: j�eȺ jT��-jjl
Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.
Report false positiveDecoded base64 content: j�eȺ jT��-jjl
Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.
Report false positiveDecoded base64 content: j�eȺ jT��-jjl
Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.
Report false positiveDecoded base64 content: j�eȺ jT��-jjl
Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.
Report false positiveDecoded base64 content: j�eȺ jT��-jjl
Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.
Report false positiveDecoded base64 content: j�eȺ jT��-jjl
Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.
Report false positiveDecoded base64 content: j�eȺ jT��-jjl
Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.
Report false positiveDecoded base64 content: j�eȺ jT��-jjl
Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.
Report false positiveDecoded base64 content: j�eȺ jT��-jjl
Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.
Report false positiveDecoded base64 content: j�eȺ jT��-jjl
Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.
Report false positiveDecoded base64 content: j�eȺ jT��-jjl
Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.
Report false positiveDecoded base64 content: r�������(�$���
Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.
Report false positiveDecoded base64 content: j�eȺ jT��-jjl
Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.
Report false positiveDecoded base64 content: r�������(�$���
Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.
Report false positiveDecoded base64 content: j�eȺ jT��-jjl
Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.
Report false positiveDecoded base64 content: ��Z�����(�$���
Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.
Report false positiveDecoded base64 content: j�eȺ jT��-jjl
Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.
Report false positiveDecoded base64 content: ��Z�����(�$���
Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.
Report false positiveDecoded base64 content: j�eȺ jT��-jjl
Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.
Report false positiveDecoded base64 content: u�^�����(�$���
Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.
Report false positiveDecoded base64 content: j�eȺ jT��-jjl
Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.
Report false positiveDecoded base64 content: u�^�����(�$���
Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.
Report false positiveDecoded base64 content: j�eȺ jT��-jjl
Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.
Report false positiveDecoded base64 content: J�b�'���ӭ�즊�
Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.
Report false positiveScan History
| Date | Risk | Findings | Files | Duration |
|---|---|---|---|---|
| Feb 25, 2026 | critical | 39 | 7 | 0.00s |
| Feb 24, 2026 | critical | 39 | 7 | 0.00s |