! Security: Review · 5858/100 · grade Dscanned 41m ago
⚠ 1 compromise signal24 risk-surface · 8/20 OWASP controls flagged
Only compromise signals — malicious or tampered code (leaked secrets, backdoors, a dropped executable) — reduce the score. Dangerous-by-capability traits are risk surface, expected for some capabilities. Every finding is mapped to the OWASP control it belongs to below.
What this capability can do · high confidence (static)
Tools (5)
read_multiple_fileswrite_filelist_directorystop_searchforce_terminate
⚑ filesystem⚑ shell⚑ network⚑ secretsinstall: postinstall
egress → www.youtube.com, smithery.ai., smithery.ai, discord.gg, desktopcommander.app#faq, www.docker.com, hub.docker.com, policies.google.com +32
Findings mapped to the OWASP Top 10 for LLM Applications (2025) and the OWASP Machine Learning Security Top 10. Expand any flagged control for the exact findings — compromise reduces the score; expected/risk-surface do not.
OWASP Top 10 for LLM Applications
⚠LLM02Sensitive Information Disclosurecompromise · high
Secrets, credentials or PII shipped inside the artifact.
•Embedded credentials — found: hardcoded credential · wonderwhy-er-DesktopCommanderMCP-0ad919b/src/ui/file-preview/src/markdown/editor.ts (CWE-798)compromise
⚠LLM07System Prompt Leakagecompromise · high
Secrets, internal hosts or proprietary logic exposed in shipped prompts.
•Embedded credentials — found: hardcoded credential · wonderwhy-er-DesktopCommanderMCP-0ad919b/src/ui/file-preview/src/markdown/editor.ts (CWE-798)compromise
⚠LLM03Supply Chaincritical
Vulnerable/compromised dependencies, models or archives in the artifact.
•Dependency manifest — 46 npm dependencies declared · wonderwhy-er-DesktopCommanderMCP-0ad919b/package.jsonrisk surface
•npm install-lifecycle script — postinstall run on install — executes arbitrary code · wonderwhy-er-DesktopCommanderMCP-0ad919b/package.json (CWE-506)risk surface
•Vulnerable dependencies — 94 known vulnerabilities in: @hono/node-server@1.19.7, @modelcontextprotocol/sdk@1.25.1, ajv@8.17.1, basic-ftp@5.1.0, brace-expansion@1.1.12, brace-expansion@2.0.2, diff@4.0.2, fast-uri@3.1.0 (CWE-1395)risk surface
⚠LLM05Improper Output Handlingcritical
Code that pipes model/user output into shell, eval, SQL or paths unsafely.
•Suspicious code patterns — pipe-to-shell install · wonderwhy-er-DesktopCommanderMCP-0ad919b/README.md (CWE-494)risk surface
•Suspicious code patterns — destructive rm -rf / · wonderwhy-er-DesktopCommanderMCP-0ad919b/install.sh (CWE-78)risk surface
•Path traversal sequences — '../' present in content or name · wonderwhy-er-DesktopCommanderMCP-0ad919b/manifest.template.json (CWE-22)risk surface
•Suspicious code patterns — child_process exec · wonderwhy-er-DesktopCommanderMCP-0ad919b/scripts/build-mcpb.cjs (CWE-78)risk surface
•Suspicious code patterns — child_process exec; dynamic code execution · wonderwhy-er-DesktopCommanderMCP-0ad919b/scripts/publish-release.cjs (CWE-78)risk surface
•Suspicious code patterns — encoded PowerShell command · wonderwhy-er-DesktopCommanderMCP-0ad919b/src/ui/file-preview/src/host/external-actions.tsrisk surface
•Suspicious code patterns — dynamic code execution · wonderwhy-er-DesktopCommanderMCP-0ad919b/src/ui/file-preview/src/markdown/editor.ts (CWE-95)risk surface
•Suspicious code patterns — fork bomb; disk wipe command · wonderwhy-er-DesktopCommanderMCP-0ad919b/test/test-blocked-commands.jsrisk surface
⚠LLM06Excessive Agencyhigh
Over-broad tool/permission surface or unrestricted egress.
•External endpoints declared — 1 distinct host(s) · wonderwhy-er-DesktopCommanderMCP-0ad919b/.codespellrcrisk surface
•External endpoints declared — 2 distinct host(s) · wonderwhy-er-DesktopCommanderMCP-0ad919b/Dockerfilerisk surface
•Broad capability surface — 4 high-impact capability categories referenced — verify least-privilege · wonderwhy-er-DesktopCommanderMCP-0ad919b/FAQ.md (CWE-272)risk surface
•External endpoints declared — 5 distinct host(s) · wonderwhy-er-DesktopCommanderMCP-0ad919b/FAQ.mdrisk surface
•External endpoints declared — 3 distinct host(s) · wonderwhy-er-DesktopCommanderMCP-0ad919b/PUBLISH.mdrisk surface
•External endpoints declared — 36 distinct host(s) · wonderwhy-er-DesktopCommanderMCP-0ad919b/README.mdrisk surface
•External endpoints declared — 4 distinct host(s) · wonderwhy-er-DesktopCommanderMCP-0ad919b/install-docker.shrisk surface
•External endpoints declared — 7 distinct host(s) · wonderwhy-er-DesktopCommanderMCP-0ad919b/package-lock.jsonrisk surface
•Broad capability surface — 3 high-impact capability categories referenced — verify least-privilege · wonderwhy-er-DesktopCommanderMCP-0ad919b/package.json (CWE-272)risk surface
•Egress to a private/loopback host — 127.0.0.1 · wonderwhy-er-DesktopCommanderMCP-0ad919b/plugins/claude/skills/ai-tools-setup/references/openclaw.md (CWE-918)risk surface
⚠LLM10Unbounded Consumptionmedium
Unbounded loops/recursion causing DoS or runaway cost.
Enforced at runtime by the gateway (rate limits + spend caps + size caps); static check flags unbounded loops.
•Potentially unbounded loop — an infinite loop (while True / while(1) / for(;;)) may cause runaway consumption · wonderwhy-er-DesktopCommanderMCP-0ad919b/src/tools/filesystem.ts (CWE-835)risk surface
§LLM09MisinformationGovernance
Artifacts designed to produce false/deceptive output.
Detectable only by runtime behavioral evaluation; addressed via responsible-use attestation.
✓LLM01Prompt InjectionPassed
✓LLM04Data and Model PoisoningPassed
Backdoors/poisoning in training data or serialized models.
Behavioral poisoning needs model execution; static check covers unsafe serialization + dataset skew only.
✓LLM08Vector and Embedding WeaknessesPassed
PII or plaintext source leakage in embedding/vector exports.
Embedding inversion/poisoning is largely runtime; static check covers PII in vector exports.
OWASP Machine Learning Security Top 10
⚠ML06AI Supply Chaincritical
Compromised PyPI/npm packages, typosquats, unsafe serialized models.
•Dependency manifest — 46 npm dependencies declared · wonderwhy-er-DesktopCommanderMCP-0ad919b/package.jsonrisk surface
•npm install-lifecycle script — postinstall run on install — executes arbitrary code · wonderwhy-er-DesktopCommanderMCP-0ad919b/package.json (CWE-506)risk surface
•Vulnerable dependencies — 94 known vulnerabilities in: @hono/node-server@1.19.7, @modelcontextprotocol/sdk@1.25.1, ajv@8.17.1, basic-ftp@5.1.0, brace-expansion@1.1.12, brace-expansion@2.0.2, diff@4.0.2, fast-uri@3.1.0 (CWE-1395)risk surface
⚠ML09Output Integritycritical
Middleware tampering with model outputs in transit.
Gateway enforces TLS + response integrity; static check flags output-rewriting code.
•Suspicious code patterns — pipe-to-shell install · wonderwhy-er-DesktopCommanderMCP-0ad919b/README.md (CWE-494)risk surface
•Suspicious code patterns — destructive rm -rf / · wonderwhy-er-DesktopCommanderMCP-0ad919b/install.sh (CWE-78)risk surface
•Path traversal sequences — '../' present in content or name · wonderwhy-er-DesktopCommanderMCP-0ad919b/manifest.template.json (CWE-22)risk surface
•Suspicious code patterns — child_process exec · wonderwhy-er-DesktopCommanderMCP-0ad919b/scripts/build-mcpb.cjs (CWE-78)risk surface
•Suspicious code patterns — child_process exec; dynamic code execution · wonderwhy-er-DesktopCommanderMCP-0ad919b/scripts/publish-release.cjs (CWE-78)risk surface
•Suspicious code patterns — encoded PowerShell command · wonderwhy-er-DesktopCommanderMCP-0ad919b/src/ui/file-preview/src/host/external-actions.tsrisk surface
•Suspicious code patterns — dynamic code execution · wonderwhy-er-DesktopCommanderMCP-0ad919b/src/ui/file-preview/src/markdown/editor.ts (CWE-95)risk surface
•Suspicious code patterns — fork bomb; disk wipe command · wonderwhy-er-DesktopCommanderMCP-0ad919b/test/test-blocked-commands.jsrisk surface
§ML01Input Manipulation (Adversarial)Governance
Models vulnerable to adversarial perturbations.
Requires runtime robustness evaluation; addressed via publisher robustness attestation.
§ML03Model InversionGovernance
Training data reconstructable from a model's outputs.
Runtime/evaluation property; addressed via model-card data-provenance + DP attestation.
§ML04Membership InferenceGovernance
Determining whether a record was in the training set.
Runtime/evaluation property; addressed via overfitting disclosure + DP attestation.
§ML08Model SkewingGovernance
Models trained on skewed data producing biased output.
Requires fairness evaluation; addressed via model-card bias/limitations disclosure.
✓ML02Data PoisoningPassed
Poisoned training datasets with triggers or anomalous distributions.
Static check covers trigger phrasing, PII and label skew; full poisoning detection is runtime.
✓ML05Model TheftPassed
Unlicensed re-distribution / license-incompatible derivatives.
Static check verifies license declaration; extraction throttling is runtime.
✓ML07Transfer Learning AttackPassed
Backdoored base models / LoRA adapters propagating to derivatives.
Backdoor detection needs behavioral probing; static check covers unsafe serialization + provenance.
✓ML10Model Poisoning (Weights)Passed
Tampered model weight files; integrity must be verifiable.
Static check enforces safe formats + records a content hash for downstream verification.
Other findings (11) · hygiene / uncategorized
•Unrecognized file type — '.codespellrc' is not on the allowlist · wonderwhy-er-DesktopCommanderMCP-0ad919b/.codespellrcrisk surface
•Unrecognized file type — '.gitignore' is not on the allowlist · wonderwhy-er-DesktopCommanderMCP-0ad919b/.gitignorerisk surface
•Unrecognized file type — '.npmignore' is not on the allowlist · wonderwhy-er-DesktopCommanderMCP-0ad919b/.npmignorerisk surface
•Unrecognized file type — '.?' is not on the allowlist · wonderwhy-er-DesktopCommanderMCP-0ad919b/Dockerfilerisk surface
•Disallowed file type — '.ps1' executables are not permitted · wonderwhy-er-DesktopCommanderMCP-0ad919b/install-docker.ps1 (CWE-434)risk surface
•Suspicious network references — raw IP URL (4 URLs) · wonderwhy-er-DesktopCommanderMCP-0ad919b/plugins/claude/skills/ai-tools-setup/references/openclaw.mdrisk surface
•Unrecognized file type — '.mdc' is not on the allowlist · wonderwhy-er-DesktopCommanderMCP-0ad919b/plugins/cursor/rules/desktop-commander-default.mdcrisk surface
•Unrecognized file type — '.cjs' is not on the allowlist · wonderwhy-er-DesktopCommanderMCP-0ad919b/scripts/build-mcpb.cjsrisk surface
•Possible obfuscation — very long lines · wonderwhy-er-DesktopCommanderMCP-0ad919b/test/large_test_file.txtrisk surface
•Suspicious network references — raw IP URL (5 URLs) · wonderwhy-er-DesktopCommanderMCP-0ad919b/test/test-feature-flags-timeout.jsrisk surface
•Unrecognized file type — '.obsolete' is not on the allowlist · wonderwhy-er-DesktopCommanderMCP-0ad919b/test/test-repl-tools.js.obsoleterisk surface
✔ verified source · pinned wonderwhy-er-DesktopCommanderMCP-0ad919b · changed since last scan · +egress www.youtube.com, smithery.ai., smithery.ai, discord.gg, desktopcommander.app#faq, www.docker.com, hub.docker.com, policies.google.com, img.shields.io, agentaudit.dev, archestra.ai, www.buymeacoffee.com, glama.ai, cursor.com, cursor.directory, docs.cursor.com, docs.windsurf.com, code.visualstudio.com, docs.cline.bot, docs.roocode.com, docs.anthropic.com, docs.trae.ai, kiro.dev, developers.openai.com, www.jetbrains.com, docs.augmentcode.com, qwenlm.github.io, youtube.com, www.patreon.com, wonderwhy-er.medium.com, analyticsindiamag.com, medium.com, mseep.ai, docs.docker.com