We ran a security scan on agentic-flow@2.0.7 as part of our MCP ecosystem monitoring.
Score: 60/100
Risk: ELEVATED
Findings
- [MEDIUM] excessive dependencies: Package has 25 runtime dependencies (high attack surface)
- [HIGH] command injection: Potential command injection: shell execution with template literal input
What this checks
Install scripts, prompt injection patterns in metadata, suspicious URLs, source code patterns (command injection, unsafe eval, hardcoded secrets), dependency count, metadata completeness, and publisher provenance.
How to verify
You can scan this package yourself at https://agentscores.xyz/scan or via the API:
curl "https://agentscores.xyz/api/scan?npm=agentic-flow"
This is an automated scan. If any finding is incorrect, we'd appreciate knowing so we can improve detection accuracy.
Full written reviews with hardening recommendations: https://agentscores.xyz/security-review
Scanned by AgentScore MCP security monitoring.
We ran a security scan on
agentic-flow@2.0.7as part of our MCP ecosystem monitoring.Score: 60/100
Risk: ELEVATED
Findings
What this checks
Install scripts, prompt injection patterns in metadata, suspicious URLs, source code patterns (command injection, unsafe eval, hardcoded secrets), dependency count, metadata completeness, and publisher provenance.
How to verify
You can scan this package yourself at https://agentscores.xyz/scan or via the API:
This is an automated scan. If any finding is incorrect, we'd appreciate knowing so we can improve detection accuracy.
Full written reviews with hardening recommendations: https://agentscores.xyz/security-review
Scanned by AgentScore MCP security monitoring.