@factordao/mcp-server
MCP server for Factor Protocol vault management
0
Versions
MIT
License
No
Install Scripts
Missing
Provenance
Supply chain provenance
Status for the latest visible version.
No SLSA provenance
npm registry signatures
gitHead linked
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
andrea0xahsan.ihsanturinglabsorgfactor_fivincent_deckardawkaishinasaadam32yanzero1
Keywords
mcpfactordefivaultai
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| semgrep | semgrep:shady-links-tlds | AI (semgrep): URLs reference foundry.paradigm.xyz install instructions — standard Foundry toolchain, not C2. | ai | |
| semgrep | semgrep:shady-links-raw-ip | AI (semgrep): Raw IP is 127.0.0.1 (localhost anvil fork) — not an external exfiltration endpoint. | ai | |
| semgrep | semgrep:base64-decode | AI (semgrep): Base64 decoding is for IPFS file upload from user-supplied data — legitimate use. | ai | |
| semgrep | semgrep:hex-decode | AI (semgrep): Hex decoding used for scrypt salt in keystore crypto — standard cryptographic pattern. | ai | |
| semgrep | semgrep:env-spread | AI (semgrep): process.env spread into child process env for forge init — standard subprocess pattern, not exfiltration. | ai |
Versions (showing 0 of 0)
| Version | Deps | Published |
|---|