MCP Observatory
github analyzed 2dfd3d3

Br0ski777/code-sandbox-x402

github

Execute Python, JavaScript, SQL code in a sandbox. x402 micropayment.

maintainer
Br0ski777
license
first seen
2026-06-03
last seen
2026-06-03
releases · 30d
0
short id

Drift inferred · capture-to-capture

  1. HIGH code analysis flagged dynamic code execution in Br0ski777/code-sandbox-x402
capabilities 0 tools
transport http · sse verified reported listed in the official MCP registry counts 0 tools · 0 res · 0 prompts permission surface via code analysis

no tools enumerated yet for this server.

skills & danger signals github-tarball
prompt-surface shipped agent-instruction files + hidden-content / dangerous-code findings — quoted from the analyzed source

analyzed commit 2dfd3d3 · analyzer v18 · 11h ago

danger signals1

  • dynamic code executionnew Function()Br0ski777-code-sandbox-x402-2dfd3d3/src/logic.ts:32const fn = new Function("return (async () => { const __results = []; const console = { log: (...a) => __results.push(a.map(String).join(' ')), error: (...a) => __results.push('[error] ' + a.map(String
code evidence vHEAD · github-tarball
evidence-backed findings quoted directly from the published source artifact — not inferred

network 1

  • net Br0ski777-code-sandbox-x402-2dfd3d3/src/shared.ts :381 resp = await fetch(`http://localhost:${port}${route.path}${qs ? "?" + qs : ""}`, { headers });

secrets 2

  • secrets Br0ski777-code-sandbox-x402-2dfd3d3/src/index.ts :61 process.env.CDP_API_KEY_ID!,
  • secrets Br0ski777-code-sandbox-x402-2dfd3d3/src/shared.ts :371 const xpayKey = process.env.XPAY_PROXY_KEY;

declared dependencies 11

  • @atxp/common@^0.11.8
  • @atxp/server@^0.11.8
  • @coinbase/x402@^2.1.0
  • @x402/core@^2.9.0
  • @x402/evm@^2.9.0
  • @x402/extensions@^2.9.0
  • @x402/hono@^2.9.0
  • bignumber.js@^9.1.2
  • hono@^4.7.0
  • bun-types@latest
  • typescript@^5.7.0