MCP Observatory
npm analyzed 0.15.2

@bike4mind/cli

v0.15.2
npm

Interactive CLI tool for Bike4Mind with ReAct agents

maintainer
stormyb4m
license
UNLICENSED
first seen
2026-05-22
last seen
2026-06-16
releases · 30d
260
short id

Drift inferred · capture-to-capture

No drift recorded — single capability capture; advisories appear once its surface changes.

capabilities0 tools
transport stdio · http counts 0 tools · 0 res · 0 prompts permission surface via code analysis

no tools enumerated yet for this server.

skills & danger signalsnpm-tarball
prompt-surface shipped agent-instruction files + hidden-content / dangerous-code findings — quoted from the analyzed source

analyzed v0.15.2 · analyzer v17 · 15h ago

danger signals1

  • credential in logscredential in logpackage/dist/index.mjs:8112console.log(`Expires: ${new Date(authTokens.expiresAt).toLocaleString()}`);
code evidencev0.15.2 · npm-tarball
evidence-backed findings quoted directly from the published source artifact — not inferred

filesystem 18

  • fs package/bin/bike4mind-cli.mjs :23 import { existsSync } from 'fs';
  • fs package/dist/ConfigStore-w0o_0xs0.mjs :4 import { existsSync, promises } from "fs";
  • fs package/dist/ImageStore-BVmEG1xc.mjs :3 import { existsSync, mkdirSync, readFileSync, unlinkSync, writeFileSync } from "fs";
  • fs package/dist/SandboxRuntimeAdapter-ChGlxSGQ.mjs :2 import { accessSync, constants } from "fs";
  • fs package/dist/SeatbeltRuntime-Qqt19cAN.mjs :3 import { mkdtempSync, writeFileSync } from "fs";
  • fs package/dist/ViolationLogStore-B-plqJfn.mjs :2 import { promises } from "fs";
  • fs package/dist/commands/doctorCommand.mjs :6 import { existsSync } from "fs";
  • fs package/dist/createFile-DPv180yF-BnWFIxey.mjs :3 import { existsSync, promises } from "fs";
  • fs package/dist/deleteFile-BdjUwUQF-B3XOJmg3.mjs :3 import { existsSync, promises, statSync } from "fs";
  • fs package/dist/globFiles-DjfDGaUK-CNR8pMRC.mjs :4 import { stat } from "fs/promises";
  • fs package/dist/grepSearch-DJs-cubo-Bm0Y8oS3.mjs :4 import { existsSync } from "fs";
  • fs package/dist/index.mjs :11 import { existsSync, promises, readFileSync, statSync } from "fs";
  • fs package/dist/pathValidation-D8tjkQXE-1HwvsuYT.mjs :2 import { realpathSync } from "fs";
  • fs package/dist/ripgrepCheck-BmkyTK2i.mjs :2 import { access, constants } from "fs/promises";
  • fs package/dist/terminalSetup-BbJt04ZG.mjs :2 import { existsSync, promises } from "fs";
  • fs package/dist/tools-j5oGazTr.mjs :8 import { existsSync, promises, readFileSync, readdirSync, rmSync, statSync, unlinkSync, writeFileSync } from "fs";
  • fs package/dist/treeSitterEngine-BRbQ9b7I.mjs :2 import { readFileSync } from "fs";
  • fs package/dist/updateChecker-C8xsNY2L.mjs :3 import { constants, promises } from "fs";

shell / exec 7

  • shell package/dist/bashExecute-B1N1lMOS-TZVDbcQ4.mjs :2 import { spawn } from "child_process";
  • shell package/dist/commands/doctorCommand.mjs :5 import { execSync } from "child_process";
  • shell package/dist/commands/updateCommand.mjs :5 import { execSync, spawnSync } from "child_process";
  • shell package/dist/grepSearch-DJs-cubo-Bm0Y8oS3.mjs :3 import { execFile } from "child_process";
  • shell package/dist/index.mjs :9 import { execSync, spawn } from "child_process";
  • shell package/dist/tools-j5oGazTr.mjs :6 import { execFile, execFileSync, spawn } from "child_process";
  • shell package/dist/updateChecker-C8xsNY2L.mjs :2 import { execSync } from "child_process";

network 4

  • net package/dist/ProxyManager-CV94yZUW.mjs :3 import http from "http";
  • net package/dist/index.mjs :25 import axios, { isAxiosError } from "axios";
  • net package/dist/tools-j5oGazTr.mjs :24 import axios, { isAxiosError } from "axios";
  • net package/dist/updateChecker-C8xsNY2L.mjs :6 import axios from "axios";

secrets 1

  • secrets package/dist/index.mjs :3568 const token = process.env.JUPYTER_TOKEN;

database 1

  • db package/dist/ImageStore-BVmEG1xc.mjs :6 import Database from "better-sqlite3";

install hooks 1

  • postinstall (suspicious) package/package.json :144 node -e "try { require('better-sqlite3') } catch(e) { if(e.message.includes('bindings')) { console.log('\n⚠️ Rebuilding better-sqlite3 native bindings...'); require('child_process').execSync('pnpm re

declared dependencies 94

  • @anthropic-ai/sdk@^0.97.1
  • @aws-sdk/client-apigatewaymanagementapi@^3.1050.0
  • @aws-sdk/client-bedrock-runtime@^3.1050.0
  • @aws-sdk/client-cloudwatch@^3.1050.0
  • @aws-sdk/client-lambda@^3.1050.0
  • @aws-sdk/client-s3@^3.1050.0
  • @aws-sdk/client-sqs@^3.1050.0
  • @aws-sdk/client-transcribe@^3.1050.0
  • @aws-sdk/credential-provider-node@^3.972.43
  • @aws-sdk/s3-request-presigner@^3.1050.0
  • @casl/ability@^6.8.1
  • @google/genai@^1.46.0
  • @joplin/turndown-plugin-gfm@^1.0.67
  • @mendable/firecrawl-js@^1.29.3
  • @modelcontextprotocol/sdk@1.29.0
  • @octokit/rest@^22.0.1
  • @opensearch-project/opensearch@2.11.0
  • @smithy/node-http-handler@^4.7.3
  • async-mutex@^0.5.0
  • axios@1.16.1
  • bcryptjs@^3.0.2
  • better-sqlite3@^12.10.0
  • cheerio@1.2.0
  • chess.js@^1.0.0-beta.8
  • cli-highlight@^2.1.11
  • csv-parse@^6.2.1
  • dayjs@^1.11.20
  • diff@^9.0.0
  • dotenv@^17.4.2
  • eventsource-parser@^3.0.8
  • exceljs@^4.4.0
  • fdir@^6.5.0
  • file-type@^22.0.1
  • fuse.js@^7.3.0
  • fzf@^0.5.2
  • glob@^13.0.6
  • gray-matter@^4.0.3
  • ignore@^7.0.5
  • ink@^7.0.3
  • ink-select-input@^6.2.0
  • ink-spinner@^5.0.0
  • ink-text-input@^6.0.0
  • jsonwebtoken@^9.0.3
  • lodash@^4.18.1
  • mammoth@^1.12.0
  • marked@^15.0.11
  • mathjs@^15.2.0
  • mime-types@^3.0.2
  • mongoose@^8.8.3
  • ollama@^0.6.3
  • open@^11.0.0
  • openai@^6.38.0
  • p-limit@^7.3.0
  • picomatch@^4.0.3
  • qrcode@^1.5.4
  • react@^19.2.6
  • sharp@^0.34.5
  • speakeasy@^2.0.0
  • tiktoken@^1.0.22
  • tree-sitter-wasms@^0.1.13
  • turndown@^7.2.4
  • undici@^7.24.4
  • unpdf@^0.10.0
  • uuid@^13.0.0
  • voyageai@^0.0.4
  • web-tree-sitter@0.25.10
  • ws@^8.20.1
  • xlsx@https://cdn.sheetjs.com/xlsx-0.20.3/xlsx-0.20.3.tgz
  • yargs@^18.0.0
  • yauzl@^3.3.0
  • zod@^4.4.3
  • zod-validation-error@^5.0.0
  • zustand@^5.0.13
  • @bike4mind/fab-pipeline@0.3.2
  • @bike4mind/llm-adapters@0.4.2
  • @bike4mind/observability@0.1.0
  • @types/better-sqlite3@^7.6.13
  • @types/jsonwebtoken@^9.0.4
  • @types/node@^24.0.0
  • @types/picomatch@^4.0.3
  • @types/react@^19.2.15
  • @types/ws@^8.18.1
  • @types/yargs@^17.0.35
  • ink-testing-library@^4.0.0
  • tsdown@^0.22.0
  • tsx@^4.22.3
  • typescript@^5.9.3
  • vitest@^4.1.7
  • @bike4mind/agents@0.14.2
  • @bike4mind/common@2.109.0
  • @bike4mind/mcp@1.37.26
  • @bike4mind/services@2.94.2
  • @bike4mind/utils@2.24.2
  • @vscode/ripgrep@^1.18.0