Security Audit: 2 findings in @hubspot/mcp-server #4
Description
AgentAudit Security Audit Report
| Metric | Value |
|---|---|
| Package | @hubspot/mcp-server |
| Version | 0.4.0 |
| Risk Score | 20/100 |
| Result | safe |
| Findings | 2 total (0 critical, 1 high, 1 medium, 0 low) |
Findings Summary
1. HIGH - Unpinned npx command in documentation (package/README.md:41)
- The README instructs users to run
npx -y @hubspot/mcp-serverwithout version pinning, creating a supply chain attack risk where a compromised future version could be executed automatically.
2. MEDIUM - BASE_URL_OVERRIDE allows API redirection (package/dist/utils/client.js:7)
- The HubSpotClient accepts a
BASE_URL_OVERRIDEenvironment variable that can redirect all API calls to an arbitrary server, potentially enabling credential theft if environment variables are compromised.
Detailed Findings
1. Unpinned npx command in documentation (HIGH)
- File:
package/README.md:41 - Pattern: MCP_SUPPLY_001
- Code:
"args": ["-y", "@hubspot/mcp-server"], - Impact: An attacker who compromises the npm package could inject malicious code that would be executed on all systems using the unpinned command.
- Remediation: Pin to a specific version in the documentation:
npx -y @hubspot/mcp-server@0.4.0or use a version range like@hubspot/mcp-server@^0.4.0. This prevents automatic execution of potentially compromised future versions.
2. BASE_URL_OVERRIDE allows API redirection (MEDIUM)
- File:
package/dist/utils/client.js:7 - Pattern: SEC_BYPASS_001
- Code:
this.baseUrl = process.env.BASE_URL_OVERRIDE || 'https://api.hubspot.com'; - Impact: While this may be intended for testing, it could be exploited if an attacker gains control of environment variables to redirect API calls (including those containing access tokens in Authorization headers) to a malicious server.
- Remediation: Either remove the BASE_URL_OVERRIDE feature in production builds, restrict it to development environments only, or validate that the override URL matches an expected domain pattern (e.g., *.hubspot.com or localhost).
Full Report
View the complete audit report with details, evidence, and remediation guidance:
AgentAudit Report
This audit was performed automatically by AgentAudit, the security registry for AI agent packages. If you believe any finding is incorrect, you can dispute it on the platform.