-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathwolfpack-intelligence.json
More file actions
150 lines (150 loc) · 5.57 KB
/
wolfpack-intelligence.json
File metadata and controls
150 lines (150 loc) · 5.57 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
{
"tool_id": "wolfpack-intelligence",
"version": "smithery",
"grade": "B",
"risk_score": 17,
"scan_date": "2026-04-19T02:19:27.564122225Z",
"scanner": "tooltrust-scanner/v0.3.8",
"source_url": "https://smithery.ai/server/wolfpack/intelligence",
"vendor": "Smithery",
"description": "On-chain security and intelligence MCP server for Base chain trading agents. 4 tools: token risk analysis (GoPlus + DexScreener + Dune), fast security check, narrative momentum scoring, and agent trust ratings. All tools return structured JSON with 0-100 scores.",
"findings": [
{
"id": "AS-010",
"severity": "High",
"title": "Insecure Secret Handling",
"description": "input parameter \"token_address\" appears to accept a secret or credential",
"recommendation": "Avoid accepting raw credentials as input parameters. Use secret managers (e.g. 1Password CLI, AWS Secrets Manager) and ensure credentials are never logged or stored in agent traces.",
"tool_name": "token_risk_analysis"
},
{
"id": "AS-014",
"severity": "Info",
"title": "DEPENDENCY_INVENTORY_UNAVAILABLE",
"description": "Tool did not expose metadata.dependencies or repo_url, so supply-chain coverage is limited.",
"recommendation": "Review and remediate the identified issue.",
"tool_name": "token_risk_analysis"
},
{
"id": "AS-010",
"severity": "High",
"title": "Insecure Secret Handling",
"description": "input parameter \"token_address\" appears to accept a secret or credential",
"recommendation": "Avoid accepting raw credentials as input parameters. Use secret managers (e.g. 1Password CLI, AWS Secrets Manager) and ensure credentials are never logged or stored in agent traces.",
"tool_name": "security_check"
},
{
"id": "AS-014",
"severity": "Info",
"title": "DEPENDENCY_INVENTORY_UNAVAILABLE",
"description": "Tool did not expose metadata.dependencies or repo_url, so supply-chain coverage is limited.",
"recommendation": "Review and remediate the identified issue.",
"tool_name": "security_check"
},
{
"id": "AS-014",
"severity": "Info",
"title": "DEPENDENCY_INVENTORY_UNAVAILABLE",
"description": "Tool did not expose metadata.dependencies or repo_url, so supply-chain coverage is limited.",
"recommendation": "Review and remediate the identified issue.",
"tool_name": "narrative_momentum"
},
{
"id": "AS-002",
"severity": "High",
"title": "Excessive Permission Surface",
"description": "tool declares network permission",
"recommendation": "Tool requests broad permissions (exec/fs/network). Validate input parameters using Enums where possible, and restrict file system operations to explicit allowed directories.",
"tool_name": "agent_trust_score"
},
{
"id": "AS-011",
"severity": "Low",
"title": "DoS Resilience — Missing Rate Limit / Timeout",
"description": "tool performs network or execution operations but declares no rate-limit, timeout, or retry configuration",
"recommendation": "Declare explicit rate-limit, timeout, and retry configuration for all network and execution tools. Implement exponential back-off and surface resource state to the calling agent.",
"tool_name": "agent_trust_score"
},
{
"id": "AS-014",
"severity": "Info",
"title": "DEPENDENCY_INVENTORY_UNAVAILABLE",
"description": "Tool did not expose metadata.dependencies or repo_url, so supply-chain coverage is limited.",
"recommendation": "Review and remediate the identified issue.",
"tool_name": "agent_trust_score"
}
],
"summary": {
"critical": 0,
"high": 3,
"medium": 0,
"low": 1,
"info": 4
},
"methodology": "https://github.com/AgentSafe-AI/tooltrust-directory/blob/main/docs/methodology.md",
"tool_names": [
"agent_trust_score",
"narrative_momentum",
"security_check",
"token_risk_analysis"
],
"tool_contexts": [
{
"tool_name": "token_risk_analysis",
"action": "ALLOW",
"grade": "B",
"destinations": [
"dynamic email recipient (token_address)"
],
"dependency_visibility": "No dependency data",
"dependency_note": "No metadata.dependencies or repo_url were exposed by this MCP server."
},
{
"tool_name": "security_check",
"action": "ALLOW",
"grade": "B",
"destinations": [
"dynamic email recipient (token_address)"
],
"dependency_visibility": "No dependency data",
"dependency_note": "No metadata.dependencies or repo_url were exposed by this MCP server."
},
{
"tool_name": "narrative_momentum",
"action": "ALLOW",
"grade": "A",
"dependency_visibility": "No dependency data",
"dependency_note": "No metadata.dependencies or repo_url were exposed by this MCP server."
},
{
"tool_name": "agent_trust_score",
"action": "ALLOW",
"grade": "B",
"behavior": [
"uses_network"
],
"dependency_visibility": "No dependency data",
"dependency_note": "No metadata.dependencies or repo_url were exposed by this MCP server."
}
],
"scan_history": [
{
"scan_date": "2026-04-15T02:11:45Z",
"grade": "B",
"risk_score": 17,
"version": "smithery"
},
{
"scan_date": "2026-04-17T02:15:31Z",
"grade": "B",
"risk_score": 17,
"version": "smithery"
},
{
"scan_date": "2026-04-18T01:56:58Z",
"grade": "B",
"risk_score": 17,
"version": "smithery"
}
]
}