npm - @bryan-thompson/inspector-assessment-cli - Versions diffs - 1.23.8 → 1.23.9 - Mend

@bryan-thompson/inspector-assessment-cli 1.23.8 → 1.23.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/build/assess-full.js CHANGED Viewed

@@ -1010,9 +1010,10 @@ Module Selection:
   Valid module names:
     functionality, security, documentation, errorHandling, usability,
     mcpSpecCompliance, aupCompliance, toolAnnotations, prohibitedLibraries,
-    manifestValidation, portability, temporal, resources, prompts, crossCapability
+    externalAPIScanner, authentication, temporal, resources, prompts,
+    crossCapability, manifestValidation, portability
-Assessment Modules (16 total):
+Assessment Modules (17 total):
   • Functionality      - Tests all tools work correctly
   • Security           - Prompt injection & vulnerability testing
   • Documentation      - README completeness checks
@@ -1022,9 +1023,14 @@ Assessment Modules (16 total):
   • AUP Compliance     - Acceptable Use Policy checks
   • Tool Annotations   - readOnlyHint/destructiveHint validation
   • Prohibited Libs    - Dependency security checks
-  • Manifest           - MCPB manifest.json validation
-  • Portability        - Cross-platform compatibility
+  • External API       - External service detection
+  • Authentication     - OAuth/auth evaluation
   • Temporal           - Rug pull/temporal behavior change detection
+  • Resources          - Resource capability assessment
+  • Prompts            - Prompt capability assessment
+  • Cross-Capability   - Chained vulnerability detection
+  • Manifest           - MCPB manifest.json validation (optional)
+  • Portability        - Cross-platform compatibility (optional)
 Examples:
   mcp-assess-full my-server

package/build/assess-security.js CHANGED Viewed

@@ -256,7 +256,7 @@ async function runSecurityAssessment(options) {
         callTool: createCallToolWrapper(client),
         config,
     };
-    console.log(`🛡️  Running security assessment with 17 attack patterns...`);
+    console.log(`🛡️  Running security assessment with 23 attack patterns...`);
     const assessor = new SecurityAssessor(config);
     const results = await assessor.assess(context);
     await client.close();
@@ -372,7 +372,7 @@ function printHelp() {
     console.log(`
 Usage: mcp-assess-security [options] [server-name]
-Run security assessment against an MCP server with 17 attack patterns.
+Run security assessment against an MCP server with 23 attack patterns.
 Options:
   --server, -s <name>    Server name (required, or pass as first positional arg)
@@ -382,14 +382,11 @@ Options:
   --verbose, -v          Enable verbose logging
   --help, -h             Show this help message
-Attack Patterns Tested (17 total):
-  • Direct prompt injection
-  • Indirect prompt injection
-  • Instruction override
-  • Role-playing attacks
-  • Encoding bypass
-  • Multi-turn manipulation
-  • Context poisoning
+Attack Patterns Tested (23 total):
+  • Command Injection, SQL Injection, Path Traversal
+  • Calculator Injection, Code Execution, XXE
+  • Data Exfiltration, Token Theft, NoSQL Injection
+  • Unicode Bypass, Nested Injection, Package Squatting
   • And more...
 Examples:

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@bryan-thompson/inspector-assessment-cli",
-  "version": "1.23.8",
+  "version": "1.23.9",
   "description": "CLI for the Enhanced MCP Inspector with assessment capabilities",
   "license": "MIT",
   "author": "Bryan Thompson <bryan@triepod.ai>",