Is io.github.im-sham/aegis-protocol safe to use?

io.github.im-sham/aegis-protocol has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.

How do I install io.github.im-sham/aegis-protocol?

io.github.im-sham/aegis-protocol supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.

What can io.github.im-sham/aegis-protocol do?

io.github.im-sham/aegis-protocol provides 11 tools: aegis_create_job, aegis_deliver_work, aegis_check_job, aegis_settle_job, aegis_open_dispute and 6 more. See the full tools list on the server page for descriptions and parameters.

What AI clients work with io.github.im-sham/aegis-protocol?

io.github.im-sham/aegis-protocol is compatible with claude-desktop, cursor, claude-code. It uses stdio and sse and http transport.

Is io.github.im-sham/aegis-protocol actively maintained?

io.github.im-sham/aegis-protocol is actively maintained — last commit was 4 days ago. It has 2 GitHub stars.

io.github.im-sham/aegis-protocol

pnpm

Trustless escrow for AI agent-to-agent transactions on Base L2 with ERC-8004 identity and USDC.

2 72.7M/wk 11 tools GitHub npm PyPI

No known CVEs

No license

Actively maintained

Last commit 4d ago

Works with most clients

Transport: stdio, sse, http

11 tools · ~591 tok

Grade B · 0.3% of 200K ctx

Edit this pageView history

AI / ML Finance

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio, sse, http · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "io-github-im-sham-aegis-protocol": {
      "args": [
        "-y",
        "pnpm"
      ],
      "command": "npx"
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/io-github-im-sham-aegis-protocol)](https://mcppedia.org/s/io-github-im-sham-aegis-protocol)

Read me

What io.github.im-sham/aegis-protocol does

Trustless escrow middleware for AI agent-to-agent transactions.

Test This Server

Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.

npx -y 'pnpm' 2>&1 | head -1 && echo "✓ Server started successfully"

After testing, let us know if it worked:

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

88/100across 5 weighted dimensions

How we score →

0255075100

−12

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

12 fixed

CVE-2026-24131medium · fixedCVSS 4

pnpm has Path Traversal via arbitrary file permission modification

### Summary When pnpm processes a package's `directories.bin` field, it uses `path.join()` without validating the result stays within the package root. A malicious npm package can specify `"directories": {"bin": "../../../../tmp"}` to escape the package directory, causing pnpm to chmod 755 files at arbitrary locations. **Note:** Only affects Unix/Linux/macOS. Windows is not affected (`fixBin` gated by `EXECUTABLE_SHEBANG_SUPPORTED`). ### Details Vulnerable code in `pkg-manager/package-bins/src

Affected: >= 0Fixed in 10.28.2source →

CVE-2026-23888low · fixedCVSS 3.1

pnpm: Binary ZIP extraction allows arbitrary file write via path traversal (Zip Slip)

### Summary A path traversal vulnerability in pnpm's binary fetcher allows malicious packages to write files outside the intended extraction directory. The vulnerability has two attack vectors: (1) Malicious ZIP entries containing `../` or absolute paths that escape the extraction root via AdmZip's `extractAllTo`, and (2) The `BinaryResolution.prefix` field is concatenated into the extraction path without validation, allowing a crafted prefix like `../../evil` to redirect extracted files outsid

Affected: >= 0Fixed in 10.28.1source →

CVE-2026-23889low · fixedCVSS 3.1

pnpm has Windows-specific tarball Path Traversal

### Summary A path traversal vulnerability in pnpm's tarball extraction allows malicious packages to write files outside the package directory on Windows. The path normalization only checks for `./` but not `.\`. On Windows, backslashes are directory separators, enabling path traversal. **This vulnerability is Windows-only.** ### Details **1. Incomplete Path Normalization (`store/cafs/src/parseTarball.ts:107-110`)** ```typescript if (fileName.includes('./')) { fileName = path.posix.join('/'

Affected: >= 0Fixed in 10.28.1source →

CVE-2026-23890low · fixedCVSS 3.1

pnpm scoped bin name Path Traversal allows arbitrary file creation outside node_modules/.bin

### Summary A path traversal vulnerability in pnpm's bin linking allows malicious npm packages to create executable shims or symlinks outside of `node_modules/.bin`. Bin names starting with `@` bypass validation, and after scope normalization, path traversal sequences like `../../` remain intact. ### Details The vulnerability exists in the bin name validation and normalization logic: **1. Validation Bypass (`pkg-manager/package-bins/src/index.ts`)** The filter allows any bin name starting wit

Affected: >= 0Fixed in 10.28.1source →

CVE-2026-24056low · fixedCVSS 3.1

pnpm has symlink traversal in file:/git dependencies

### Summary When pnpm installs a `file:` (directory) or `git:` dependency, it follows symlinks and reads their target contents without constraining them to the package root. A malicious package containing a symlink to an absolute path (e.g., `/etc/passwd`, `~/.ssh/id_rsa`) causes pnpm to copy that file's contents into `node_modules`, leaking local data. **Preconditions:** Only affects `file:` and `git:` dependencies. Registry packages (npm) have symlinks stripped during publish and are NOT affe

Affected: >= 0Fixed in 10.28.2source →

Inventory

Tools (11)

Click any tool to inspect its schema.

~591 tokens total

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is io.github.im-sham/aegis-protocol safe to use?: io.github.im-sham/aegis-protocol has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.
How do I install io.github.im-sham/aegis-protocol?: io.github.im-sham/aegis-protocol supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.
What can io.github.im-sham/aegis-protocol do?: io.github.im-sham/aegis-protocol provides 11 tools: aegis_create_job, aegis_deliver_work, aegis_check_job, aegis_settle_job, aegis_open_dispute and 6 more. See the full tools list on the server page for descriptions and parameters.
What AI clients work with io.github.im-sham/aegis-protocol?: io.github.im-sham/aegis-protocol is compatible with claude-desktop, cursor, claude-code. It uses stdio and sse and http transport.
Is io.github.im-sham/aegis-protocol actively maintained?: io.github.im-sham/aegis-protocol is actively maintained — last commit was 4 days ago. It has 2 GitHub stars.

Similar servers

Others in ai-ml / finance

View all →

Memory MCP Server98

Persistent memory using a knowledge graph

85.9k 5

Context Mode95

Privacy-first. MCP is the protocol for tool access. We're the virtualization layer for context.

15.1k 6

Gemini Cli95

An open-source AI agent that brings the power of Gemini directly into your terminal.

104.3k 8

Antigravity Workspace Template94

Workspace template + MCP server for Claude Code, Codex CLI, Cursor & Windsurf. Multi-agent knowledge engine (ag-refresh / ag-ask) that turns any codebase into a queryable AI assistant.

1.2k 2

MCP Security Weekly

Get CVE alerts and security updates for io.github.im-sham/aegis-protocol and similar servers.

Community

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?

Edit this pageView history

AI / ML Finance

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio, sse, http · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "io-github-im-sham-aegis-protocol": {
      "args": [
        "-y",
        "pnpm"
      ],
      "command": "npx"
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/io-github-im-sham-aegis-protocol)](https://mcppedia.org/s/io-github-im-sham-aegis-protocol)

Read me

What io.github.im-sham/aegis-protocol does

Trustless escrow middleware for AI agent-to-agent transactions.

Test This Server

Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.

npx -y 'pnpm' 2>&1 | head -1 && echo "✓ Server started successfully"

After testing, let us know if it worked:

README

AEGIS Protocol

Trustless escrow middleware for AI agent-to-agent transactions.

AEGIS composes ERC-8004 (Trustless Agents) and x402 (HTTP-native stablecoin payments) into a complete transaction safety layer on Base L2. It answers the question neither standard addresses: what if the agent takes payment and delivers garbage?

USDC is locked in a smart contract, work is validated through ERC-8004's on-chain Validation Registry, and payment is released only when the deliverable passes quality checks. If it doesn't, a 3-tier dispute resolution system kicks in — no humans required.

How It Works

Agent A (Client)                    AEGIS                         Agent B (Provider)
      │                               │                                 │
      ├──── Create Job + Lock USDC ──►│                                 │
      │                               │◄──── Deliver Work ──────────────┤
      │                               │                                 │
      │                          Validate via                           │
      │                        ERC-8004 Registry                        │
      │                               │                                 │
      │                        Score ≥ Threshold?                       │
      │                         ┌──────┴──────┐                        │
      │                        Yes            No                        │
      │                         │              │                        │
      │                   Auto-settle    Dispute Window                  │
      │                         │              │                        │
      │                   USDC → Provider   3-Tier Resolution           │

Job Lifecycle

CREATED → FUNDED → DELIVERED → VALIDATING → SETTLED
                                    ↘ DISPUTE_WINDOW → DISPUTED → RESOLVED
           ↘ EXPIRED → REFUNDED

Architecture

Four smart contracts on Base L2:

Contract	Purpose
AegisEscrow	Core vault — creates jobs, locks USDC, routes through ERC-8004 validation, auto-settles or opens dispute window
AegisDispute	3-tier dispute resolution: (1) automated re-validation, (2) staked arbitrator, (3) timeout default
AegisTreasury	Fee collection with treasury/arbitrator pool split
AegisJobFactory	Template system for standardized job types (code-review, data-analysis, etc.)

ERC-8004 Integration

AEGIS composes all three ERC-8004 registries:

Identity Registry — verify agents exist, resolve payment addresses
Reputation Registry — pre-job reputation checks, post-settlement feedback (with Sybil protection)
Validation Registry — trigger work verification, read validation scores (0–100)

Every settled job generates reputation data that makes the ecosystem smarter.

Key Design Decisions

Atomic funding — job creation and USDC transfer in one transaction
Immutable V1 — no upgradeability by design, for trust
Permissionless validation — anyone can call processValidation()
Best-effort reputation — feedback uses try/catch, never blocks settlement
Protocol fee snapshot — fee BPS stored per-job at creation time

Deployed Contracts (Base Sepolia)

Contract	Address
AegisEscrow	`0x8e013cf23f11168B62bA2600d99166507Cbb4aAC`
AegisDispute	`0x9Cbe0bf5080568F56d61F4F3ef0f64909898DcB2`
AegisTreasury	`0xCd2a996Edd6Be2992063fD2A41c0240D77c9e0AA`
AegisJobFactory	`0xD6a9fafA4d1d233075D6c5de2a407942bdc29dbF`

... View full README on GitHub

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

88/100across 5 weighted dimensions

How we score →

0255075100

−12

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

12 fixed

CVE-2026-24131medium · fixedCVSS 4

pnpm has Path Traversal via arbitrary file permission modification

Affected: >= 0Fixed in 10.28.2source →

CVE-2026-23888low · fixedCVSS 3.1

pnpm: Binary ZIP extraction allows arbitrary file write via path traversal (Zip Slip)

Affected: >= 0Fixed in 10.28.1source →

CVE-2026-23889low · fixedCVSS 3.1

pnpm has Windows-specific tarball Path Traversal

Affected: >= 0Fixed in 10.28.1source →

CVE-2026-23890low · fixedCVSS 3.1

pnpm scoped bin name Path Traversal allows arbitrary file creation outside node_modules/.bin

Affected: >= 0Fixed in 10.28.1source →

CVE-2026-24056low · fixedCVSS 3.1

pnpm has symlink traversal in file:/git dependencies

Affected: >= 0Fixed in 10.28.2source →

Inventory

Tools (11)

Click any tool to inspect its schema.

~591 tokens total

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is io.github.im-sham/aegis-protocol safe to use?: io.github.im-sham/aegis-protocol has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.
How do I install io.github.im-sham/aegis-protocol?: io.github.im-sham/aegis-protocol supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.
What can io.github.im-sham/aegis-protocol do?: io.github.im-sham/aegis-protocol provides 11 tools: aegis_create_job, aegis_deliver_work, aegis_check_job, aegis_settle_job, aegis_open_dispute and 6 more. See the full tools list on the server page for descriptions and parameters.
What AI clients work with io.github.im-sham/aegis-protocol?: io.github.im-sham/aegis-protocol is compatible with claude-desktop, cursor, claude-code. It uses stdio and sse and http transport.
Is io.github.im-sham/aegis-protocol actively maintained?: io.github.im-sham/aegis-protocol is actively maintained — last commit was 4 days ago. It has 2 GitHub stars.

Similar servers

Others in ai-ml / finance

View all →

Memory MCP Server98

Persistent memory using a knowledge graph

85.9k 5

Context Mode95

Privacy-first. MCP is the protocol for tool access. We're the virtualization layer for context.

15.1k 6

Gemini Cli95

An open-source AI agent that brings the power of Gemini directly into your terminal.

104.3k 8

Antigravity Workspace Template94

Workspace template + MCP server for Claude Code, Codex CLI, Cursor & Windsurf. Multi-agent knowledge engine (ag-refresh / ag-ask) that turns any codebase into a queryable AI assistant.

1.2k 2

MCP Security Weekly

Get CVE alerts and security updates for io.github.im-sham/aegis-protocol and similar servers.

Community

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?