{
  "slug": "context7",
  "tool_id": "npm/@upstash/context7-mcp",
  "verdict_url": "/verdict/context7",
  "verdict_content_hash": "sha256:9cc943487f1b94c9e400c47390f32b142b2df53d81088a016c75299fb932df3b",
  "version": "3.2.1",
  "commit": "",
  "dist_shasum": "1c6e813e4032654c1ea6b987f8b2fa50a171387f",
  "scanned_at": "2026-06-14T00:00:00Z",
  "capture_self_test": "verified — a beacon decoy was emitted from the tool's network context; its presence in the intercept means a 'no egress' result would have been trustworthy.",
  "method": "Installed and run in an isolated container; fed traceable decoy data; all outbound traffic intercepted (TLS broken via own CA, iptables transparent redirect). Endpoints, resolved geo/jurisdiction and frequency are observed facts. Capture self-test passed.",
  "request_count": 2,
  "captured_requests": [
    {
      "method": "GET",
      "scheme": "https",
      "host": "context7.com",
      "path": "/api/v2/libs/search?query=FILE-CONTENT%3A%3Acanary-e7cedde3-file-348df583f222%3A%3AEND&libraryName=Canary+canary-e7cedde3-name-bf442d5870c0",
      "headers": {
        "host": "context7.com",
        "connection": "keep-alive",
        "X-Context7-Source": "mcp-server",
        "X-Context7-Server-Version": "3.2.1",
        "mcp-session-id": "d5360f02-bf40-494f-af2f-0bfc91d75979",
        "X-Context7-Client-IDE": "mcp",
        "X-Context7-Client-Version": "0.1.0",
        "X-Context7-Transport": "stdio",
        "accept": "*/*",
        "accept-language": "*",
        "sec-fetch-mode": "cors",
        "user-agent": "node",
        "accept-encoding": "br, gzip, deflate"
      },
      "body_redacted": "",
      "blocked": true,
      "tls_inspected": true
    },
    {
      "method": "GET",
      "scheme": "https",
      "host": "context7.com",
      "path": "/api/v2/context?query=FILE-CONTENT%3A%3Acanary-e7cedde3-file-348df583f222%3A%3AEND&libraryId=FILE-CONTENT%3A%3Acanary-e7cedde3-file-348df583f222%3A%3AEND",
      "headers": {
        "host": "context7.com",
        "connection": "keep-alive",
        "X-Context7-Source": "mcp-server",
        "X-Context7-Server-Version": "3.2.1",
        "mcp-session-id": "d5360f02-bf40-494f-af2f-0bfc91d75979",
        "X-Context7-Client-IDE": "mcp",
        "X-Context7-Client-Version": "0.1.0",
        "X-Context7-Transport": "stdio",
        "accept": "*/*",
        "accept-language": "*",
        "sec-fetch-mode": "cors",
        "user-agent": "node",
        "accept-encoding": "br, gzip, deflate"
      },
      "body_redacted": "",
      "blocked": true,
      "tls_inspected": true
    }
  ],
  "reproduce": {
    "scanner": "canary-sandbox (open methodology; Docker backend)",
    "command": "python -m canary.cli scan <target> --backend docker   # target: npm @upstash/context7-mcp@3.2.1",
    "note": "Re-run it yourself: the scanner installs the pinned version, drives the tool over MCP, and intercepts all egress."
  },
  "note": "Raw captured outbound requests from one sandbox run (identifiers/keys redacted). This is the underlying observation behind the verdict — re-run the scan to verify.",
  "verification": "verdict_content_hash = sha256 over the canonical verdict JSON; dist_shasum = the npm tarball checksum of the pinned version. Signed artifacts + an append-only immutable log are on the roadmap (toward independent verifiability).",
  "verdict_signature": "ed25519:T4ZrdYdRw/Nd2TIm0z/XO7ijzCmzzBw7xd1X8IuG2aRDot7YKU4VihaH1ZuP6ypzXGsolrd/ftVmGMk7iUM3DA=="
}