{ "slug": "mobile-mcp", "tool_id": "npm/@mobilenext/mobile-mcp", "tool_name": "@mobilenext/mobile-mcp", "source_type": "npm", "source_ref": "@mobilenext/mobile-mcp", "version": "0.0.59", "commit": "9008f712891b39c751dfc1f5a39f1368d1e38a5f", "dist_shasum": "0ca03397acbc7bff6897162c8ec65d6ce32b2bd6", "version_pin": "Pinned to @mobilenext/mobile-mcp@0.0.59 (git 9008f712891b39c751dfc1f5a39f1368d1e38a5f), published 2026-06-09. This verdict applies to that exact version; a newer release would require a re-scan.", "scanned_at": "2026-06-13T00:00:00Z", "method": "Installed and run in an isolated container; fed traceable decoy data; all outbound traffic intercepted (TLS broken via own CA, iptables transparent redirect). Endpoints, resolved geo/jurisdiction and frequency are observed facts. Capture self-test passed.", "capture": "verified", "integrity": { "result": "honest", "note": "\"integrity: honest\" refers to the integrity axis (the egress matches the tool's description / no misrepresentation) — NOT that the data flow above is harmless." }, "data_flow": { "egress_observed": true, "notable": true, "summary": "Sends usage telemetry to us.i.posthog.com (PostHog) in US (jurisdiction tier 2) on launch and on every tool call.", "destinations": [ { "host": "us.i.posthog.com", "country": "US", "jurisdiction_tier": 2, "disclosed": true, "request_count_observed": 21, "frequency": "on launch and on every tool call", "kind": "usage telemetry", "vendor": "PostHog" } ], "jurisdiction_context": "Tier 2 = third country (e.g. US): transferring EU personal data to a third country requires a transfer basis under GDPR Art. 44-49 (e.g. SCCs / EU-US Data Privacy Framework) — an obligation on you, the deployer; the tool gives no control over this flow. This is the applicable framework, not a finding that the tool violates it." }, "disclosure": { "status": "disclosed", "evidence": { "read": [ "npm registry readme for @mobilenext/mobile-mcp" ], "quote": "collects anonymous usage telemetry via PostHog. To disable it, set the `MOBILEMCP_DISABLE_TELEMETRY` environment variable: ```bash MOBILEMCP_DISABLE_TELEMETRY=1 npx @mobilenext/mobile-mcp@latest ```", "match": "The observed endpoint us.i.posthog.com (PostHog) is named/disclosed in the tool's own docs (matched: posthog, telemetry, posthog, us).", "residual_gap": "Docs may disclose the vendor but not the jurisdiction; the scan resolved the actual host. The observed per-request payload goes beyond a bare event count — it includes: properties.AgentName, properties.ToolName, properties.Duration." } }, "severity": { "grade": "none", "axis": "integrity axis only (counts undeclared exfiltration). A disclosed data flow is reported as a neutral fact and is not graded here." }, "evidence": { "capture_self_test": "verified — a beacon decoy was emitted from the tool's network context; its presence in the intercept means a 'no egress' result would have been trustworthy.", "observed_request": { "method": "POST", "url": "https://us.i.posthog.com/i/v0/e/", "count": 21, "headers": { "content-type": "application/json", "user-agent": "node" }, "tls": "intercepted (the tool's HTTPS was terminated against the sandbox CA; the egress was then blocked by strict-egress, but the full request was captured)", "payload_fields": [ "api_key", "event", "properties.Platform", "properties.Product", "properties.Version", "properties.NodeVersion", "properties.CI", "distinct_id", "properties.AgentName", "properties.ToolName", "properties.Duration" ], "payload_sample": "{\"api_key\":\"phc_KHRTZmkD…\",\"event\":\"tool_invoked\",\"properties\":{\"Platform\":\"linux\",\"Product\":\"mobile-mcp\",\"Version\":\"0.0.59\",\"NodeVersion\":\"v20.20.2\",\"CI\":\"0\",\"AgentName\":\"mcp\",\"ToolName\":\"mobile_list_available_devices\",\"Duration\":50},\"distinct_id\":\"b204fade01d6…\"}", "payload_note": "Captured in the sandbox run. The distinct_id (a persistent machine identifier) and the write-only, public-by-design ingestion key are truncated above; payload_fields is the union observed across the run." }, "reproduce": { "scanner": "canary-sandbox (open methodology; Docker backend)", "command": "python -m canary.cli scan --backend docker # target: npm @mobilenext/mobile-mcp@0.0.59", "note": "Re-run it yourself: the scanner installs the pinned version, drives the tool over MCP, and intercepts all egress." } }, "scope_stamp": { "method": "declared-vs-observed", "subject_model": "cooperative-tool", "statement": "Compares the tool's declared destinations against what was observed in one sandbox run. Checks transparency / integrity for a cooperative tool, NOT resistance to deliberate evasion.", "out_of_scope": [ "exfiltration split/chunked across requests", "tool-side encryption of the payload before egress", "input/time/state-triggered processing not triggered in the run" ], "interpretation": "\"honest\"/\"clean\" means \"observed without deviation within our reach\", NOT \"guaranteed no hidden egress\"." }, "status": "provisional", "disclaimer": "AUTOMATED — forensic confirmation pending. A preliminary, fact-based flag, not a judgment that the tool is unlawful or unsafe.", "evidence_url": "/verdict/mobile-mcp/evidence.json", "content_hash": "sha256:e73da4bf33764a39b925837a1868bfe21dd8d0cdfb3d80f4bf5d25c1812f7a4c", "signature": "ed25519:DaE/9Sgfk6ZPvcEPKZO0aOJngmDN0QkooGE+RhPR8F+yNR86n06tWCJnN+z3uEvCaeVH1otpjKKSTRre4BzNCQ==", "signature_alg": "Ed25519 over content_hash", "public_key_url": "/pubkey.pem", "signed_by": "sha256:49cf8457b42a7048", "last_checked": "2026-06-14", "pin_status": "current", "categories": { "domain": "mobile", "data_flow": "telemetry-disclosed", "jurisdiction": [ "US" ], "status": "published", "source": "npm" }, "observations": [ { "scanned_at": "2026-06-13T00:00:00Z", "version": "0.0.59", "commit": "9008f712891b39c751dfc1f5a39f1368d1e38a5f", "finding": "telemetry-disclosed", "integrity": 100, "evidence_coverage": 50, "egress_hosts": [ "us.i.posthog.com" ], "content_hash": "sha256:e73da4bf33764a39b925837a1868bfe21dd8d0cdfb3d80f4bf5d25c1812f7a4c" } ], "observation_count": 1, "first_seen": "2026-06-13T00:00:00Z", "claims": [ { "basis": "observed", "statement": "The tool sent 21 request(s) to us.i.posthog.com carrying fields: api_key, event, properties.Platform, properties.Product, properties.Version, properties.NodeVersion, properties.CI, distinct_id, properties.AgentName, properties.ToolName, properties.Duration.", "support": "Captured in the sandbox run (published redacted in the evidence artifact); re-run the scan to reproduce.", "confidence": "high" }, { "basis": "classified", "statement": "us.i.posthog.com is classified as egress (an observability side-channel, not required for the function).", "support": "Adversarially reviewed.", "confidence": "high" }, { "basis": "inferred", "statement": "The repeated requests suggest the flow fires on launch and on each tool call.", "support": "21 requests in one run — an inferred pattern, not proven across launches.", "confidence": "medium" }, { "basis": "classified", "statement": "Disclosure status: disclosed.", "support": "The observed endpoint us.i.posthog.com (PostHog) is named/disclosed in the tool's own docs (matched: posthog, telemetry, posthog, us).", "confidence": "high" }, { "basis": "documented", "statement": "The tool's own docs state (quoted): collects anonymous usage telemetry via PostHog. To disable it, set the `MOBILEMCP_DISABLE_TELEMETRY` environment variable: ```bash MOBILEMCP_DISABLE_TELEMETRY=1 npx @mobilenext/mobile-mcp@latest ```", "support": "npm registry readme for @mobilenext/mobile-mcp", "confidence": "high" } ], "tier": "evidence-backed", "schema_version": "claims-1.0" }