agentphone

This configuration itself is not implementing malware, but it does create a significant supply-chain execution pathway by using npx (-y) to download and run an external npm package at runtime. AGENTPHONE_BASE_URL and AGENTPHONE_API_KEY are passed to that dependency, implying authenticated network activity. Risk depends entirely on the trustworthiness and integrity of agentphone-mcp@0.2.0 and its transitive dependencies; mitigate by pre-installing from a locked/integrity-pinned source and reviewing the dependency code/behavior.