byted-bytehouse-mcp

This script itself is a benign test harness, but it creates a moderate to high supply-chain and credential-exposure risk because it spawns a local helper binary and instructs it to fetch and run code directly from a remote GitHub repository while forwarding the full environment (including BYTEHOUSE_* credentials). There is no obfuscation or clear in-script malware, but running this script on a host where '/root/.local/bin/uvx' or the referenced repo is untrusted would allow arbitrary code execution and possible secret exfiltration. Recommend validating and pinning the remote code, ensuring uvx binary provenance, and not forwarding sensitive environment vars to untrusted processes.

The file itself contains no direct malicious code, but it creates a meaningful supply-chain and data-exfiltration attack surface by executing a hard-coded external binary and forwarding the entire environment, while passing an argument that can cause the external process to fetch remote code. Treat this module as a moderate security risk: safe only if the external binary and referenced repository are trusted and environment forwarding is restricted or sanitized.

The inspected Python file is a test client that itself is not obfuscated and contains no direct hardcoded credentials or explicit malicious payload. However, it launches an external binary at a hardcoded path and passes arguments that point to remote repository code while forwarding the entire environment. This creates a significant supply-chain and execution risk: the invoked subprocess (or any remote code it fetches) can execute arbitrary actions with the user's privileges and access inherited secrets via environment variables. The direct malware probability in this file is low, but the operational security risk is moderate-to-high unless the uvx binary and fetched code are verified and the subprocess is run with reduced privileges and a minimized environment.