Is github.com/nirholas/free-crypto-news safe?

prompt injection

Hidden HTML element contains AI-targeting instructions

brand impersonation

The repository advertises an MCP server package as '@anthropic-ai/mcp-server-crypto-news', claiming it is published under Anthropic's official npm namespace (@anthropic-ai). This is a third-party project by user 'nirholas' — not Anthropic. The @anthropic-ai npm scope belongs to Anthropic PBC. Publishing or promoting a package under this namespace falsely implies official Anthropic authorship, constituting brand impersonation and a potential supply chain attack vector against users who run 'npx @anthropic-ai/mcp-server-crypto-news'. (location: page.html:1381, page.html:1400, page.html:1406 — README mcp_server metadata table and MCP install heading)

social engineering

The repository contains files named AGENTS.md and CLAUDE.md, which are standard instruction files consumed by AI coding agents (Claude Code, Codex, etc.) when they autonomously work on a codebase. The project explicitly targets AI agents as consumers ('AI/LLM ready', '7 pre-built AI agent skills compatible with Claude Code and Codex', skills in /skills/ loaded by AI coding agents for autonomous development tasks). This creates a surface for embedding instructions that manipulate AI agent behavior when the repo is cloned or analyzed by automated agents. (location: page-text.txt:937 (AGENTS.md, CLAUDE.md in repo tree), page-text.txt:4144-4184 (AI Agent Skills section))

hidden content

The README contains multiple massive blocks of thousands of densely packed SEO keyword lists (hundreds of comma-separated terms per paragraph) embedded deep in the document — sections titled 'Technology Stack Keywords', 'Emerging Technology Keywords', 'Business & Enterprise Keywords', 'Geographic & Localization Keywords', 'Extended Discovery & Registry Terms', 'AI & Machine Learning Extended Keywords', 'Web3 & Crypto Extended Keywords', 'Search Query Keywords', 'Alternative Spellings & Variations', etc. These blocks are not part of any functional documentation and appear designed to manipulate search engine indexing and AI training data ingestion, invisible to casual readers. (location: page.html:8820-8856 and surrounding lines — bottom of README, multiple extended keyword sections)

social engineering

The repository encourages users to configure sensitive API keys (OPENAI_API_KEY, ANTHROPIC_API_KEY, GROQ_API_KEY) as environment variables for use with the service hosted at cryptocurrency.cv, a third-party domain with unknown ownership and no verifiable trust chain. Users who self-host or integrate the service may inadvertently expose their AI provider credentials to the operator of cryptocurrency.cv. The framing ('FREE at console.groq.com/keys', 'Translation is auto-enabled when GROQ_API_KEY is set') normalizes adding credentials to third-party-controlled deployments. (location: page-text.txt:2203-2204 (GROQ_API_KEY section), page-text.txt:2469-2471 (Supported AI Providers listing OPENAI_API_KEY, ANTHROPIC_API_KEY, GROQ_API_KEY))

brand impersonation

The repository metadata table lists 'mcp_server' as '@anthropic-ai/mcp-server-crypto-news' and links to npmjs.com/package/@anthropic-ai/mcp-server-crypto-news, visually framing this third-party crypto news tool as an official Anthropic product. The README also prominently features Anthropic branding (Claude, ANTHROPIC_API_KEY) alongside this package name to reinforce the false impression of official affiliation. (location: page.html:1373-1382 (llms_txt and mcp_server metadata table rows))

hidden content

The Tier 2 pre-scan detected 12 suspicious base64 blobs. Inspection reveals these are GitHub's standard camo.githubusercontent.com base64-encoded image proxy URLs for badge images (shields.io badges). These are a false positive in the context of a legitimate GitHub repository page — they represent no actual threat. (location: page.html — camo.githubusercontent.com image src attributes in README badge section (lines ~1389-1400))