Is stefanogebara/restaurant-ai-mcp safe to install?

stefanogebara/restaurant-ai-mcp was flagged as CRITICAL RISK (risk score 3846) with 385 findings detected across 921 files. Review the findings before installing.

What security issues were found in stefanogebara/restaurant-ai-mcp?

Sigil detected 385 findings in stefanogebara/restaurant-ai-mcp, including patterns related to provenance, network_exfil, install_hooks, code_patterns, obfuscation. See the full scan report for details.

Scans/github/stefanogebara/restaurant-ai-mcp

stefanogebara/restaurant-ai-mcp

github

Summary

stefanogebara/restaurant-ai-mcp v2026-03-22 was classified as CRITICAL RISK with a risk score of 3846. Sigil detected 385 findings across 921 files, covering phases including provenance, network exfiltration, install hooks, code patterns, obfuscation. Review the findings below before installing this package.

Package description: AI Restaurant Phone Receptionist MCP Server - Handles reservations via ElevenLabs voice agent

CRITICAL RISK(3846)

v2026-03-22

22 March 2026, 23:35 UTC

by Sigil Bot

Risk Score

3846

Findings

385

Files Scanned

921

Provenance

Registry

https://github.com/stefanogebara/restaurant-ai-mcp

Repository

https://github.com/stefanogebara/restaurant-ai-mcp

Scanned From

https://github.com/stefanogebara/restaurant-ai-mcp.git

Findings by Phase

•

Phase Ordering

Phases are ordered by criticality, with the most dangerous at the top. Click any phase header to expand or collapse its findings. Critical phases are expanded by default.

install-pip-setup-exec

CRITICAL

setup.py executes code at install time

repo/client/public/js/convai-widget-embed.js:36

`).filter(a=>a.trim()!=="a=extmap-allow-mixed").join(`
`);e.RTCSessionDescription&&r instanceof e.RTCSessionDescription?arguments[0]=new e.RTCSessionDescription({type:r.type,sdp:s}):r.sdp=s}return n.apply(this,arguments)}}function Nc(e,t){if(!(e.RTCPeerConnection&&e.RTCPeerConnection.prototype))return;const n=e.RTCPeerConnection.prototype.addIceCandidate;!n||n.length===0||(e.RTCPeerConnection.prototype.addIceCandidate=function(){return arguments[0]?(t.browser==="chrome"&&t.version<78||t.browser=

Why was this flagged?

This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.

Badge

Markdown

[![Sigil Scan](https://sigilsec.ai/badge/github/stefanogebara/restaurant-ai-mcp)](https://sigilsec.ai/scans/8D8559C3-C1BE-49B9-864E-12A690B5D20A)

HTML

<a href="https://sigilsec.ai/scans/8D8559C3-C1BE-49B9-864E-12A690B5D20A"><img src="https://sigilsec.ai/badge/github/stefanogebara/restaurant-ai-mcp" alt="Sigil Scan"></a>

Run This Scan Yourself