bnbchain-mcp

This fragment is documentation for operating the bnbchain-mcp tool and is not itself executable source code. It accurately describes capabilities and contains helpful safety reminders (do not log PRIVATE_KEY, confirm transactions, require explicit network for writes). The primary security concerns are supply-chain risk from unpinned runtime installs (npx @bnb-chain/mcp@latest) and credential risk from placing PRIVATE_KEY into a spawned third-party process. No explicit malicious code, exfiltration endpoints, or obfuscated logic are present in the fragment. Mitigations: pin package versions, verify integrity/signatures, prefer remote/HSM/wallet signing or ephemeral keys, and ensure client enforces manual confirmation for all state-changing actions. Overall, not evidently malicious, but medium operational security risk if used with long-term private keys and unpinned installs.