Israeli Bank Scrapers

Provide scrapers for all major Israeli banks and credit card companies

eshahambrowser-webTypeScriptMIT
GitHub
0Tools
6Findings
782Stars
Mar 22, 2026Last Scanned
5 high · 1 low findings detected

Findings6

5high
1low

High5

highD1Known CVEs in DependenciesMCP08-dependency-vuln
Dependency "lodash@4.17.10" has known CVEs:
Update dependencies to versions that patch known CVEs. Run 'npm audit fix' or 'pip-audit' to identify and resolve vulnerable dependencies.
highD1Known CVEs in DependenciesMCP08-dependency-vuln
Dependency "moment@2.22.2" has known CVEs:
Update dependencies to versions that patch known CVEs. Run 'npm audit fix' or 'pip-audit' to identify and resolve vulnerable dependencies.
highD1Known CVEs in DependenciesMCP08-dependency-vuln
Dependency "node-fetch@2.2.0" has known CVEs:
Update dependencies to versions that patch known CVEs. Run 'npm audit fix' or 'pip-audit' to identify and resolve vulnerable dependencies.
highD1Known CVEs in DependenciesMCP08-dependency-vuln
Dependency "minimist@1.2.5" has known CVEs:
Update dependencies to versions that patch known CVEs. Run 'npm audit fix' or 'pip-audit' to identify and resolve vulnerable dependencies.
highK19Missing Runtime Sandbox EnforcementMCP07-insecure-configAML.T0054
Pattern "(run[_\s-]?as[_\s-]?root|EUID.*0|uid.*0)(?!.*(?:drop|setuid|seteuid|change.?user))" matched in source_code: "uid": "^9.0" (at position 2933)
Run MCP servers in sandboxed containers with: (1) No --privileged flag, (2) Minimal Linux capabilities (drop ALL, add only needed), (3) Read-only root filesystem, (4) Non-root user, (5) Seccomp/AppArmor profiles enabled, (6) No host mounts except data volumes. CoSAI warns containers alone are insufficient — add seccomp profiles. Required by CoSAI MCP-T8 and ISO 27001 A.8.22.

Low1

lowF4MCP Spec Non-ComplianceMCP07-insecure-config
Server fails MCP spec compliance checks: required:server_name; required:server_version; required:protocol_version; recommended:tool_descriptions; recommended:parameter_descriptions
Follow the MCP specification for server metadata. Include server name, version, and protocol version. Provide descriptions for all tools and parameters.

Security Category Deep Dive

Sub-Category Tree · Remediation Roadmap · Attack Stories · Compliance Overlay · ATLAS Techniques · Maturity Model

Prompt Injection
Prompt & context manipulation attacks
69
Maturity
14
Rules
5
Sub-Categories
1
Gaps
64%
Implemented
56
Tests
1
Stories
PI-DIRDirect Input Injection
100%3 rules
Injection via tool descriptions and parameter fields
GAP-001Prompt Injection Coverage GapMissing detection coverage for emerging prompt injection attack variants not addressed by current rules
PI-INDIndirect / Gateway Injection
100%4 rules
Hidden instructions via external content and tool responses
PI-CTXContext Manipulation
100%2 rules
Context window saturation and prior-approval exploitation
PI-ENCEncoding & Obfuscation
100%3 rules
Payload hiding via invisible chars, base64, schema fields
PI-TPLTemplate & Output Poisoning
100%2 rules
Injection via prompt templates and runtime tool output
Framework Coverage
OWASP MCP Top 1014/14
MITRE ATLAS14/14
CoSAI MCP2/14
OWASP Agentic Top 1012/14
Kill Chain Phases
0Initial Access
0Defense Evasion
0Execution
0Persistence