AI Security Review
scanned 3h ago · by lpm-firewall-aiNo confirmed malicious attack surface. This is a Bun development CLI with user-invoked project setup, linting, linking, and process-management commands.
Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
Explicit invocation of config subcommands such as prepare, linkRemote, run, or killPort.
Impact
May modify the caller's project files/node_modules or execute user-supplied commands, but no unconsented install-time behavior is present.
Mechanism
User-directed local file changes, subprocesses, and optional GitHub sibling clones.
Rationale
Static hints reflect explicit developer CLI capabilities rather than covert package behavior. The manifest has no install hook, and inspected source shows no exfiltration, stealth persistence, or unconsented AI-agent control-surface mutation.
Evidence
package.jsonsrc/index.tssrc/link-remote.tssrc/vscode-config.tssrc/link-packages.tssrc/vanilla-extract/patch-vanilla-extract.ts.oxfmtrc.json.vscode/extensions.json.vscode/settings.jsonnode_modules@vanilla-extract/integration/dist/*.js
Network endpoints1
github.com/${getOrg()}/${repo}.git
Decision evidence
public snapshotAI called this Clean at 94.0% confidence as Benign with low false-positive risk.
Evidence for block
Evidence against
- package.json has only prepublishOnly; no install lifecycle hook.
- src/index.ts dispatches behavior only after an explicit CLI command.
- src/link-remote.ts uses GitHub URLs solely for explicit linkRemote sibling cloning.
- src/vscode-config.ts writes project-local .vscode configuration, not agent controls.
- No credential harvesting, exfiltration, remote payload execution, or hidden binaries found.
Behavioral surface
ChildProcessDynamicRequireEnvironmentVarsFilesystemShell
UrlStrings
NoLicense
Source & flagged code
4 flagged · loading sourcesrc/vscode-config.tsView file
1import { execSync } from "node:child_process"
L2: import fs from "node:fs/promises"
High
Child Process
Package source references child process execution.
src/vscode-config.tsView on unpkg · L1121console.info(`Written: ${settingsPath}`)
L122: execSync("bunx oxfmt", { cwd: vscodeDir, stdio: `inherit` })
L123: }
High
Runtime Package Install
Package source invokes a package manager install command at runtime.
src/vscode-config.tsView on unpkg · L121src/link-remote.tsView file
•matchType = previous_version_dangerous_delta
matchedPackage = @10stars/config@17.0.4
matchedIdentity = npm:QDEwc3RhcnMvY29uZmln:17.0.4
similarity = 0.889
summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta
This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
src/link-remote.tsView on unpkg85const getConfig = async (cwd: string): Promise<Config | null> =>
L86: import(path.join(cwd, `10stars.config`)).catch(() => null)
L87:
Medium
Dynamic Require
Package source references dynamic require/import behavior.
src/link-remote.tsView on unpkg · L85Findings
1 Critical3 High3 Medium5 Low
CriticalPrevious Version Dangerous Deltasrc/link-remote.ts
HighChild Processsrc/vscode-config.ts
HighShell
HighRuntime Package Installsrc/vscode-config.ts
MediumDynamic Requiresrc/link-remote.ts
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowUrl Strings
LowNo License