AI Security Review
scanned 1h ago · by lpm-firewall-aiNo confirmed malicious attack surface. The package is a development configuration CLI whose project mutations require explicit commands.
Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs the `config` CLI, such as `config prepare` or `config linkRemote`.
Impact
May intentionally modify the invoking project's config files and dependencies; no unconsented install-time behavior is present.
Mechanism
Explicit development-tool configuration, linking, formatting, and dependency maintenance.
Rationale
Source inspection shows an explicitly invoked development CLI with package-aligned project configuration actions. Although it can execute package-manager commands and edit project files, there is no install-time execution, credential theft, exfiltration, stealth persistence, or concrete malicious chain.
Evidence
package.jsonsrc/index.tssrc/vscode-config.tssrc/manage-overrides.tssrc/linking/link-remote.tssrc/vanilla-extract/patch-vanilla-extract.ts.oxfmtrc.json.vscode/extensions.json.vscode/settings.jsonnode_modules/@vanilla-extract/integration/dist/*.jsnode_modules/*/package.json
Network endpoints1
github.com/${org}/${repo}.git
Decision evidence
public snapshotAI called this Clean at 93.0% confidence as Benign with low false-positive risk.
Evidence for block
- `prepare` explicitly rewrites project config and installed Vanilla Extract files.
- `setupOverrides` invokes `bun install` after updating project `package.json`.
- `linkRemote` can clone package-aligned GitHub sibling repositories when explicitly invoked.
Evidence against
- `package.json` has only `prepublishOnly`; no npm install lifecycle hook.
- CLI actions run only after a user invokes the `config` binary and selects a command.
- No credential harvesting, secret reads, exfiltration, eval, or remote payload loading found.
- Network use is limited to explicit GitHub clone URLs in `linkRemote`.
- VS Code writes are standard `.vscode/extensions.json` and `.vscode/settings.json`, not AI-agent controls.
Behavioral surface
ChildProcessDynamicRequireEnvironmentVarsFilesystemShell
UrlStrings
NoLicense
Source & flagged code
4 flagged · loading sourcesrc/vscode-config.tsView file
1import { execSync } from "node:child_process"
L2: import fs from "node:fs/promises"
High
Child Process
Package source references child process execution.
src/vscode-config.tsView on unpkg · L1121console.info(`Written: ${settingsPath}`)
L122: execSync("bunx oxfmt", { cwd: vscodeDir, stdio: `inherit` })
L123: }
High
Runtime Package Install
Package source invokes a package manager install command at runtime.
src/vscode-config.tsView on unpkg · L121src/index.tsView file
•matchType = previous_version_dangerous_delta
matchedPackage = @10stars/config@17.0.5
matchedIdentity = npm:QDEwc3RhcnMvY29uZmln:17.0.5
similarity = 0.778
summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta
This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
src/index.tsView on unpkg33const getConfig = async (): Promise<Config | null> =>
L34: import(path.join(cwd, `10stars.config`)).catch(() => null)
L35:
Medium
Dynamic Require
Package source references dynamic require/import behavior.
src/index.tsView on unpkg · L33Findings
1 Critical3 High3 Medium5 Low
CriticalPrevious Version Dangerous Deltasrc/index.ts
HighChild Processsrc/vscode-config.ts
HighShell
HighRuntime Package Installsrc/vscode-config.ts
MediumDynamic Requiresrc/index.ts
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowUrl Strings
LowNo License