registry  /  @7n/rules  /  1.5.0

@7n/rules@1.5.0

CLI еталонних правил і skills (префікс n-): синк у репозиторій, дельта-lint, конформність

AI Security Review

scanned 2h ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. Explicit `npx @7n/rules` synchronization modifies project AI-agent configuration and installs package-owned hook scripts. Explicit skill commands can start ACP agents with automatically selected permissions. No install-time execution is present.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs `npx @7n/rules` or an `n-rules skill <runner>` command.
Impact
Can alter `.claude`/`.cursor` hook behavior and allow an invoked external agent to operate in the selected project.
Mechanism
User-invoked agent configuration sync and full-trust ACP skill runner.
Rationale
Source inspection confirms powerful project-agent setup and agent execution, but not concrete malicious behavior. Treat as a warning for first-party, user-invoked agent extension lifecycle risk rather than an upstream block.
Evidence
package.jsonbin/n-rules.jsscripts/sync-claude-config.mjsscripts/lib/acp-runner.mjsscripts/lib/resolve-plugins.mjs.claude-template/hooks/normalize-decisions.sh.claude/settings.json.claude/hooks/capture-decisions.sh.claude/hooks/normalize-decisions.sh.cursor/hooks.json.pi/skillsnode_modules/@7n/rules-ci-githubnode_modules/@7n/rules-ci-azure

Decision evidence

public snapshot
AI called this Suspicious at 87.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `bin/n-rules.js` default sync writes project agent files.
  • `scripts/sync-claude-config.mjs` installs executable Claude hook scripts.
  • `scripts/lib/acp-runner.mjs` auto-approves ACP agent permissions.
  • `scripts/lib/resolve-plugins.mjs` can run `bun add -d` for detected plugins.
Evidence against
  • `package.json` has no preinstall/install/postinstall lifecycle hooks.
  • Agent mutations require explicit CLI execution, not package installation.
  • Source names and documents the managed `.claude`, `.cursor`, and `.pi` files.
  • No confirmed credential harvesting, hidden payload execution, or arbitrary exfiltration found.
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNativeBindingsNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 270 file(s), 1.93 MB of source, external domains: api.github.com, blueoakcouncil.org, brew.sh, bun.com, datreeio.github.io, git.io, github.com, json.schemastore.org, kubernetes.io, pypi.org, raw.githubusercontent.com, registry.npmjs.org, scoop.sh, unpkg.com

Source & flagged code

7 flagged · loading source
bin/n-rules.jsView file
62L63: import { spawnSync } from 'node:child_process' L64: import { existsSync } from 'node:fs'
High
Child Process

Package source references child process execution.

bin/n-rules.jsView on unpkg · L62
scripts/skills-cli.mjsView file
56// і не бачить runtime-змін `process.env.PATH` (та сама причина, що в resolve-cmd.mjs). L57: const probe = spawnSync('command', ['-v', name], { shell: true, encoding: 'utf8', env: process.env }) L58: return probe.status === 0
High
Shell

Package source references shell execution.

scripts/skills-cli.mjsView on unpkg · L56
scripts/smoke-check-imports.mjsView file
49// eslint-disable-next-line no-unsanitized/method L50: await import(pathToFileURL(abs).href) L51: } catch (error) {
Medium
Dynamic Require

Package source references dynamic require/import behavior.

scripts/smoke-check-imports.mjsView on unpkg · L49
scripts/lib/resolve-plugins.mjsView file
9* L10: * Установка: `ensurePluginInstalled` — плагін стає devDependency через `bun add -d` (bun сам L11: * резолвить актуальну версію; зміна видима у diff package.json). Фейл установки (offline, ... L21: import { existsSync, readdirSync, readFileSync } from 'node:fs' L22: import { spawnSync } from 'node:child_process' L23: import { join, resolve } from 'node:path'
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

scripts/lib/resolve-plugins.mjsView on unpkg · L9
.claude-template/hooks/normalize-decisions.shView file
path = .claude-template/hooks/normalize-decisions.sh kind = payload_in_excluded_dir sizeBytes = 24519 magicHex = [redacted]
High
Payload In Excluded Dir

Package hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.

.claude-template/hooks/normalize-decisions.shView on unpkg
path = .claude-template/hooks/normalize-decisions.sh kind = build_helper sizeBytes = 24519 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

.claude-template/hooks/normalize-decisions.shView on unpkg
scripts/lib/acp-runner.mjsView file
matchType = previous_version_dangerous_delta matchedPackage = @7n/rules@1.3.1 matchedIdentity = npm:QDduL3J1bGVz:1.3.1 similarity = 0.950 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

scripts/lib/acp-runner.mjsView on unpkg

Findings

1 Critical4 High5 Medium4 Low
CriticalPrevious Version Dangerous Deltascripts/lib/acp-runner.mjs
HighChild Processbin/n-rules.js
HighShellscripts/skills-cli.mjs
HighRuntime Package Installscripts/lib/resolve-plugins.mjs
HighPayload In Excluded Dir.claude-template/hooks/normalize-decisions.sh
MediumDynamic Requirescripts/smoke-check-imports.mjs
MediumNetwork
MediumEnvironment Vars
MediumShips Build Helper.claude-template/hooks/normalize-decisions.sh
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings