registry  /  @adammcarter/use-cases  /  0.4.1

@adammcarter/use-cases@0.4.1

**Keep your AI agent's "it works" honest.**

AI Security Review

scanned 2h ago · by lpm-firewall-ai

LPM blocks this version under the AI-agent control-surface policy. A global npm install silently modifies multiple foreign AI-agent control surfaces. Subsequent agent sessions execute package-owned code or inject package-owned instructions.

Static reason
High-risk behavior combination matched malicious policy.; previous stored version diff introduced dangerous source
Trigger
`npm install -g @adammcarter/use-cases`, or installation with `USE_CASES_INSTALL_AGENT_HOOKS` or `AGENT_HOOKS_INSTALL` enabled
Impact
Package-controlled bootstrap content is loaded into Claude, Codex, Copilot, or OpenCode sessions without a separate user configuration action.
Mechanism
postinstall persistence through user-level AI-agent hook and plugin configuration
Policy narrative
The package’s postinstall script activates automatically for global npm installs and rewrites configuration for four separate AI-agent products. Those configurations run the packaged shell hook or OpenCode plugin at future session start, causing package-controlled bootstrap instructions to be inserted into agent context. This is cross-product AI-agent control-surface persistence performed during installation, rather than an explicit user-invoked setup command.
Rationale
Source inspection confirms an install-time mutation of foreign, broad AI-agent configuration files that persists package-controlled session instructions. This meets the blocking policy despite the absence of credential theft or network exfiltration.
Evidence
package.jsonscripts/install-agent-hooks.mjshooks/session-startbootstrap/use-cases.md.opencode/plugin/use-cases.jsexamples/python-pytest/tests/use_cases/example.checkout.apply_coupon_test.py~/.claude/settings.json~/.codex/hooks.json~/.config/opencode/opencode.json~/.copilot/hooks/use-cases.json

Decision evidence

public snapshot
AI called this Malicious at 98.0% confidence as Malware with low false-positive risk.
Evidence for policy block
  • `package.json` runs `scripts/install-agent-hooks.mjs` as `postinstall`.
  • Global npm installation enables hook installation without an explicit opt-in variable.
  • `scripts/install-agent-hooks.mjs` writes Claude, Codex, OpenCode, and Copilot user-level agent configuration.
  • Installed hooks execute `hooks/session-start`; OpenCode loads `.opencode/plugin/use-cases.js`, which injects package bootstrap instructions into chats.
Evidence against
  • No credential harvesting or network request code was found in inspected lifecycle and hook sources.
  • `hooks/session-start` only reads the packaged bootstrap and emits JSON context.
  • The flagged Python file is a plain pytest acceptance test, not a payload.
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 146 file(s), 861 KB of source, external domains: opencode.ai, use-cases.dev

Source & flagged code

6 flagged · loading source
package.jsonView file
scripts.postinstall = node scripts/install-agent-hooks.mjs
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
packages/mcp/dist/index.jsView file
11try { L12: return await import("@adammcarter/use-cases-core"); L13: }
Medium
Dynamic Require

Package source references dynamic require/import behavior.

packages/mcp/dist/index.jsView on unpkg · L11
scripts/install-agent-hooks.mjsView file
1Install-time AI-agent control hijack evidence: L1: #!/usr/bin/env node L2: import { existsSync, mkdirSync, readFileSync, writeFileSync } from "node:fs"; L3: import { homedir } from "node:os"; ... L41: function writeJson(path, value) { L42: mkdirSync(dirname(path), { recursive: true }); L43: writeFileSync(path, `${JSON.stringify(value, null, 2)}\n`, "utf8"); L44: } ... L115: const config = readJson(path, { $schema: "https://opencode.ai/config.json" }); L116: const pluginPath = resolve(packageRoot, ".opencode/plugin/use-cases.js"); L117: const plugins = (Array.isArray(config.plugin) ? config.plugin : []).filter((entry) => { L118: const value = Array.isArray(entry) ? entry[0] : entry; L119: return typeof value !== "string" || !value.endsWith("/.opencode/plugin/use-cases.js"); Payload evidence from .mcp.json: L1: { L2: "mcpServers": {
Critical
Ai Agent Control Hijack

Install-time source drops package-supplied AI-agent/MCP control files or instructions.

scripts/install-agent-hooks.mjsView on unpkg · L1
examples/python-pytest/tests/use_cases/example.checkout.apply_coupon_test.pyView file
path = examples/python-pytest/tests/use_cases/example.checkout.apply_coupon_test.py kind = payload_in_excluded_dir sizeBytes = 843 magicHex = [redacted]
High
Payload In Excluded Dir

Package hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.

examples/python-pytest/tests/use_cases/example.checkout.apply_coupon_test.pyView on unpkg
path = examples/python-pytest/tests/use_cases/example.checkout.apply_coupon_test.py kind = build_helper sizeBytes = 843 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

examples/python-pytest/tests/use_cases/example.checkout.apply_coupon_test.pyView on unpkg
packages/core/dist/markers/cli/verify.jsView file
matchType = previous_version_dangerous_delta matchedPackage = @adammcarter/use-cases@0.3.0 matchedIdentity = npm:QGFkYW1tY2FydGVyL3VzZS1jYXNlcw:0.3.0 similarity = 0.917 summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

packages/core/dist/markers/cli/verify.jsView on unpkg

Findings

1 Critical3 High4 Medium4 Low
CriticalAi Agent Control Hijackscripts/install-agent-hooks.mjs
HighInstall Time Lifecycle Scriptspackage.json
HighPayload In Excluded Direxamples/python-pytest/tests/use_cases/example.checkout.apply_coupon_test.py
HighPrevious Version Dangerous Deltapackages/core/dist/markers/cli/verify.js
MediumDynamic Requirepackages/mcp/dist/index.js
MediumEnvironment Vars
MediumShips Build Helperexamples/python-pytest/tests/use_cases/example.checkout.apply_coupon_test.py
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings