registry  /  @agentgrit/core  /  0.1.1

@agentgrit/core@0.1.1

Self-learning engine that makes AI coding agents improve over time

AI Security Review

scanned 4h ago · by lpm-firewall-ai

Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.

Static reason
No blocking static signals were detected.
Trigger
User runs `agentgrit init --bootstrap`, `agentgrit rules promote`, or `agentgrit daemon start/run`.
Impact
Can cause future Claude Code sessions to run agentgrit capture commands and can alter agent instructions with generated rules.
Mechanism
explicit CLI setup of Claude hooks, CLAUDE.md rules, scheduler, and LLM/Langfuse sync
Rationale
Source inspection shows guarded, explicit agent-extension behavior with real control-surface impact, so a warn is appropriate; there is no evidence of unconsented install-time mutation, credential theft, destructive behavior, or remote payload execution.
Evidence
package.jsondist/agentgrit.jsagentgrit.config.tsrubrics/starter.jsonREADME.md~/.claude/settings.json~/.claude/CLAUDE.md~/.agentgrit/config.json~/.agentgrit/signals/*.jsonl~/.agentgrit/state/knowledge-graph.json~/Library/LaunchAgents/com.agentgrit.daemon.plist~/.config/systemd/user/com.agentgrit.daemon.service~/.config/systemd/user/com.agentgrit.daemon.timer
Network endpoints5
api.openai.com/v1/chat/completionsapi.anthropic.com/v1/messagesgenerativelanguage.googleapis.com/v1beta/models/us.cloud.langfuse.com/api/public/tracesus.cloud.langfuse.com/api/public/ingestion

Decision evidence

public snapshot
AI called this Suspicious at 84.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • dist/agentgrit.js: kt() adds Claude Code hooks to ~/.claude/settings.json for explicit `agentgrit init --bootstrap`.
  • dist/agentgrit.js: Dt()/promote path can append generated rules to ~/.claude/CLAUDE.md.
  • dist/agentgrit.js: daemon start installs LaunchAgent/systemd user scheduler files on explicit command.
  • dist/agentgrit.js: configured judge/Langfuse features use fetch to OpenAI, Anthropic, Gemini, and Langfuse endpoints with user-provided keys.
Evidence against
  • package.json has no preinstall/install/postinstall hooks; only prepublishOnly build.
  • dist/agentgrit.js dispatches commands from process.argv; no hidden install-time execution observed.
  • Network calls are aligned with documented LLM judging/Langfuse sync features and require configured credentials.
  • No credential harvesting, destructive deletion, remote payload loading, eval, or child_process execution found in inspected source.
Behavioral surface
Source
EnvironmentVarsFilesystemNetwork
Supply chain
HighEntropyStringsUrlStrings
Manifest
WildcardDependency
scanned 2 file(s), 76.1 KB of source, external domains: api.anthropic.com, api.openai.com, us.cloud.langfuse.com, www.apple.com

Source & flagged code

1 flagged · loading source
dist/agentgrit.jsView file
3`,r=o+".tmp."+process.pid;dn(r,"");let e=nn(o)?so(o,"utf-8"):"";dn(r,e+i);try{co(r,o)}catch{try{ui(r)}catch{}throw Error(`Failed to atomically write signal to ${o}`)}}async functio... L4: `).filter((l)=>l.trim()),r=n?.offset??0,e=n?.limit!==void 0?r+n.limit:i.length,s=i.slice(r,e),c=[];for(let l of s)try{c.push(JSON.parse(l))}catch{}return c}async function on(o,n){i... L5: `),i=n.dimensions.map((r)=>`"${r.name}": { "score": N, "reasoning": "..." }`).join(", ");return`You are evaluating the quality of AI-generated output. ... L15: Return ONLY valid JSON: L16: {${i}}`}function wo(o,n){return!o?"(empty)":o.length>n?o.slice(0,n)+"...":o}async function Li(o,n){let t={"Content-Type":"application/json"},i,r;if(n.provider==="openai"){if(!n.api... L17: `)+(o.length>0?` ... L67: WantedBy=timers.target L68: `}async function nt(o){let n=process.platform;if(n==="darwin"){let t=Ho();if(!W(t))Po(t,{recursive:!0});let i=Gr(o);xn(Xn(),i)}else if(n==="linux"){let t=En();if(!W(t))Po(t,{recurs... L69: `);return}console.log(` Running one daemon cycle... ... L92: `)}R();import{existsSync as E,readFileSync as $n,readdirSync as Xr,writeFileSync as Er}from"fs";import{join as P}from"path";async functio
Low
Weak Crypto

Package source references weak cryptographic algorithms.

dist/agentgrit.jsView on unpkg · L3

Findings

3 Medium6 Low
MediumNetwork
MediumEnvironment Vars
MediumWildcard Dependency
LowNon Install Lifecycle Scripts
LowScripts Present
LowWeak Cryptodist/agentgrit.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings