registry  /  @agentskit/doc-bridge  /  1.1.1

@agentskit/doc-bridge@1.1.1

Human↔agent documentation bridge — deterministic handoffs, doc-site links, memory→docs, optional AgentsKit RAG/chat.

AI Security Review

scanned 2h ago · by lpm-firewall-ai

Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.

Static reason
No blocking static signals were detected.
Trigger
User runs `ak-docs mcp install --cursor` or `ak-docs mcp install --claude`.
Impact
Adds an `ak-docs` MCP server entry that can launch `npx ak-docs mcp` for the project.
Mechanism
Explicit AI-agent MCP configuration mutation
Rationale
Source inspection confirms an explicit-user-command AI-agent configuration mutation, which warrants a warning under the stated policy. No concrete malicious behavior was found.
Evidence
package.jsonscripts/prepare.mjssrc/cli/program.tssrc/mcp/install.tssrc/mcp/server.tssrc/intelligence/peers.tssrc/federation/llms.tssrc/memory/github-pr.ts.cursor/mcp.json~/Library/Application Support/Claude/claude_desktop_config.json

Decision evidence

public snapshot
AI called this Suspicious at 90.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `src/mcp/install.ts` writes MCP configuration for Cursor or Claude Desktop.
  • `src/cli/program.ts` exposes this only through explicit `ak-docs mcp install --cursor|--claude`.
  • Claude target is `~/Library/Application Support/Claude/claude_desktop_config.json`; Cursor target is project `.cursor/mcp.json`.
  • Configured server runs `npx ak-docs mcp` in the selected project.
Evidence against
  • `package.json` has no preinstall/install/postinstall hook; `prepare` only builds missing `dist`.
  • `src/mcp/install.ts` performs no network, credential, or environment harvesting.
  • `src/mcp/server.ts` exposes local documentation tools and blocks `doc.get` paths escaping the project root.
  • Dynamic imports in `src/intelligence/peers.ts` are named optional AgentsKit peers, not remote payload loading.
  • Network fetches are user-configured federation reads or a manually invoked upstream-check script.
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 69 file(s), 627 KB of source, external domains: 127.0.0.1, agentskit-io.github.io, agentskit.io, github.com, img.shields.io, json-schema.org, playbook.agentskit.io, raw.githubusercontent.com, www.npmjs.com

Source & flagged code

1 flagged · loading source
dist/index.jsView file
3978try { L3979: return await import(name); L3980: } catch (error) {
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/index.jsView on unpkg · L3978

Findings

4 Medium5 Low
MediumDynamic Requiredist/index.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings