registry  /  @andespindola/brainlink  /  1.2.0

@andespindola/brainlink@1.2.0

Local-first knowledge memory for agents with Markdown, backlinks, indexing and context retrieval.

AI Security Review

scanned 4h ago · by lpm-firewall-ai

Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.

Static reason
No blocking static signals were detected.
Trigger
User runs `brainlink agent install`, `brainlink agent upgrade`, or `brainlink quickstart` without `--no-install-agent`.
Impact
Configures Brainlink as an MCP memory integration; no install-time execution or exfiltration was found.
Mechanism
explicit Brainlink MCP/plugin setup plus optional runtime update check
Rationale
Static inspection found no lifecycle hook, hidden import-time payload, credential theft, or exfiltration; risky primitives are user-invoked and aligned with a local-first Markdown/MCP memory CLI. Because it explicitly mutates an AI-agent config surface on user command, treat as a warning rather than a publish block.
Evidence
package.jsondist/cli/main.jsdist/application/check-package-update.jsdist/cli/commands/agent-commands.jsdist/cli/commands/write/vault-lifecycle-commands.jsdist/domain/embeddings.jsdist/application/vault-git-core.jsdist/mcp/server.js~/.codex/config.toml~/.agents/plugins/marketplace.json~/plugins/brainlink~/.brainlink/update-check.json
Network endpoints3
registry.npmjs.orgapi.openai.com/v1127.0.0.1:11434

Decision evidence

public snapshot
AI called this Suspicious at 88.0% confidence as Benign with medium false-positive risk.
Evidence for warning
  • dist/cli/commands/agent-commands.js explicit `agent install` writes Brainlink MCP config to ~/.codex/config.toml
  • dist/cli/commands/agent-commands.js can add local Brainlink plugin symlink and marketplace entry under user home
  • dist/cli/commands/write/vault-lifecycle-commands.js `quickstart` defaults to running agent integration unless --no-install-agent
Evidence against
  • package.json has no preinstall/install/postinstall lifecycle hooks
  • dist/cli/main.js only runs after CLI invocation; update check is non-blocking and configurable
  • dist/application/check-package-update.js contacts npm registry only for latest version metadata and caches locally
  • dist/application/vault-git-core.js uses execFile for git and rejects inline credential remotes
  • dist/mcp/server.js exposes package-aligned local memory/vault tools, not hidden exfiltration
  • No credential harvesting, remote payload loading, destructive install-time behavior, or broad unconsented mutation found
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 131 file(s), 745 KB of source, external domains: 127.0.0.1, api.openai.com, registry.npmjs.org

Source & flagged code

3 flagged · loading source
dist/cli/commands/agent-commands.jsView file
Published source reference
Medium
Ai Review Evidence

dist/cli/commands/agent-commands.js explicit `agent install` writes Brainlink MCP config to ~/.codex/config.toml

dist/cli/commands/agent-commands.jsView on unpkg
Published source reference
Medium
Ai Review Evidence

dist/cli/commands/agent-commands.js can add local Brainlink plugin symlink and marketplace entry under user home

dist/cli/commands/agent-commands.jsView on unpkg
dist/cli/commands/write/vault-lifecycle-commands.jsView file
Published source reference
Medium
Suspicious Lifecycle Evidence

dist/cli/commands/write/vault-lifecycle-commands.js `quickstart` defaults to running agent integration unless --no-install-agent

dist/cli/commands/write/vault-lifecycle-commands.jsView on unpkg

Findings

5 Medium4 Low
MediumNetwork
MediumEnvironment Vars
MediumAi Review Evidencedist/cli/commands/agent-commands.js
MediumAi Review Evidencedist/cli/commands/agent-commands.js
MediumSuspicious Lifecycle Evidencedist/cli/commands/write/vault-lifecycle-commands.js
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings