registry  /  @astroblocks/astro-blocks  /  3.3.0

@astroblocks/astro-blocks@3.3.0

Block-based content CMS integration for Astro with admin panel, page builder, menus, SEO and cache invalidation.

AI Security Review

scanned 3h ago · by lpm-firewall-ai

Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.

Static reason
No blocking static signals were detected.
Trigger
User runs `astro-blocks init-ai` (optionally with `--copy` or `--file`).
Impact
Can influence coding agents that subsequently read the modified project instruction file.
Mechanism
Explicit AI-agent context file append/create.
Rationale
This is not concrete malware, but the explicit CLI can mutate consumer AI-agent instruction files. Per policy, that warrants a warning rather than a block.
Evidence
package.jsondist/plugin/cli/index.jsdist/plugin/cli/init-ai.jsdist/plugin/index.jsdist/routes/api/catchall.jsdist/api/handlers.jsAGENTS.consumer.mdAGENTS.mdCLAUDE.md.astro-blocks/runtime.mjs.astro-blocks/schema-map.mjs

Decision evidence

public snapshot
AI called this Suspicious at 91.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `astro-blocks init-ai` explicitly edits consumer `AGENTS.md` or `CLAUDE.md`.
  • `--file` permits an explicit alternate target path.
  • Default mode appends a dependency AI-context link; `--copy` embeds package context.
Evidence against
  • `package.json` has no preinstall/install/postinstall/prepare lifecycle hook.
  • AI-context write occurs only after explicit CLI invocation.
  • No child-process execution, credential harvesting, or outbound package network endpoint found.
  • Dynamic imports load generated local `.astro-blocks` runtime/schema files.
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetwork
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 54 file(s), 572 KB of source, external domains: www.sitemaps.org, www.w3.org

Source & flagged code

1 flagged · loading source
dist/api/handlers.jsView file
490const schemaMapUrl = pathToFileURL(schemaMapPath).href; L491: const mod = (await import(/* @vite-ignore */ schemaMapUrl)); L492: const schemaMap = mod.schemaMap || {};
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/api/handlers.jsView on unpkg · L490

Findings

3 Medium4 Low
MediumDynamic Requiredist/api/handlers.js
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings