registry  /  @astroblocks/astro-blocks  /  3.6.0

@astroblocks/astro-blocks@3.6.0

Block-based content CMS integration for Astro with admin panel, page builder, menus, SEO and cache invalidation.

AI Security Review

scanned 3h ago · by lpm-firewall-ai

Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.

Static reason
No blocking static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs `astro-blocks init-ai` (optionally with `--copy` or `--file`).
Impact
Can influence future AI-agent behavior in that project through user-requested configuration mutation.
Mechanism
Appends package AI-context reference or copied content to agent instruction files.
Rationale
Source inspection confirms an explicit-user AI configuration mutation, which warrants a warning under the stated policy. It is not malicious because there is no install-time trigger or concrete harmful chain.
Evidence
package.jsondist/plugin/cli/index.jsdist/plugin/cli/init-ai.jsAGENTS.consumer.mddist/plugin/index.jsdist/utils/paths.jsAGENTS.mdCLAUDE.md.astro-blocks/runtime.mjs.astro-blocks/schema-map.mjs

Decision evidence

public snapshot
AI called this Suspicious at 96.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `astro-blocks init-ai` explicitly appends AI context to consumer `AGENTS.md` or `CLAUDE.md`.
  • `--file` lets the explicit CLI action select a caller-supplied target path.
  • Copy mode reads and embeds `AGENTS.consumer.md` into the selected agent-instruction file.
Evidence against
  • `package.json` has no `preinstall`, `install`, `postinstall`, or `prepare` lifecycle hook.
  • CLI wiring exposes the mutation only through the user-invoked `init-ai` subcommand.
  • `AGENTS.consumer.md` contains package integration documentation, not credential collection or instruction-bypass content.
  • No child-process execution, eval/vm use, remote payload loading, or external network endpoint was found.
  • Runtime file writes generate package-owned `.astro-blocks` artifacts; upload handling uses contained project paths.
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetwork
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 79 file(s), 662 KB of source, external domains: www.sitemaps.org, www.w3.org

Source & flagged code

2 flagged · loading source
dist/api/manifest.jsView file
8import { DATA_SCHEMA_VERSION } from './schema-version.js'; L9: const require = createRequire(import.meta.url); L10: /**
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/api/manifest.jsView on unpkg · L8
dist/routes/uploads-get.jsView file
matchType = previous_version_dangerous_delta matchedPackage = @astroblocks/astro-blocks@3.4.0 matchedIdentity = npm:[redacted]:3.4.0 similarity = 0.385 summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/routes/uploads-get.jsView on unpkg

Findings

1 High3 Medium4 Low
HighPrevious Version Dangerous Deltadist/routes/uploads-get.js
MediumDynamic Requiredist/api/manifest.js
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings