registry  /  @autonoma-ai/planner  /  0.1.14

@autonoma-ai/planner@0.1.14

Autonoma test planner — generate E2E test cases for any frontend codebase.

AI Security Review

scanned 8d ago · by lpm-firewall-ai

No confirmed malicious attack surface was found. The package is a user-invoked E2E test planner CLI with AI, analytics, local output files, and optional Autonoma artifact upload.

Static reason
One or more suspicious static signals were detected.
Trigger
User runs autonoma-planner CLI
Impact
Expected project inspection and generated test artifacts; no install-time execution or credential harvesting beyond documented configuration use.
Mechanism
AI-assisted codebase analysis with local artifact generation and optional upload
Rationale
Static inspection shows potentially sensitive primitives are aligned with the CLI's declared planner workflow and require explicit runtime use/configuration. There is no lifecycle execution, hidden exfiltration, persistence, destructive behavior, or unconsented AI-agent control-surface mutation.
Evidence
package.jsonREADME.mddist/index.js~/.autonoma/.device-id~/.autonoma/.env~/.autonoma/<projectSlug>/.project-context.json~/.autonoma/<projectSlug>/.pipeline-state.json~/.autonoma/<projectSlug>/AUTONOMA.md~/.autonoma/<projectSlug>/entity-audit.md~/.autonoma/<projectSlug>/scenarios.md~/.autonoma/<projectSlug>/recipe.json~/.autonoma/<projectSlug>/qa-tests/**
Network endpoints5
us.i.posthog.com/capture/agent.autonoma.appdocs.agent.autonoma.appopenrouter.ai/keysopenrouter.ai/settings/credits

Decision evidence

public snapshot
AI called this Clean at 88.0% confidence as Benign with low false-positive risk.
Evidence for block
  • dist/index.js sends opt-out analytics to https://us.i.posthog.com/capture/ and may include error messages/stacks.
  • dist/index.js can upload generated artifacts to AUTONOMA_API_URL/default https://agent.autonoma.app when token/id env vars are set.
  • dist/index.js exposes user-invoked AI tools for reading project files, writing output files, and limited shell commands.
Evidence against
  • package.json has no preinstall/install/postinstall/prepare lifecycle hooks; only a CLI bin points to dist/index.js.
  • OPENROUTER_API_KEY is read for declared LLM use and prompted/cached in ~/.autonoma/.env only during CLI execution.
  • The static secret-looking phc_ value is a public PostHog ingestion key, documented in code comments as client-safe.
  • Shell execution is constrained to a fixed command allowlist and validates against chaining/redirect/subshell patterns.
  • File writes are sandboxed to the CLI output directory except documented ~/.autonoma config/device-id storage.
  • README.md documents OpenRouter, Autonoma upload credentials, analytics opt-out, and local artifact behavior.
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
Manifest
NoLicense
scanned 1 file(s), 298 KB of source, external domains: docs.agent.autonoma.app, openrouter.ai, us.i.posthog.com

Source & flagged code

2 flagged · loading source
dist/index.jsView file
3967patternName = generic_password severity = medium line = 3967 matchedText = - Email/... } }
Medium
Secret Pattern

Package contains a possible secret pattern.

dist/index.jsView on unpkg · L3967
2377patternName = generic_password severity = medium line = 2377 matchedText = // Sugge...' })
Medium
Secret Pattern

Hardcoded password in dist/index.js

dist/index.jsView on unpkg · L2377

Findings

5 Medium5 Low
MediumSecret Patterndist/index.js
MediumDynamic Require
MediumNetwork
MediumEnvironment Vars
MediumSecret Patterndist/index.js
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License