registry  /  @birdybeep/cli  /  0.2.0

@birdybeep/cli@0.2.0

The BirdyBeep CLI — pair your machine, install agent adapters, and stream coding-agent lifecycle events to BirdyBeep.

AI Security Review

scanned 3h ago · by lpm-firewall-ai

Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.

Static reason
No blocking static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs `birdybeep agent install`, `pair`, `hook`, `status`, `doctor`, or `test`.
Impact
Can modify detected agent harness configuration through declared adapters and transmit user-approved lifecycle/pairing data.
Mechanism
Explicit coding-agent adapter setup and BirdyBeep event delivery.
Rationale
Source inspection finds a user-invoked agent-integration feature, not malware or stealth persistence. Per policy, explicit user-command agent configuration mutation warrants a warning.
Evidence
package.jsondist/bin.cjsdist/index.cjs
Network endpoints2
api.birdybeep.comregistry.npmjs.org

Decision evidence

public snapshot
AI called this Suspicious at 91.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `dist/bin.cjs` exposes explicit `agent install` for Claude, Codex, and OpenCode adapters.
  • The user-invoked install path calls each adapter's `install()` after detection.
  • `hook`, `status`, `doctor`, and `test` create senders for BirdyBeep event delivery.
  • `pair` posts machine-label, OS, CLI version, and fingerprint hash during approved pairing.
Evidence against
  • `package.json` contains no preinstall, install, postinstall, or prepare lifecycle hook.
  • `dist/bin.cjs` runs only as the declared `birdybeep` executable; importing `dist/index.cjs` does not invoke it.
  • Agent configuration mutation requires the explicit `birdybeep agent install` command.
  • No shell execution, eval/vm, native loading, destructive file APIs, or hidden endpoints appear in shipped code.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetwork
Supply chain
UrlStrings
ManifestNo manifest risk signals triggered.
scanned 5 file(s), 120 KB of source, external domains: api.birdybeep.com, registry.npmjs.org

Source & flagged code

1 flagged · loading source
dist/bin.cjsView file
matchType = previous_version_dangerous_delta matchedPackage = @birdybeep/cli@0.1.0 matchedIdentity = npm:QGJpcmR5YmVlcC9jbGk:0.1.0 similarity = 0.400 summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/bin.cjsView on unpkg

Findings

1 High2 Medium3 Low
HighPrevious Version Dangerous Deltadist/bin.cjs
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowUrl Strings