registry  /  @calibrate-ds/cli  /  0.1.70

@calibrate-ds/cli@0.1.70

**Calibrate is a local-first design system compiler for design engineers.** It reads your Figma file, builds a structured model of your design system, and uses it to scaffold typed components, design tokens, MDX docs, and AI implementation prompts — all f

AI Security Review

scanned 6d ago · by lpm-firewall-ai

No confirmed malicious attack surface. The package is a design-system CLI with explicit commands that can write project files, configure MCP entries for supported IDEs, run local setup commands, and send opt-out usage telemetry.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs CLI commands such as `ptb init`, `ptb mcp setup`, `setup_mcp`, `ptb document`, or any command after telemetry config creation.
Impact
Project/config files may be created or updated and anonymous CLI usage telemetry may be sent; no install-time control-surface hijack or exfiltration found.
Mechanism
explicit user-command project scaffolding, MCP config merge, local setup command execution, and telemetry
Rationale
The concerning primitives are aligned with an explicit design-system CLI/MCP setup workflow and are not activated by npm lifecycle hooks or import-time code. Because there is no unconsented install-time AI-agent config mutation, exfiltration, destructive behavior, or remote payload execution, the package should not be blocked.
Evidence
package.jsondist/index.jsdist/commands/init.jsdist/mcp/tools/setup-mcp-tool.jsdist/utils/storybook-setup.jsdist/utils/telemetry.js.ptb/.meta.jsonptb.config.jsonptb-team.jsonpackages/ui/package.jsonpackages/ui/tsconfig.jsonpackages/ui/src/css-modules.d.tspnpm-workspace.yaml.gitignore~/.claude/mcp.json~/.cursor/mcp.json~/.codeium/windsurf/mcp_config.json~/.gemini/antigravity/mcp_config.json.vscode/mcp.json~/Library/Application Support/calibrate-ds/telemetry.json~/.config/calibrate-ds/telemetry.json
Network endpoints4
us.i.posthog.com/capture/localhost:4321localhost:6006localhost:6007

Decision evidence

public snapshot
AI called this Clean at 87.0% confidence as Benign with medium false-positive risk.
Evidence for block
  • Source inspection shows user-invoked MCP setup writes AI IDE config files under ~/.claude, ~/.cursor, ~/.codeium/windsurf, ~/.gemini/antigravity, and project .vscode.
  • Telemetry posts command/version/OS/node metadata to PostHog after first-run opt-out notice; not credential/file harvesting.
Evidence against
  • package.json has no preinstall/install/postinstall lifecycle hooks.
  • dist/index.js only registers Commander CLI actions; MCP setup is exposed as explicit `ptb mcp setup` or MCP tool, not install/import-time mutation.
  • dist/mcp/tools/setup-mcp-tool.js writes a fixed package-owned `ptb mcp --cwd` server entry, preserving existing JSON and not injecting prompts or remote payloads.
  • dist/commands/init.js runtime `git init` and Storybook/package-manager steps are user-invoked init/document setup flows, with prompts for install steps when TTY.
  • dist/utils/storybook-setup.js only runs package manager/Storybook commands after explicit user confirmation; non-TTY returns without running them.
  • No evidence of credential exfiltration, destructive behavior, obfuscated payloads, eval/vm/Function, or native binary loading in reviewed hot paths.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 63 file(s), 597 KB of source, external domains: us.i.posthog.com, www.figma.com

Source & flagged code

5 flagged · loading source
dist/utils/storybook-setup.jsView file
3import { stdin as input, stdout as output } from "node:process"; L4: import { spawnSync } from "node:child_process"; L5: import * as path from "node:path";
High
Child Process

Package source references child process execution.

dist/utils/storybook-setup.jsView on unpkg · L3
116stdio: "inherit", L117: shell: true, L118: });
High
Shell

Package source references shell execution.

dist/utils/storybook-setup.jsView on unpkg · L116
dist/mcp/tools/action-tools.jsView file
2import * as path from "node:path"; L3: import { execSync } from "node:child_process"; L4: import { z } from "zod"; ... L31: try { L32: return JSON.parse(await fs.readFile(path.join(workspaceRoot, "ptb.lock"), "utf-8")); L33: } ... L103: type: "text", L104: text: `${tokenEnv} is not set.\n\nThe easiest fix — run this once in any terminal:\n\n ptb token set <your-figma-token>\n\nThis stores the token in ~/.config/calibrate-ds/credenti... L105: }], ... L513: ...(modelComponent.tokenBindings ? { tokenBindings: modelComponent.tokenBindings } : {}), L514: ...(modelComponent.styleMetadata ? { styleMetadata: modelComponent.styleMetadata } : {}), L515: ...(modelComponent.layout ? { layout: modelComponent.layout } : {}),
Medium
Install Persistence

Source writes installer persistence such as shell profile or service configuration.

dist/mcp/tools/action-tools.jsView on unpkg · L2
dist/commands/init.jsView file
450console.log(`\n Initializing Storybook...`); L451: const sbInit = spawnSync("npx storybook@latest init --no-dev", { L452: cwd: uiPackageRoot,
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

dist/commands/init.jsView on unpkg · L450
dist/verify/run-verify.jsView file
matchType = previous_version_dangerous_delta matchedPackage = @calibrate-ds/cli@0.1.65 matchedIdentity = npm:QGNhbGlicmF0ZS1kcy9jbGk:0.1.65 similarity = 0.902 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/verify/run-verify.jsView on unpkg

Findings

1 Critical3 High4 Medium4 Low
CriticalPrevious Version Dangerous Deltadist/verify/run-verify.js
HighChild Processdist/utils/storybook-setup.js
HighShelldist/utils/storybook-setup.js
HighRuntime Package Installdist/commands/init.js
MediumNetwork
MediumEnvironment Vars
MediumInstall Persistencedist/mcp/tools/action-tools.js
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings