AI Security Review
scanned 6d ago · by lpm-firewall-aiNo confirmed malicious attack surface was found. The risky primitives are explicit CLI features for installing a Claude plugin marketplace entry and running a local project portal.
Static reason
One or more suspicious static signals were detected.
Trigger
User runs harness-creator or harness-portal bin
Impact
Package-aligned local Claude/plugin and project dashboard operations; no confirmed exfiltration or lifecycle compromise
Mechanism
interactive installer and localhost project portal
Rationale
Source inspection shows suspicious primitives, but they are user-invoked and aligned with the documented installer/portal functionality, with no lifecycle execution or credential exfiltration. The package should be marked clean.
Evidence
package.jsonscripts/install.mjsscripts/lib/install-utils.mjsscripts/portal.mjsscripts/lib/portal-c4.mjsscripts/lib/portal-github.mjsscripts/lib/portal-server.mjsscripts/lib/portal-ledger.mjstemplates/portal/index.htmlREADME.mddocs/.harness/graph.json.gitignore
Network endpoints3
claude.ai/codeunpkg.com/vis-network@9.1.9/standalone/umd/vis-network.min.js127.0.0.1:<port>
Decision evidence
public snapshotAI called this Clean at 90.0% confidence as Benign with low false-positive risk.
Evidence for block
- scripts/lib/install-utils.mjs uses shell execSync for claude/find commands
- scripts/lib/portal-c4.mjs can spawn npx -y likec4 serve on explicit portal run
- scripts/lib/portal-ledger.mjs writes docs/.harness/graph.json and may update .gitignore in target projects
Evidence against
- package.json has no install/preinstall/postinstall lifecycle hooks
- scripts/install.mjs is an interactive bin that only checks claude/superpowers and runs claude plugin marketplace add after user scope selection
- scripts/lib/portal-c4.mjs removes common AI API key env vars before spawning likec4
- scripts/portal.mjs binds the portal server to 127.0.0.1 and exposes local read-only dashboard APIs
- scripts/lib/portal-github.mjs uses gh CLI for repo PR/run/issue data, with no hardcoded exfiltration endpoint
- No obfuscated payloads, credential harvesting, import-time execution, or persistence beyond documented harness/portal behavior found
Behavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
UrlStrings
NoLicense
Source & flagged code
2 flagged · loading sourcescripts/lib/portal-sources.mjsView file
2import path from 'node:path';
L3: import { execFileSync } from 'node:child_process';
L4: import { readFile } from 'node:fs/promises';
High
Child Process
Package source references child process execution.
scripts/lib/portal-sources.mjsView on unpkg · L2scripts/lib/portal-c4.mjsView file
1// scripts/lib/portal-c4.mjs — lazy `npx likec4 serve` lifecycle + liveness probe + group kill.
L2: import { spawn as nodeSpawn } from 'node:child_process';
L3: import { request } from 'node:http';
High
Runtime Package Install
Package source invokes a package manager install command at runtime.
scripts/lib/portal-c4.mjsView on unpkg · L1Findings
3 High2 Medium4 Low
HighChild Processscripts/lib/portal-sources.mjs
HighShell
HighRuntime Package Installscripts/lib/portal-c4.mjs
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowUrl Strings
LowNo License