registry  /  @codeenginestudio/harness-creator  /  2.10.0

@codeenginestudio/harness-creator@2.10.0

CES Harness Creator — install wizard

AI Security Review

scanned 6d ago · by lpm-firewall-ai

No confirmed malicious attack surface was found. The risky primitives are explicit CLI features for installing a Claude plugin marketplace entry and running a local project portal.

Static reason
One or more suspicious static signals were detected.
Trigger
User runs harness-creator or harness-portal bin
Impact
Package-aligned local Claude/plugin and project dashboard operations; no confirmed exfiltration or lifecycle compromise
Mechanism
interactive installer and localhost project portal
Rationale
Source inspection shows suspicious primitives, but they are user-invoked and aligned with the documented installer/portal functionality, with no lifecycle execution or credential exfiltration. The package should be marked clean.
Evidence
package.jsonscripts/install.mjsscripts/lib/install-utils.mjsscripts/portal.mjsscripts/lib/portal-c4.mjsscripts/lib/portal-github.mjsscripts/lib/portal-server.mjsscripts/lib/portal-ledger.mjstemplates/portal/index.htmlREADME.mddocs/.harness/graph.json.gitignore
Network endpoints3
claude.ai/codeunpkg.com/vis-network@9.1.9/standalone/umd/vis-network.min.js127.0.0.1:<port>

Decision evidence

public snapshot
AI called this Clean at 90.0% confidence as Benign with low false-positive risk.
Evidence for block
  • scripts/lib/install-utils.mjs uses shell execSync for claude/find commands
  • scripts/lib/portal-c4.mjs can spawn npx -y likec4 serve on explicit portal run
  • scripts/lib/portal-ledger.mjs writes docs/.harness/graph.json and may update .gitignore in target projects
Evidence against
  • package.json has no install/preinstall/postinstall lifecycle hooks
  • scripts/install.mjs is an interactive bin that only checks claude/superpowers and runs claude plugin marketplace add after user scope selection
  • scripts/lib/portal-c4.mjs removes common AI API key env vars before spawning likec4
  • scripts/portal.mjs binds the portal server to 127.0.0.1 and exposes local read-only dashboard APIs
  • scripts/lib/portal-github.mjs uses gh CLI for repo PR/run/issue data, with no hardcoded exfiltration endpoint
  • No obfuscated payloads, credential harvesting, import-time execution, or persistence beyond documented harness/portal behavior found
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
UrlStrings
Manifest
NoLicense
scanned 34 file(s), 67.8 KB of source, external domains: 127.0.0.1, claude.ai

Source & flagged code

2 flagged · loading source
scripts/lib/portal-sources.mjsView file
2import path from 'node:path'; L3: import { execFileSync } from 'node:child_process'; L4: import { readFile } from 'node:fs/promises';
High
Child Process

Package source references child process execution.

scripts/lib/portal-sources.mjsView on unpkg · L2
scripts/lib/portal-c4.mjsView file
1// scripts/lib/portal-c4.mjs — lazy `npx likec4 serve` lifecycle + liveness probe + group kill. L2: import { spawn as nodeSpawn } from 'node:child_process'; L3: import { request } from 'node:http';
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

scripts/lib/portal-c4.mjsView on unpkg · L1

Findings

3 High2 Medium4 Low
HighChild Processscripts/lib/portal-sources.mjs
HighShell
HighRuntime Package Installscripts/lib/portal-c4.mjs
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowUrl Strings
LowNo License