registry  /  @codeenginestudio/harness-creator  /  2.11.0

@codeenginestudio/harness-creator@2.11.0

CES Harness Creator — install wizard

AI Security Review

scanned 6d ago · by lpm-firewall-ai

No confirmed malicious attack surface was established. The risky primitives are explicit CLI operations for installing a Claude plugin and running a local harness portal, not npm install-time behavior.

Static reason
One or more suspicious static signals were detected.
Trigger
User runs `harness-creator` or `harness-portal`.
Impact
Can add a Claude plugin marketplace source or run local project inspection tooling when explicitly invoked by the user.
Mechanism
User-invoked Claude plugin registration and local project portal
Rationale
Static inspection shows no lifecycle hook or unconsented install-time modification of foreign/broad AI-agent control surfaces; agent-facing actions are explicit CLI/plugin workflow steps. Network, shell, git, gh, and npx use are package-aligned local portal/installer functionality with no evidence of exfiltration or persistence.
Evidence
package.jsonscripts/install.mjsscripts/lib/install-utils.mjsscripts/portal.mjsscripts/lib/portal-c4.mjsscripts/lib/portal-server.mjsscripts/lib/portal-github.mjsscripts/lib/portal-collect.mjstemplates/portal/index.html~/.claude/plugins/cachedocs/architecturefeature_list.jsonfeature-list.jsonprogress.mddocs/superpowers/specsdocs/superpowers/plansdocs/adr.claude/rules.claude/skills.claude/workflows.claude/hooks/precommit-check.sh.claude/settings.jsonlefthook.yml
Network endpoints3
unpkg.com/vis-network@9.1.9/standalone/umd/vis-network.min.js127.0.0.1:<port>claude.ai/code

Decision evidence

public snapshot
AI called this Clean at 89.0% confidence as Benign with low false-positive risk.
Evidence for block
  • scripts/install.mjs is a user-invoked bin that runs `claude plugin marketplace add --scope ...` for a Claude plugin marketplace entry.
  • scripts/lib/portal-c4.mjs user-invoked portal spawns `npx -y likec4 serve` under the target project.
  • templates/portal/index.html loads vis-network from https://unpkg.com and uses local `/api/*`/SSE endpoints.
Evidence against
  • package.json has no npm lifecycle hooks, only bin entrypoints and a test script.
  • scripts/install.mjs prompts for user/project scope and exits if required Claude/superpowers prerequisites are absent; no install-time mutation occurs.
  • scripts/lib/portal-c4.mjs binds/probes only 127.0.0.1 and deletes common AI API key env vars before spawning likec4.
  • scripts/lib/portal-server.mjs exposes a local read-only portal API except graph ledger sync tied to explicit `harness-portal` execution.
  • scripts/lib/portal-github.mjs uses local `gh` CLI reads for PR/run/issue metadata and does not post data externally.
  • No credential harvesting, remote code fetch beyond explicit npx/Claude tooling, persistence, destructive actions, or lifecycle AI-agent control hijack found.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
UrlStrings
Manifest
NoLicense
scanned 34 file(s), 67.8 KB of source, external domains: 127.0.0.1, claude.ai

Source & flagged code

2 flagged · loading source
scripts/lib/portal-sources.mjsView file
2import path from 'node:path'; L3: import { execFileSync } from 'node:child_process'; L4: import { readFile } from 'node:fs/promises';
High
Child Process

Package source references child process execution.

scripts/lib/portal-sources.mjsView on unpkg · L2
scripts/lib/portal-c4.mjsView file
1// scripts/lib/portal-c4.mjs — lazy `npx likec4 serve` lifecycle + liveness probe + group kill. L2: import { spawn as nodeSpawn } from 'node:child_process'; L3: import { request } from 'node:http';
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

scripts/lib/portal-c4.mjsView on unpkg · L1

Findings

3 High2 Medium4 Low
HighChild Processscripts/lib/portal-sources.mjs
HighShell
HighRuntime Package Installscripts/lib/portal-c4.mjs
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowUrl Strings
LowNo License