registry  /  @codeenginestudio/harness-creator  /  2.16.1

@codeenginestudio/harness-creator@2.16.1

CES Harness Creator — install wizard

AI Security Review

scanned 2h ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. The package is a user-invoked Claude Code plugin installer and project portal. It mutates Claude user plugin configuration/cache when run, but no install-time hijack, credential harvesting, or exfiltration was found.

Static reason
One or more suspicious static signals were detected.
Trigger
User runs `npx @codeenginestudio/harness-creator` or `harness-portal`.
Impact
Adds/updates a user-scoped Claude plugin marketplace entry and may write local portal ledger files in the target project.
Mechanism
explicit Claude plugin setup plus local portal helper commands
Rationale
Source inspection shows no npm lifecycle hooks, import-time execution, credential collection, remote payload execution, or exfiltration. Because the package explicitly configures a Claude agent plugin at user scope when invoked, warn as agent extension lifecycle risk rather than block.
Evidence
package.jsonscripts/install.mjsscripts/lib/install-utils.mjsscripts/lib/cache-prune.mjsscripts/portal.mjsscripts/lib/portal-c4.mjsscripts/lib/portal-ledger.mjstemplates/portal/index.html~/.claude/plugins/cache/ces/harness-creatordocs/.harness/graph.json.gitignore
Network endpoints4
claude.ai/codeunpkg.com/vis-network@9.1.9/standalone/umd/vis-network.min.js127.0.0.1:4000127.0.0.1:5173

Decision evidence

public snapshot
AI called this Suspicious at 84.0% confidence as Benign with medium false-positive risk.
Evidence for warning
  • scripts/install.mjs user-invoked bin runs `claude plugin marketplace add --scope user ...`.
  • scripts/lib/install-utils.mjs targets Claude user plugin cache under `~/.claude`.
  • scripts/lib/cache-prune.mjs removes stale `~/.claude/plugins/cache/ces/harness-creator` versions on update.
  • scripts/portal.mjs can start a local portal and spawn `npx -y likec4 serve` for C4 viewing.
Evidence against
  • package.json has no preinstall/install/postinstall lifecycle scripts.
  • Claude plugin setup is behind explicit `npx harness-creator` bin, not npm install-time execution.
  • scripts/install.mjs only instructs installing dependency plugins; it does not run those installs itself.
  • scripts/lib/portal-c4.mjs deletes common AI API key env vars before spawning likec4.
  • Network references are local portal endpoints or documented third-party UI/CDN; no credential exfiltration found.
  • GitHub and git commands are bounded status/list/read operations for portal display.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
UrlStrings
Manifest
NoLicense
scanned 37 file(s), 75.6 KB of source, external domains: 127.0.0.1, claude.ai

Source & flagged code

2 flagged · loading source
scripts/lib/portal-sources.mjsView file
2import path from 'node:path'; L3: import { execFileSync } from 'node:child_process'; L4: import { readFile } from 'node:fs/promises';
High
Child Process

Package source references child process execution.

scripts/lib/portal-sources.mjsView on unpkg · L2
scripts/lib/portal-c4.mjsView file
1// scripts/lib/portal-c4.mjs — lazy `npx likec4 serve` lifecycle + liveness probe + group kill. L2: import { spawn as nodeSpawn } from 'node:child_process'; L3: import { request } from 'node:http';
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

scripts/lib/portal-c4.mjsView on unpkg · L1

Findings

3 High2 Medium4 Low
HighChild Processscripts/lib/portal-sources.mjs
HighShell
HighRuntime Package Installscripts/lib/portal-c4.mjs
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowUrl Strings
LowNo License