AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. The package is a user-invoked Claude Code plugin installer and project portal. It mutates Claude user plugin configuration/cache when run, but no install-time hijack, credential harvesting, or exfiltration was found.
Static reason
One or more suspicious static signals were detected.
Trigger
User runs `npx @codeenginestudio/harness-creator` or `harness-portal`.
Impact
Adds/updates a user-scoped Claude plugin marketplace entry and may write local portal ledger files in the target project.
Mechanism
explicit Claude plugin setup plus local portal helper commands
Rationale
Source inspection shows no npm lifecycle hooks, import-time execution, credential collection, remote payload execution, or exfiltration. Because the package explicitly configures a Claude agent plugin at user scope when invoked, warn as agent extension lifecycle risk rather than block.
Evidence
package.jsonscripts/install.mjsscripts/lib/install-utils.mjsscripts/lib/cache-prune.mjsscripts/portal.mjsscripts/lib/portal-c4.mjsscripts/lib/portal-ledger.mjstemplates/portal/index.html~/.claude/plugins/cache/ces/harness-creatordocs/.harness/graph.json.gitignore
Network endpoints4
claude.ai/codeunpkg.com/vis-network@9.1.9/standalone/umd/vis-network.min.js127.0.0.1:4000127.0.0.1:5173
Decision evidence
public snapshotAI called this Suspicious at 84.0% confidence as Benign with medium false-positive risk.
Evidence for warning
- scripts/install.mjs user-invoked bin runs `claude plugin marketplace add --scope user ...`.
- scripts/lib/install-utils.mjs targets Claude user plugin cache under `~/.claude`.
- scripts/lib/cache-prune.mjs removes stale `~/.claude/plugins/cache/ces/harness-creator` versions on update.
- scripts/portal.mjs can start a local portal and spawn `npx -y likec4 serve` for C4 viewing.
Evidence against
- package.json has no preinstall/install/postinstall lifecycle scripts.
- Claude plugin setup is behind explicit `npx harness-creator` bin, not npm install-time execution.
- scripts/install.mjs only instructs installing dependency plugins; it does not run those installs itself.
- scripts/lib/portal-c4.mjs deletes common AI API key env vars before spawning likec4.
- Network references are local portal endpoints or documented third-party UI/CDN; no credential exfiltration found.
- GitHub and git commands are bounded status/list/read operations for portal display.
Behavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
UrlStrings
NoLicense
Source & flagged code
2 flagged · loading sourcescripts/lib/portal-sources.mjsView file
2import path from 'node:path';
L3: import { execFileSync } from 'node:child_process';
L4: import { readFile } from 'node:fs/promises';
High
Child Process
Package source references child process execution.
scripts/lib/portal-sources.mjsView on unpkg · L2scripts/lib/portal-c4.mjsView file
1// scripts/lib/portal-c4.mjs — lazy `npx likec4 serve` lifecycle + liveness probe + group kill.
L2: import { spawn as nodeSpawn } from 'node:child_process';
L3: import { request } from 'node:http';
High
Runtime Package Install
Package source invokes a package manager install command at runtime.
scripts/lib/portal-c4.mjsView on unpkg · L1Findings
3 High2 Medium4 Low
HighChild Processscripts/lib/portal-sources.mjs
HighShell
HighRuntime Package Installscripts/lib/portal-c4.mjs
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowUrl Strings
LowNo License