AI Security Review
scanned 8d ago · by lpm-firewall-aiNo confirmed malicious attack surface. Suspicious primitives are aligned with a user-invoked Claude plugin installer and local project portal.
Static reason
One or more suspicious static signals were detected.
Trigger
User runs `harness-creator` or `harness-portal`.
Impact
User-approved Claude plugin marketplace update; local docs ledger/cache writes during portal use.
Mechanism
interactive Claude plugin install and local portal orchestration
Rationale
Static inspection found no lifecycle execution, hidden exfiltration, credential harvesting, or unconsented AI-agent control mutation. The risky commands are explicit CLI features for installing a Claude plugin and running a localhost architecture portal.
Evidence
package.jsonscripts/install.mjsscripts/lib/install-utils.mjsscripts/portal.mjsscripts/lib/portal-c4.mjsscripts/lib/portal-server.mjsscripts/lib/portal-github.mjsscripts/lib/portal-ledger.mjsscripts/lib/portal-sources.mjs~/.claude/plugins/cachedocs/.harness/graph.json.gitignoredocs/architecture
Network endpoints3
claude.ai/code127.0.0.1:<port>127.0.0.1:<c4Port>
Decision evidence
public snapshotAI called this Clean at 88.0% confidence as Benign with medium false-positive risk.
Evidence for block
- scripts/install.mjs user-invoked bin runs `claude plugin marketplace add --scope ...`.
- scripts/lib/portal-c4.mjs user-invoked portal spawns `npx -y likec4 serve`.
- scripts/lib/portal-ledger.mjs writes target docs/.harness/graph.json and may append docs/.harness/ to .gitignore.
Evidence against
- package.json has no install/preinstall/postinstall lifecycle hooks.
- scripts/install.mjs is interactive and requires user-selected scope before changing Claude plugin marketplace.
- scripts/lib/portal-c4.mjs deletes AI API env keys before spawning likec4.
- scripts/portal.mjs binds server only to 127.0.0.1 and supports --no-c4/--no-ledger.
- scripts/lib/portal-github.mjs only calls local gh CLI for PR/run/issue metadata, no custom exfil endpoint.
- No obfuscated payloads, credential harvesting, destructive actions, or import-time execution found.
Behavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
UrlStrings
NoLicense
Source & flagged code
2 flagged · loading sourcescripts/lib/portal-sources.mjsView file
2import path from 'node:path';
L3: import { execFileSync } from 'node:child_process';
L4: import { readFile } from 'node:fs/promises';
High
Child Process
Package source references child process execution.
scripts/lib/portal-sources.mjsView on unpkg · L2scripts/lib/portal-c4.mjsView file
1// scripts/lib/portal-c4.mjs — lazy `npx likec4 serve` lifecycle + liveness probe + group kill.
L2: import { spawn as nodeSpawn } from 'node:child_process';
L3: import { request } from 'node:http';
High
Runtime Package Install
Package source invokes a package manager install command at runtime.
scripts/lib/portal-c4.mjsView on unpkg · L1Findings
3 High2 Medium4 Low
HighChild Processscripts/lib/portal-sources.mjs
HighShell
HighRuntime Package Installscripts/lib/portal-c4.mjs
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowUrl Strings
LowNo License