registry  /  @codeenginestudio/harness-creator  /  2.8.0

@codeenginestudio/harness-creator@2.8.0

CES Harness Creator — install wizard

AI Security Review

scanned 8d ago · by lpm-firewall-ai

No confirmed malicious attack surface. Suspicious primitives are aligned with a user-invoked Claude plugin installer and local project portal.

Static reason
One or more suspicious static signals were detected.
Trigger
User runs `harness-creator` or `harness-portal`.
Impact
User-approved Claude plugin marketplace update; local docs ledger/cache writes during portal use.
Mechanism
interactive Claude plugin install and local portal orchestration
Rationale
Static inspection found no lifecycle execution, hidden exfiltration, credential harvesting, or unconsented AI-agent control mutation. The risky commands are explicit CLI features for installing a Claude plugin and running a localhost architecture portal.
Evidence
package.jsonscripts/install.mjsscripts/lib/install-utils.mjsscripts/portal.mjsscripts/lib/portal-c4.mjsscripts/lib/portal-server.mjsscripts/lib/portal-github.mjsscripts/lib/portal-ledger.mjsscripts/lib/portal-sources.mjs~/.claude/plugins/cachedocs/.harness/graph.json.gitignoredocs/architecture
Network endpoints3
claude.ai/code127.0.0.1:<port>127.0.0.1:<c4Port>

Decision evidence

public snapshot
AI called this Clean at 88.0% confidence as Benign with medium false-positive risk.
Evidence for block
  • scripts/install.mjs user-invoked bin runs `claude plugin marketplace add --scope ...`.
  • scripts/lib/portal-c4.mjs user-invoked portal spawns `npx -y likec4 serve`.
  • scripts/lib/portal-ledger.mjs writes target docs/.harness/graph.json and may append docs/.harness/ to .gitignore.
Evidence against
  • package.json has no install/preinstall/postinstall lifecycle hooks.
  • scripts/install.mjs is interactive and requires user-selected scope before changing Claude plugin marketplace.
  • scripts/lib/portal-c4.mjs deletes AI API env keys before spawning likec4.
  • scripts/portal.mjs binds server only to 127.0.0.1 and supports --no-c4/--no-ledger.
  • scripts/lib/portal-github.mjs only calls local gh CLI for PR/run/issue metadata, no custom exfil endpoint.
  • No obfuscated payloads, credential harvesting, destructive actions, or import-time execution found.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
UrlStrings
Manifest
NoLicense
scanned 34 file(s), 68.5 KB of source, external domains: 127.0.0.1, claude.ai

Source & flagged code

2 flagged · loading source
scripts/lib/portal-sources.mjsView file
2import path from 'node:path'; L3: import { execFileSync } from 'node:child_process'; L4: import { readFile } from 'node:fs/promises';
High
Child Process

Package source references child process execution.

scripts/lib/portal-sources.mjsView on unpkg · L2
scripts/lib/portal-c4.mjsView file
1// scripts/lib/portal-c4.mjs — lazy `npx likec4 serve` lifecycle + liveness probe + group kill. L2: import { spawn as nodeSpawn } from 'node:child_process'; L3: import { request } from 'node:http';
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

scripts/lib/portal-c4.mjsView on unpkg · L1

Findings

3 High2 Medium4 Low
HighChild Processscripts/lib/portal-sources.mjs
HighShell
HighRuntime Package Installscripts/lib/portal-c4.mjs
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowUrl Strings
LowNo License