registry  /  @contextium/cli  /  1.9.1

@contextium/cli@1.9.1

Command-line tool for managing Contextium documentation, agents, skills, and workflows — pipe context to AI coding assistants

AI Security Review

scanned 3h ago · by lpm-firewall-ai

Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.

Static reason
No blocking static signals were detected.
Trigger
User runs contextium setup-claude, setup-cursor, setup-codex, or setup-copilot.
Impact
Contextium tools may run with fewer assistant prompts after user setup; no confirmed malicious exfiltration or unconsented install-time mutation.
Mechanism
explicit AI-agent MCP/config setup with optional or tool-scoped auto-approval
Rationale
Static inspection shows user-invoked, package-aligned AI-agent setup rather than unconsented lifecycle mutation or hidden payload execution. Because it intentionally mutates assistant control surfaces and can reduce prompts, warn rather than block.
Evidence
package.jsondist/index.jsdist/commands/setup-claude.jsdist/lib/claude-permissions.jsdist/commands/setup-cursor.jsdist/commands/setup-codex.jsdist/commands/setup-copilot.jshooks/ium-check-update.jsdist/lib/api-client.jsdist/lib/msal.js~/.claude/settings.json~/.claude/commands/ium/*.md~/.claude/hooks/ium-check-update.js~/.claude/hooks/ium-statusline.js~/.cursor/mcp.json~/.cursor/permissions.json~/.codex/config.toml~/.codex/AGENTS.md.vscode/mcp.json.github/copilot-instructions.md.contextiumrc~/.contextium/msal-cache.json
Network endpoints5
api.contextium.io/api/v1mcp.contextium.io/sseauth.contextium.io/9b6eccb4-2057-43a8-be7f-f558ad8e7bc1npm view @contextium/cli versionnpm view @contextium/mcp-server version

Decision evidence

public snapshot
AI called this Suspicious at 88.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • dist/commands/setup-claude.js invokes explicit setup that writes ~/.claude settings, commands, and hooks.
  • dist/lib/claude-permissions.js adds broad Claude allow rules: Bash contextium * and mcp__contextium__*.
  • dist/commands/setup-cursor.js writes Cursor MCP config and mcpAllowlist for contextium:*; setup-codex has opt-in --no-prompt approval_policy never.
  • hooks/ium-check-update.js runs as a Claude SessionStart hook and checks npm package versions in the background.
Evidence against
  • package.json has no install/preinstall/postinstall hooks; only prepublishOnly build.
  • dist/index.js only registers commander CLI commands; no import-time mutation found.
  • Network use is package-aligned: api.contextium.io, mcp.contextium.io, auth.contextium.io, npm view for update checks.
  • Credential handling appears local/auth-related: .contextium credentials/MSAL cache and Authorization headers to Contextium API.
  • No native binaries, obfuscated payloads, destructive filesystem behavior, or credential harvesting outside declared Contextium auth/config flows found.
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 61 file(s), 413 KB of source, external domains: api.contextium.io, app.contextium.io, mcp.contextium.io

Source & flagged code

4 flagged · loading source
dist/commands/setup-claude.jsView file
Published source reference
Medium
Ai Review Evidence

dist/commands/setup-claude.js invokes explicit setup that writes ~/.claude settings, commands, and hooks.

dist/commands/setup-claude.jsView on unpkg
dist/lib/claude-permissions.jsView file
Published source reference
Medium
Ai Review Evidence

dist/lib/claude-permissions.js adds broad Claude allow rules: Bash contextium * and mcp__contextium__*.

dist/lib/claude-permissions.jsView on unpkg
dist/commands/setup-cursor.jsView file
Published source reference
Medium
Ai Review Evidence

dist/commands/setup-cursor.js writes Cursor MCP config and mcpAllowlist for contextium:*; setup-codex has opt-in --no-prompt approval_policy never.

dist/commands/setup-cursor.jsView on unpkg
hooks/ium-check-update.jsView file
Published source reference
Medium
Ai Review Evidence

hooks/ium-check-update.js runs as a Claude SessionStart hook and checks npm package versions in the background.

hooks/ium-check-update.jsView on unpkg

Findings

6 Medium5 Low
MediumNetwork
MediumEnvironment Vars
MediumAi Review Evidencedist/commands/setup-claude.js
MediumAi Review Evidencedist/lib/claude-permissions.js
MediumAi Review Evidencedist/commands/setup-cursor.js
MediumAi Review Evidencehooks/ium-check-update.js
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings