AI Security Review
scanned 1d ago · by lpm-firewall-aiNo confirmed malicious attack surface. The package is a Convertr theme CLI with user-invoked auth, git cache, build, push/pull, and local dev server commands; suspicious primitives are aligned with those features.
Static reason
One or more suspicious static signals were detected.
Trigger
Explicit user CLI commands such as cvtr login, cvtr theme init/run/push/pull/status/diff
Impact
Expected theme development workflow; command-injection hardening concerns exist around interpolated git args but no evidence of malicious intent or unconsented execution.
Mechanism
User-invoked Auth0 OAuth, git operations, theme file copy/build, and local server launch
Rationale
Static inspection shows a legitimate theme-development CLI; the network, token, filesystem, and child_process usage is activated by user commands and matches the package purpose. There are shell interpolation risks in git helper calls, but no concrete malicious chain, install-time execution, exfiltration, or persistence was found.
Evidence
package.jsonindex.jscommands/auth.jscommands/theme.jslib/auth.jslib/config.jslib/git.jslib/storefront.jslib/version-check.js~/.cvtr/config.json~/.cvtr/themes-cache~/.cvtr/storefront-cachetheme-config.jsontemplates/*.liquidcomponents/*.liquidincs/*.liquidcss/*.cssjs/*.js
Network endpoints5
convertr-commerce.us.auth0.com/oauth/device/codeconvertr-commerce.us.auth0.com/oauth/tokenregistry.npmjs.org/@convertr%2Fcli/latestgit@bitbucket.org:convertr/storefront-themes.gitgit@bitbucket.org:convertr/storefront.git
Decision evidence
public snapshotAI called this Clean at 91.0% confidence as Benign with low false-positive risk.
Evidence for block
- lib/git.js wraps execSync git commands and interpolates themeName/message arguments
- commands/auth.js stores Auth0 tokens in ~/.cvtr/config.json after explicit cvtr login
- commands/theme.js can run npm install and spawn node server for cloned storefront during explicit cvtr theme run
Evidence against
- package.json has no preinstall/install/postinstall lifecycle scripts
- index.js only registers CLI commands and checks npm registry for latest version on invocation
- Network endpoints are package-aligned: Auth0 login/refresh, npm registry version check, Bitbucket Convertr git remotes
- No credential harvesting beyond explicit login token storage; no exfiltration to unrelated hosts found
- File writes are scoped to ~/.cvtr caches/config or current theme project during explicit commands
- No AI-agent control-surface writes, persistence, destructive install-time behavior, or remote payload execution found
Behavioral surface
ChildProcessEnvironmentVarsFilesystemNetworkShell
UrlStrings
NoLicense
Source & flagged code
2 flagged · loading sourcelib/git.jsView file
2import os from 'os'
L3: import { execSync } from 'child_process'
L4: import { dirname, join } from 'path'
High
commands/auth.jsView file
55const open = process.platform === 'darwin' ? 'open' : 'xdg-open'
L56: execSync(`${open} "${device.verification_uri_complete}"`)
L57: } catch (_) {}
...
L62:
L63: process.stdout.write(chalk.gray('Aguardando autenticação no browser'))
L64:
...
L69: try {
L70: const { data } = await axios.post(`https://${AUTH0_DOMAIN}/oauth/token`, {
L71: client_id: AUTH0_CLIENT_ID,
High
Command Output Exfiltration
Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.
commands/auth.jsView on unpkg · L55Findings
3 High2 Medium3 Low
HighChild Processlib/git.js
HighShell
HighCommand Output Exfiltrationcommands/auth.js
MediumNetwork
MediumEnvironment Vars
LowFilesystem
LowUrl Strings
LowNo License