registry  /  @decade666/trellis  /  0.6.10

@decade666/trellis@0.6.10

AI capabilities grow like ivy — Trellis provides the structure to guide them along a disciplined path

AI Security Review

scanned 2h ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. Explicit `trellis init` can install Trellis-owned project agent configuration and hooks. Explicit channel use can spawn a configured wrapper or call a configured local OpenAI-compatible proxy. No install-time execution or confirmed malicious chain was found.

Static reason
No blocking static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs `trellis init` with platform selection, or explicitly uses channel collaboration.
Impact
Installed hooks can influence supported AI-agent sessions in that project; wrapper inherits the invoking user's environment.
Mechanism
Project-scoped AI-agent extension setup and configured local agent/proxy invocation.
Rationale
This is not malicious by source evidence, but it has real first-party AI-agent extension lifecycle behavior that merits a warning. The observed writes and execution paths are user-invoked and project-scoped.
Evidence
package.jsonbin/trellis.jsdist/cli/index.jsdist/configurators/codex.jsdist/commands/channel/adapters/antigravity.jsdist/templates/copilot/hooks/session-start.py.agents/skills.codex/skills.codex/agents.codex/hooks.codex/hooks.json.codex/config.toml
Network endpoints1
127.0.0.1:8317/v1/chat/completions

Decision evidence

public snapshot
AI called this Suspicious at 88.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `dist/configurators/codex.js` writes project agent skills, hooks, and config during explicit setup.
  • `dist/commands/channel/adapters/antigravity.js` can spawn a configured local wrapper with inherited environment.
  • `dist/templates/*` ship hook scripts that run after the user installs platform integration.
Evidence against
  • `package.json` has no preinstall/install/postinstall hooks; only prepublishOnly.
  • `bin/trellis.js` only imports the CLI when the user invokes it.
  • Agent writes are project-scoped (`.codex`, `.agents`, platform dirs), not home/global config.
  • Antigravity defaults to localhost and uses configured credentials; no hard-coded remote endpoint.
  • Template network scan found no HTTP client calls in shipped hooks.
  • No credential-file harvesting, eval/vm execution, or covert exfiltration found.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
Manifest
CopyleftLicense
scanned 113 file(s), 774 KB of source, external domains: 127.0.0.1, bitbucket.org, github.com, gitlab.com, raw.githubusercontent.com, registry.npmjs.org, www.python.org

Source & flagged code

2 flagged · loading source
dist/templates/copilot/hooks/session-start.pyView file
path = [redacted]-start.py kind = build_helper sizeBytes = 19064 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

dist/templates/copilot/hooks/session-start.pyView on unpkg
dist/commands/channel/adapters/antigravity.jsView file
matchType = previous_version_dangerous_delta matchedPackage = @decade666/trellis@0.6.9 matchedIdentity = npm:QGRlY2FkZTY2Ni90cmVsbGlz:0.6.9 similarity = 0.991 summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/commands/channel/adapters/antigravity.jsView on unpkg

Findings

1 High4 Medium6 Low
HighPrevious Version Dangerous Deltadist/commands/channel/adapters/antigravity.js
MediumNetwork
MediumEnvironment Vars
MediumShips Build Helperdist/templates/copilot/hooks/session-start.py
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowCopyleft License