registry  /  @decade666/trellis  /  0.6.12

@decade666/trellis@0.6.12

AI capabilities grow like ivy — Trellis provides the structure to guide them along a disciplined path

AI Security Review

scanned 2h ago · by lpm-firewall-ai

Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.

Static reason
No blocking static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs `trellis init` with platform options such as `--codex` or `--copilot`, or invokes channel collaboration.
Impact
Installed hooks and agents may affect later AI-tool sessions in the initialized project.
Mechanism
Writes platform-specific agent assets and optionally runs configured local/CLI AI backends.
Rationale
The package performs broad AI-agent project configuration on explicit user commands, which warrants a warning under the agent-control policy. Source inspection found no unconsented install-time mutation, exfiltration, remote payload execution, or stealth behavior.
Evidence
package.jsondist/cli/index.jsdist/commands/init.jsdist/configurators/codex.jsdist/configurators/copilot.jsdist/commands/channel/adapters/antigravity.jsdist/utils/template-fetcher.js.agents/skills.codex/skills.codex/agents.codex/hooks.codex/hooks.json.codex/config.toml.github/copilot/hooks.github/copilot/hooks.json.github/agents.github/prompts.github/hooks/trellis.json
Network endpoints2
raw.githubusercontent.com/mindfold-ai/marketplace/main/index.json127.0.0.1:8317/v1/chat/completions

Decision evidence

public snapshot
AI called this Suspicious at 87.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `dist/configurators/codex.js` writes `.codex` hooks, agents, skills, and config.
  • `dist/configurators/copilot.js` writes Copilot hooks, agents, prompts, and instructions.
  • `dist/commands/channel/adapters/antigravity.js` can send user turns to a configured CLI/proxy.
Evidence against
  • `package.json` has no preinstall, install, or postinstall hook.
  • CLI mutations are reached through explicit `trellis init` options.
  • Default template download targets the package-aligned Mindfold marketplace.
  • No credential harvesting, stealth persistence, obfuscated payload, or destructive install-time behavior found.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
Manifest
CopyleftLicense
scanned 114 file(s), 783 KB of source, external domains: 127.0.0.1, bitbucket.org, github.com, gitlab.com, raw.githubusercontent.com, registry.npmjs.org, www.python.org

Source & flagged code

2 flagged · loading source
dist/templates/copilot/hooks/session-start.pyView file
path = [redacted]-start.py kind = build_helper sizeBytes = 19064 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

dist/templates/copilot/hooks/session-start.pyView on unpkg
dist/commands/channel/adapters/antigravity.jsView file
matchType = previous_version_dangerous_delta matchedPackage = @decade666/trellis@0.6.10 matchedIdentity = npm:QGRlY2FkZTY2Ni90cmVsbGlz:0.6.10 similarity = 0.991 summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/commands/channel/adapters/antigravity.jsView on unpkg

Findings

1 High4 Medium6 Low
HighPrevious Version Dangerous Deltadist/commands/channel/adapters/antigravity.js
MediumNetwork
MediumEnvironment Vars
MediumShips Build Helperdist/templates/copilot/hooks/session-start.py
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowCopyleft License