registry  /  @decantr/cli  /  3.8.2

@decantr/cli@3.8.2

Decantr CLI - adopt, verify, graph, and govern frontend codebases touched by AI agents

AI Security Review

scanned 2h ago · by lpm-firewall-ai

Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.

Static reason
No blocking static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs `decantr connect cursor` or `decantr rules apply`.
Impact
Can influence enabled AI-agent behavior in the selected project and delegate to `@decantr/mcp-server` when Cursor starts it.
Mechanism
Writes project AI-agent rules and registers an npx-launched MCP server.
Rationale
Direct inspection confirms an explicit-user-command AI-agent configuration feature, but no install-time execution, stealth persistence, exfiltration, or destructive behavior. Per policy, classify this first-party explicit agent-control mutation as suspicious rather than malicious.
Evidence
package.jsondist/bin.jsdist/chunk-GBIOY7B7.jsdist/chunk-GUMN6SP3.jsdist/chunk-JKSHNJOD.jsdist/chunk-L4JPSMQW.js.cursor/mcp.json.cursor/rules/decantr.mdc.claude/rules/decantr.mdCLAUDE.mdAGENTS.mdGEMINI.mdcopilot-instructions.md.github/copilot-instructions.md.cursorrules.windsurfrules
Network endpoints1
api.decantr.ai/v1

Decision evidence

public snapshot
AI called this Suspicious at 88.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • `dist/chunk-GBIOY7B7.js` implements `decantr connect cursor`, writing `.cursor/mcp.json` with `npx -y @decantr/mcp-server`.
  • `dist/chunk-GBIOY7B7.js` implements explicit `decantr rules apply`, modifying existing `CLAUDE.md`, `AGENTS.md`, Cursor, Windsurf, Gemini, and Copilot rule files.
  • The Cursor MCP registration can cause an external MCP package to be launched by Cursor after the user enables the connection.
Evidence against
  • `package.json` has no `preinstall`, `install`, `postinstall`, or `prepare` hook.
  • Agent-control writes occur only through user-invoked `connect cursor` or `rules apply` commands.
  • MCP config preserves existing servers and uses a project-local `.cursor/mcp.json` path.
  • Telemetry requires a project opt-in and a caller-configured endpoint in `dist/chunk-GUMN6SP3.js`.
  • No `eval`, VM execution, shell-enabled child process, credential harvesting, or hidden import-time persistence was found.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 13 file(s), 1.16 MB of source, external domains: api.decantr.ai, decantr.ai, telemetry.example, ui.shadcn.com

Source & flagged code

1 flagged · loading source
dist/chunk-GBIOY7B7.jsView file
matchType = previous_version_dangerous_delta matchedPackage = @decantr/cli@3.8.0 matchedIdentity = npm:QGRlY2FudHIvY2xp:3.8.0 similarity = 0.615 summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/chunk-GBIOY7B7.jsView on unpkg

Findings

1 High2 Medium4 Low
HighPrevious Version Dangerous Deltadist/chunk-GBIOY7B7.js
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings