registry  /  @decocms/blocks-cli  /  7.16.8

@decocms/blocks-cli@7.16.8

Deco codegen (generate-blocks, generate-schema, generate-invoke) and Fresh-to-TanStack migration tooling

AI Security Review

scanned 2h ago · by lpm-firewall-ai

Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs `deco-migrate` or a KV sync/migration bin command.
Impact
Agent guidance can persist in the migrated project; KV commands can modify the configured namespace, but no install-time or covert behavior is established.
Mechanism
Explicit project scaffolding plus authenticated Cloudflare KV REST writes.
Rationale
This is not confirmed malware, but it has an explicit user-command AI-agent configuration mutation and privileged KV write capability. Flag as warn under the stated policy rather than block because the behavior is disclosed, command-triggered, and package-aligned.
Evidence
package.jsonscripts/migrate.tsscripts/migrate/phase-scaffold.tsscripts/migrate/templates/cursor-rules.tsscripts/lib/cf-kv-rest.tsscripts/sync-blocks-to-kv.tsscripts/migrate-blocks-to-kv.ts.cursor/rules/migration-tooling-policy.mdc
Network endpoints1
api.cloudflare.com/client/v4

Decision evidence

public snapshot
AI called this Suspicious at 90.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `scripts/migrate/phase-scaffold.ts` writes `.cursor/rules/migration-tooling-policy.mdc` during migration.
  • `scripts/migrate/templates/cursor-rules.ts` marks that Cursor rule `alwaysApply: true` and links upstream agent policy.
  • `scripts/migrate.ts` runs `bun install` and generators after the user-invoked migration command.
  • `scripts/lib/cf-kv-rest.ts` uses Cloudflare API credentials to PUT/DELETE configured KV keys.
Evidence against
  • `package.json` has no preinstall, install, postinstall, or prepare lifecycle hook.
  • Cursor configuration is created only by explicit `deco-migrate`, not on package installation or import.
  • The generated rule is an attributed migration-policy pointer; no credential harvesting or remote payload execution was found.
  • Cloudflare calls are scoped to operator-provided account, namespace, token, and explicit KV sync commands.
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
Manifest
NoLicense
scanned 108 file(s), 1.13 MB of source, external domains: analytics.tiktok.com, api.cloudflare.com, bat.bing.com, cdn.example.com, connect.facebook.net, deco-otel-ingest.deco-cx.workers.dev, deco-otel-ingest.example, decoims.com, github.com, graph.instagram.com, ingest.example, ingest.example.com, s.lilstts.com, script.hotjar.com, scripts.clarity.ms, sp.vtex.com, static.hotjar.com, storage.googleapis.com, tailwindcss.com, www.clarity.ms, www.googletagmanager.com

Source & flagged code

5 flagged · loading source
scripts/audit-observability-config.test.tsView file
309} { L310: const { spawnSync } = require("node:child_process") as typeof import( L311: "node:child_process"
High
Child Process

Package source references child process execution.

scripts/audit-observability-config.test.tsView on unpkg · L309
309} { L310: const { spawnSync } = require("node:child_process") as typeof import( L311: "node:child_process"
Medium
Dynamic Require

Package source references dynamic require/import behavior.

scripts/audit-observability-config.test.tsView on unpkg · L309
scripts/sync-blocks-to-kv.tsView file
77purgeUrl: val("--purge-url", ""), L78: purgeToken: val("--purge-token", process.env.PURGE_TOKEN ?? ""), L79: }; ... L82: function gitChangedFiles(since: string, blocksDir: string): string[] { L83: const out = execSync(`git diff --name-only ${since} HEAD`, { encoding: "utf-8" }); L84: return changedBlockFiles(out, blocksDir); ... L87: async function purgeCache(origin: string, token: string, paths: string[]): Promise<void> { L88: const res = await fetch(new URL("/_cache/purge", origin).toString(), { L89: method: "POST",
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

scripts/sync-blocks-to-kv.tsView on unpkg · L77
scripts/generate-invoke.test.tsView file
220const outFile = path.join(siteDir, "src", "server", "invoke.gen.ts"); L221: const result = spawnSync("npx", ["tsx", GENERATOR, "--out-file", outFile], { L222: cwd: siteDir,
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

scripts/generate-invoke.test.tsView on unpkg · L220
scripts/generate-schema.test.tsView file
matchType = previous_version_dangerous_delta matchedPackage = @decocms/blocks-cli@7.16.5 matchedIdentity = npm:QGRlY29jbXMvYmxvY2tzLWNsaQ:7.16.5 similarity = 0.981 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

scripts/generate-schema.test.tsView on unpkg

Findings

1 Critical4 High4 Medium5 Low
CriticalPrevious Version Dangerous Deltascripts/generate-schema.test.ts
HighChild Processscripts/audit-observability-config.test.ts
HighShell
HighSame File Env Network Executionscripts/sync-blocks-to-kv.ts
HighRuntime Package Installscripts/generate-invoke.test.ts
MediumDynamic Requirescripts/audit-observability-config.test.ts
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License