AI Security Review
scanned 2h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Static reason
One or more suspicious static signals were detected.
Trigger
User runs `npx devground-setup` from a project root.
Impact
Existing agent instruction files and the pre-commit hook can be replaced; `package.json` gains a `prepare` script.
Mechanism
Project configuration, Git-hook, and AI-agent instruction-file mutation.
Rationale
The scanner’s shell/install finding is a fixed, documented Husky initialization command. The package is not malicious by source evidence, but its explicit command rewrites AI-agent instruction surfaces and warrants a warning under the stated policy.
Evidence
package.jsonsetup.jsREADME.mdeslint.config.mjstsconfig.jsontsconfig.typecheck.jsoncommitlint.config.js.husky/pre-commitAGENTS.mdCLAUDE.md.cursorrules.github/copilot-instructions.md.gemini/styleguide.md
Decision evidence
public snapshotAI called this Suspicious at 90.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
- `setup.js` is an explicitly invoked bin that creates AI-agent instruction symlinks for Claude, Cursor, Copilot, and Gemini.
- `setup.js` replaces existing agent-control paths after unlinking them, including `CLAUDE.md`, `.cursorrules`, and `.github/copilot-instructions.md`.
- `setup.js` modifies the caller project: `package.json`, config files, `.husky/pre-commit`, and agent instruction files.
- `setup.js` executes `npx husky init`, creating Git-hook setup at user-command time.
Evidence against
- `package.json` has no preinstall, install, postinstall, or other lifecycle scripts.
- `README.md` documents `npx devground-setup`; mutation occurs only after explicit user invocation.
- No network client, credential/env harvesting, remote payload loading, eval, or dynamic code execution appears in inspected source.
- The only shell command is fixed-string `npx husky init`; no user data is interpolated into it.
Behavioral surface
ChildProcessFilesystemShell
Source & flagged code
2 flagged · loading sourcesetup.jsView file
2L3: const { execSync } = require('node:child_process');
L4: const fs = require('node:fs');
High
164try {
L165: execSync('npx husky init', { cwd: targetDir, stdio: 'pipe' });
L166: log('Husky inicializado');
High
Runtime Package Install
Package source invokes a package manager install command at runtime.
setup.jsView on unpkg · L164Findings
3 High1 Low
HighChild Processsetup.js
HighShell
HighRuntime Package Installsetup.js
LowFilesystem