AI Security Review
scanned 7d ago · by lpm-firewall-aiNo confirmed malicious attack surface by static inspection. Risky primitives are dotenv CLI features: env loading, explicit command execution, explicit Armor API sync, and explicit git hook setup.
Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User invokes CLI/API commands such as dotenvx run, armor push/login, ext command, or ext precommit --install
Impact
Expected package behavior; no unconsented install-time execution, stealth persistence, or credential exfiltration confirmed
Mechanism
User-invoked dotenv/env encryption and command orchestration
Rationale
The suspicious scanner hits map to expected dotenvx functionality: user-invoked command spawning, explicit Armor network operations, examples, and dotenv/env file handling. With no lifecycle hooks, hidden import-time payload, broad agent-control mutation, or covert exfiltration path, this should be marked clean.
Evidence
package.jsonsrc/lib/main.jssrc/cli/dotenvx.jssrc/lib/helpers/executeDynamic.jssrc/lib/helpers/executeExtension.jssrc/lib/helpers/http.jssrc/lib/api/postArmorPush.jssrc/db/session.jssrc/lib/helpers/installPrecommitHook.jssrc/cli/examples.js.env.env.keys.git/hooks/pre-commit.gitignore.dockerignore.npmignore.vercelignore
Network endpoints2
armor.dotenvx.comdotenvx.sh/VERSION
Decision evidence
public snapshotAI called this Clean at 92.0% confidence as Benign with low false-positive risk.
Evidence for block
- src/lib/helpers/executeDynamic.js spawns user-selected dotenvx-* binaries only after CLI dynamic command invocation
- src/lib/helpers/executeExtension.js spawns user-selected dotenvx-ext-* binaries only for explicit ext commands
- src/lib/api/postArmorPush.js can send private keys to configured Armor host during explicit armor push/up flows
- src/db/session.js stores Armor token/config and fetches https://dotenvx.sh/VERSION for update notification when a store exists
Evidence against
- package.json has no preinstall/install/postinstall lifecycle hooks
- src/lib/main.js import path only parses .env files and writes to process.env; file writes are in explicit set/encrypt/decrypt APIs
- Network calls are package-aligned Armor/OAuth/update endpoints, not hidden telemetry or arbitrary exfiltration
- src/cli/examples.js secret-looking value is documentation example text, not active credential use
- No AI-agent control-surface writes or prompt/reviewer manipulation found
- Git hook mutation is explicit dotenvx ext precommit --install, not install-time persistence
Behavioral surface
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsUrlStrings
Source & flagged code
4 flagged · loading sourcesrc/cli/examples.jsView file
86patternName = private_key_openssh
severity = critical
line = 86
matchedText = $ dotenv...----
Critical
Critical Secret
Package contains a critical-looking secret pattern.
src/cli/examples.jsView on unpkg · L8686patternName = private_key_openssh
severity = critical
line = 86
matchedText = $ dotenv...----
Critical
src/shared/logger.jsView file
1const packageJson = require('../lib/helpers/packageJson')
L2: const Errors = require('../lib/helpers/errors')
Medium
Dynamic Require
Package source references dynamic require/import behavior.
src/shared/logger.jsView on unpkg · L1src/lib/helpers/executeDynamic.jsView file
•matchType = previous_version_dangerous_delta
matchedPackage = @dotenvx/dotenvx@2.1.3
matchedIdentity = npm:QGRvdGVudngvZG90ZW52eA:2.1.3
similarity = 0.733
summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta
This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
src/lib/helpers/executeDynamic.jsView on unpkgFindings
2 Critical1 High3 Medium4 Low
CriticalCritical Secretsrc/cli/examples.js
CriticalSecret Patternsrc/cli/examples.js
HighPrevious Version Dangerous Deltasrc/lib/helpers/executeDynamic.js
MediumDynamic Requiresrc/shared/logger.js
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings