AI Security Review
scanned 6d ago · by lpm-firewall-aiNo confirmed malicious attack surface was established. The package is a dotenv management CLI/library with user-invoked env loading, encryption/decryption, Armor sync, extension execution, and optional precommit hook setup.
Static reason
One or more suspicious static signals were detected.
Trigger
User imports/calls the library or runs dotenvx CLI commands.
Impact
May read/write .env, .env.keys, local dotenvx config/device stores, and .git/hooks/pre-commit when requested; no unconsented install-time or stealth behavior found.
Mechanism
dotenv parsing/encryption plus optional Armor API and local command/hook workflows
Rationale
Static inspection shows suspicious primitives are package-aligned and user-invoked: dotenv/env secret handling, optional Armor network sync, explicit command execution, and opt-in git hook installation. With no lifecycle hooks or concrete unconsented exfiltration/persistence chain, this should be marked clean.
Evidence
package.jsonsrc/cli/dotenvx.jssrc/lib/main.jssrc/db/session.jssrc/db/device.jssrc/lib/helpers/executeDynamic.jssrc/lib/helpers/executeExtension.jssrc/lib/helpers/installPrecommitHook.jssrc/lib/api/postArmorPush.jssrc/cli/examples.js.env.env.keys.git/hooks/pre-commitdotenvx config .env.device-key
Network endpoints4
armor.dotenvx.comdotenvx.sh/VERSIONdotenvx.comgithub.com/dotenvx/dotenvx
Decision evidence
public snapshotAI called this Clean at 90.0% confidence as Benign with low false-positive risk.
Evidence for block
- src/lib/main.js reads process.env, parses .env data, decrypts DOTENV_PRIVATE_KEY-protected values, and can write .env/.env.keys via set().
- src/lib/api/postArmorPush.js and postArmorUp.js can POST private keys to an Armor host when Armor workflows are enabled.
- src/lib/helpers/executeDynamic.js and executeExtension.js spawn dotenvx-* extension binaries from PATH for user-supplied CLI subcommands.
- src/lib/helpers/installPrecommitHook.js can write .git/hooks/pre-commit, but only via explicit dotenvx precommit --install.
Evidence against
- package.json has no preinstall/install/postinstall lifecycle scripts; no install-time execution found.
- src/cli/dotenvx.js exposes user-invoked commander actions; sensitive flows require CLI/API invocation and options/session state.
- Default network hosts are package-aligned: https://armor.dotenvx.com and https://dotenvx.sh/VERSION for Armor/update features.
- src/cli/examples.js secret-looking text is documentation example content, not an active credential.
- No credential harvesting, stealth persistence, destructive behavior, dependency confusion, or AI-agent control-surface mutation found.
- Child process use supports dotenvx run, git checks, keychain/native commands, and explicit extension commands.
Behavioral surface
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsUrlStrings
Source & flagged code
3 flagged · loading sourcesrc/cli/examples.jsView file
86patternName = private_key_openssh
severity = critical
line = 86
matchedText = $ dotenv...----
Critical
Critical Secret
Package contains a critical-looking secret pattern.
src/cli/examples.jsView on unpkg · L8686patternName = private_key_openssh
severity = critical
line = 86
matchedText = $ dotenv...----
Critical
src/shared/logger.jsView file
1const packageJson = require('../lib/helpers/packageJson')
L2: const Errors = require('../lib/helpers/errors')
Medium
Dynamic Require
Package source references dynamic require/import behavior.
src/shared/logger.jsView on unpkg · L1Findings
2 Critical3 Medium4 Low
CriticalCritical Secretsrc/cli/examples.js
CriticalSecret Patternsrc/cli/examples.js
MediumDynamic Requiresrc/shared/logger.js
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings