AI Security Review
scanned 3h ago · by lpm-firewall-aiNo install-time execution or AI-agent control-surface mutation is present. The user-invoked scaffold command trusts a remote registry whose post-setup command strings can reach `execSync` after a confirmation prompt.
Static reason
No blocking static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs `elv init` and confirms post-setup execution.
Impact
A compromised or attacker-selected template registry could run arbitrary commands in the new project directory if the user approves.
Mechanism
Remote-registry-controlled shell command execution after explicit confirmation.
Rationale
Source inspection found an explicit but remotely configurable post-setup execution path. It is a risky scaffolding capability rather than concrete stealthy or unconsented malicious behavior.
Evidence
package.jsondist/index.mjsdist/chunks/init.mjsdist/chunks/token.mjsdist/chunks/update.mjsdist/shared/cli.VYvD3UfZ.mjs.elv-temp.elvrc.json~/.elv/credentials.jsonpackages/<template-package>
Network endpoints1
api.github.com
Decision evidence
public snapshotAI called this Suspicious at 87.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
- `dist/chunks/init.mjs` fetches a remote template registry before selecting a template.
- `dist/chunks/init.mjs` passes remote `template.postSetup` strings to `execSync`.
- The remote registry can be selected through `--source`; the default is `github:Elvine-SK/hrm-mono-app`.
- `dist/chunks/update.mjs` can write upstream file content into the selected project after interactive acceptance.
Evidence against
- `package.json` has no preinstall, install, postinstall, or prepare lifecycle hook.
- Entrypoint only loads subcommands after the user invokes `elv`.
- Post-setup shell commands require an explicit `Run post-setup commands now?` confirmation.
- GitHub token storage is opt-in and limited to `~/.elv/credentials.json` with restrictive chmod attempted.
Behavioral surface
ChildProcessEnvironmentVarsFilesystemShell
UrlStrings
NoLicense
Source & flagged code
1 flagged · loading sourcedist/chunks/init.mjsView file
•matchType = previous_version_dangerous_delta
matchedPackage = @elvine-sk/cli@0.1.1
matchedIdentity = npm:QGVsdmluZS1zay9jbGk:0.1.1
similarity = 0.364
summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta
This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/chunks/init.mjsView on unpkgFindings
1 High1 Medium4 Low
HighPrevious Version Dangerous Deltadist/chunks/init.mjs
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowUrl Strings
LowNo License