registry  /  @fazer-ai/agents  /  1.2.0

@fazer-ai/agents@1.2.0

Bootstrap do onboarding do fazer.ai agents: prepara o seu agente de IA (Claude Code, Codex, Hermes) e entrega a jornada de onboarding.

AI Security Review

scanned 3h ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. An explicitly invoked onboarding CLI installs or updates first-party AI-agent extensions and configures Hostinger MCP servers. It also persists onboarding preferences, markers, OAuth state, and optional registry credentials under `~/.fazer-ai`. No install-time execution or covert attack chain is established.

Static reason
No blocking static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs the `agents` CLI without `--dry-run` and selects an automated agent/provider.
Impact
Changes Codex, Claude, or Hermes agent setup and can install a Hostinger MCP dependency; this is a meaningful but user-invoked extension lifecycle surface.
Mechanism
Explicit agent extension setup, MCP configuration, OAuth hub calls, and local dependency installation.
Rationale
Not malicious: no install-time hook or concrete covert attack behavior was found. Warn because the explicit CLI performs first-party AI-agent extension lifecycle changes and installs a runtime MCP dependency from an unpinned `@latest` spec.
Evidence
package.jsondist/index.jsdist/mcp.jsdist/oauth.jsdist/agents/codex.jsdist/agents/claude.jsdist/agents/hermes-skills.js~/.fazer-ai/preferences.json~/.fazer-ai/onboarding.json~/.fazer-ai/oauth.json~/.fazer-ai/harbor.secret~/.fazer-ai/mcpHermes profile skills directoryCodex MCP configurationClaude plugin/MCP configuration
Network endpoints4
app.fazer.aigithub.com/fazer-ai/agents-skillsskills.sh/fazer-ai/agents-skillsharbor.fazer.ai

Decision evidence

public snapshot
AI called this Suspicious at 90.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `dist/agents/codex.js` runs `codex mcp add` and plugin marketplace commands.
  • `dist/agents/claude.js` adds MCP servers and installs/updates an `agents` plugin.
  • `dist/agents/hermes-skills.js` replaces Hermes skill trees and lock entries.
  • `dist/mcp.js` installs `hostinger-api-mcp@latest` under `~/.fazer-ai/mcp`.
  • `dist/oauth.js` stores OAuth refresh-token cache with mode `0600`.
Evidence against
  • `package.json` has only `prepublishOnly`; no install-time lifecycle hook.
  • `dist/index.js` gates mutations behind explicit real CLI invocation; `--dry-run` returns before execution.
  • `dist/mcp.js` does not inject the hub as an agent MCP and limits Hostinger MCP setup to a supplied token.
  • No source evidence of covert exfiltration, destructive actions, eval, or remote payload execution.
  • The bundled Python helpers are onboarding/deployment utilities, not import-time code.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetwork
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 24 file(s), 186 KB of source, external domains: 127.0.0.1, agents.example.com, app.fazer.ai, chatgpt.com, claude.ai, github.com, hermes-agent.nousresearch.com, hpanel.hostinger.com, lucasmoreira.ai, raw.githubusercontent.com, skills.sh, www.hostg.xyz

Source & flagged code

2 flagged · loading source
dist/skills/agents-operation/scripts/simulate-load.pyView file
path = dist/skills/agents-operation/scripts/simulate-load.py kind = build_helper sizeBytes = 12718 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

dist/skills/agents-operation/scripts/simulate-load.pyView on unpkg
dist/agents/hermes.jsView file
matchType = previous_version_dangerous_delta matchedPackage = @fazer-ai/agents@1.1.0 matchedIdentity = npm:QGZhemVyLWFpL2FnZW50cw:1.1.0 similarity = 0.875 summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/agents/hermes.jsView on unpkg

Findings

1 High4 Medium5 Low
HighPrevious Version Dangerous Deltadist/agents/hermes.js
MediumNetwork
MediumEnvironment Vars
MediumShips Build Helperdist/skills/agents-operation/scripts/simulate-load.py
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings