registry  /  @garyr/pt-cli  /  0.41.0

@garyr/pt-cli@0.41.0

Project Template CLI - Learn structures and initialize projects

AI Security Review

scanned 3h ago · by lpm-firewall-ai

A user-invoked template initialization can execute template-provided shell commands. A remote or imported template may also receive values read from nearby `.env` files and run its post-config tasks.

Static reason
No blocking static signals were detected.
Trigger
User or automation runs `pt init` on a template, especially with `--yes`; remote template ingestion requires confirmation or `--allow-untrusted`.
Impact
Arbitrary command execution in the chosen destination; malicious templates could misuse locally sourced variable values.
Mechanism
Template-controlled shell-script generation and `execSync` execution.
Rationale
Source inspection found no install-time behavior or concrete package-owned malicious payload. However, its explicit template workflow provides a real arbitrary-command execution path with limited safeguards and automatic local `.env` variable ingestion.
Evidence
package.jsonsrc/commands/initCommand.tssrc/remote.tssrc/safety.tssrc/postconfig.ts~/.pt/config.yaml~/.pt/security-audit.log<destination>/post_config.sh<destination>/post_config.bat<destination-and-up-to-five-parents>/.env
Network endpoints2
github.comgitea.lyonritchie.com

Decision evidence

public snapshot
AI called this Suspicious at 91.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `src/commands/initCommand.ts` generates and executes template-controlled `post_config.sh`/`.bat` via `execSync`.
  • `--yes` selects all post-config tasks and bypasses the interactive confirmation for warned commands.
  • `src/commands/initCommand.ts` reads `.env` files from up to five parent directories for template variables.
  • `src/remote.ts` downloads and extracts remote templates; untrusted sources can proceed after confirmation or `--allow-untrusted`.
  • `src/safety.ts` only blocks a limited command list; other shell commands remain executable after warning.
Evidence against
  • `package.json` has no `preinstall`, `install`, or `postinstall` hook; only `prepublishOnly` builds TypeScript.
  • Execution requires explicit `pt init` use with a supplied or previously learned template.
  • The package warns on dangerous commands, blocks selected destructive commands, applies timeouts, and logs execution.
  • No source evidence of package-owned credential exfiltration, stealth persistence, or AI-agent control-surface mutation.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 51 file(s), 456 KB of source, external domains: evil.com, example.com, gitea.example.com, github.com

Source & flagged code

2 flagged · loading source
dist/safety.jsView file
36'chmod -R', 'chown -R', 'chgrp -R', L37: // PowerShell (Windows) L38: 'powershell', 'pwsh', 'Invoke-Expression', 'IEX', ... L235: // Skip flags L236: if (arg.startsWith('-') || (process.platform === 'win32' && arg.startsWith('/'))) { L237: continue; ... L262: }); L263: return { success: true, stdout: output }; L264: } ... L283: template: templateName, L284: user: os.userInfo().username, L285: result,
Low
Weak Crypto

Package source references weak cryptographic algorithms.

dist/safety.jsView on unpkg · L36
tests/safety.test.tsView file
7// Force a temporary home directory for testing L8: const testHome = path.join(process.cwd(), '.test-home-safety'); L9: process.env.HOME = testHome; L10: ... L115: test('isDangerousCommand: warns on remote downloads', () => { L116: assert.strictEqual(isDangerousCommand('curl https://example.com'), true); L117: assert.strictEqual(isDangerousCommand('wget https://example.com/file'), true); ... L133: assert.strictEqual(isDangerousCommand('exec bash'), true); L134: assert.strictEqual(isDangerousCommand('source ~/.bashrc'), true); L135: }); ... L142: L143: test('isDangerousCommand: warns on PowerShell dangerous commands', () => {
Medium
Install Persistence

Source writes installer persistence such as shell profile or service configuration.

tests/safety.test.tsView on unpkg · L7

Findings

3 Medium6 Low
MediumNetwork
MediumEnvironment Vars
MediumInstall Persistencetests/safety.test.ts
LowNon Install Lifecycle Scripts
LowScripts Present
LowWeak Cryptodist/safety.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings