registry  /  @glubean/cli  /  0.10.4

@glubean/cli@0.10.4

The Glubean command-line tool. Run tests, sync results to Cloud, scaffold projects, manage environments.

AI Security Review

scanned 2h ago · by lpm-firewall-ai

Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs `glubean config mcp` without `--remove`.
Impact
Can add a Glubean MCP server to user-level AI-tool configuration through a user-requested command.
Mechanism
Explicit AI-tool MCP extension installation via `npx add-mcp`.
Rationale
Source inspection supports a warning for explicit user-command AI-agent extension setup, not a malicious block. Static hints about dynamic require, child processes, network, and dependency installation correspond to package-local version loading, CLI workflows, update checks, and explicit commands.
Evidence
package.jsonbin/gb.jsdist/main.jsdist/commands/config_mcp.jsdist/commands/init.jsdist/commands/upgrade.jsdist/update_check.js~/.glubean/update-check.json~/.codex/config.toml.cursor/mcp.json~/.codeium/windsurf/mcp_config.json
Network endpoints1
registry.npmjs.org/@glubean/cli/latest

Decision evidence

public snapshot
AI called this Suspicious at 90.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `dist/commands/config_mcp.js` explicitly runs `npx add-mcp` with `@glubean/mcp@latest`.
  • `config mcp --remove` can edit `~/.codex/config.toml`, `.cursor/mcp.json`, and Windsurf MCP config.
  • `dist/commands/upgrade.js` runs a global npm install, but only through the explicit `glubean upgrade` command.
Evidence against
  • `package.json` has no preinstall, install, postinstall, or other lifecycle hook.
  • `bin/gb.js` only imports the CLI entrypoint; risky actions are registered as user-invoked commands.
  • `dist/main.js` invokes MCP configuration only from `glubean config mcp`; `init` merely prints MCP setup guidance.
  • `dist/update_check.js` contacts only `registry.npmjs.org` for a version check and caches it under `~/.glubean`.
  • Dynamic imports in reviewed files resolve package-local modules or declared package dependencies; no remote payload loader was found.
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
Manifest
NoLicense
scanned 41 file(s), 592 KB of source, external domains: api.example.com, api.glubean.com, dummyjson.com, github.com, glubean.com, platform.glubean.com, registry.npmjs.org

Source & flagged code

7 flagged · loading source
dist/commands/init.jsView file
871patternName = generic_password severity = medium line = 871 matchedText = body: { ..." },
Medium
Secret Pattern

Package contains a possible secret pattern.

dist/commands/init.jsView on unpkg · L871
876patternName = generic_password severity = medium line = 876 matchedText = body: { ..." },
Medium
Secret Pattern

Hardcoded password in dist/commands/init.js

dist/commands/init.jsView on unpkg · L876
dist/lib/git.jsView file
3*/ L4: import { execFile } from "node:child_process"; L5: import { resolve, relative } from "node:path";
High
Child Process

Package source references child process execution.

dist/lib/git.jsView on unpkg · L3
dist/version.jsView file
4const __dirname = dirname(fileURLToPath(import.meta.url)); L5: const require = createRequire(import.meta.url); L6: const pkg = require(resolve(__dirname, "../package.json"));
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/version.jsView on unpkg · L4
dist/commands/config_mcp.jsView file
34package = @glubean/cli; repositoryIdentity = glubean; dependency = @inquirer/prompts L34: async function promptTarget() { L35: const { select } = await import("@inquirer/prompts"); L36: return await select({
High
Copied Package Dependency Bridge

Package metadata claims a different repository identity while copied source loads a runtime dependency bridge.

dist/commands/config_mcp.jsView on unpkg · L34
dist/commands/upgrade.jsView file
43try { L44: execSync("npm install -g glubean@latest", { stdio: "inherit" }); L45: }
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

dist/commands/upgrade.jsView on unpkg · L43
dist/commands/load.jsView file
matchType = previous_version_dangerous_delta matchedPackage = @glubean/cli@0.9.5 matchedIdentity = npm:QGdsdWJlYW4vY2xp:0.9.5 similarity = 0.769 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/commands/load.jsView on unpkg

Findings

1 Critical4 High6 Medium5 Low
CriticalPrevious Version Dangerous Deltadist/commands/load.js
HighChild Processdist/lib/git.js
HighShell
HighCopied Package Dependency Bridgedist/commands/config_mcp.js
HighRuntime Package Installdist/commands/upgrade.js
MediumSecret Patterndist/commands/init.js
MediumDynamic Requiredist/version.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
MediumSecret Patterndist/commands/init.js
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License