registry  /  @griddo/cx  /  11.16.0-rc.1

@griddo/cx@11.16.0-rc.1

Griddo SSG based on Gatsby

AI Security Review

scanned 8d ago · by lpm-firewall-ai

No confirmed malicious attack surface. The package is an SSG/render CLI that reads project render artifacts and talks to configured Griddo API endpoints during user-invoked render commands.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
User runs `griddo-render` commands or package scripts such as render/upload-search-content.
Impact
Expected rendering, cache/export directory updates, and Griddo API synchronization; no confirmed unconsented exfiltration or persistence.
Mechanism
Fixed CLI orchestration, local file operations, and env-configured API calls.
Rationale
Source inspection shows risky-looking primitives are package-aligned: bundled/minified command files come from local TypeScript sources, network calls use configured Griddo API endpoints, and child processes execute fixed render/build commands. I found no concrete malicious behavior such as install-time harvesting, hidden exfiltration, persistence, destructive unrelated actions, or AI-agent control-surface mutation.
Evidence
package.jsoncli.mjsexporter/build.shgatsby-config.tsexporter/shared/endpoints.tsexporter/services/auth.tsexporter/services/api.tsexporter/commands/prepare-assets-directory.tsexporter/commands/upload-search-content.tsexporter/commands/prepare-domains-render.ts.griddo/cache/db.jsonexports/sitesexports-backup/sitesapiCachebuild/commands/*
Network endpoints4
${GRIDDO_API_URL}/login_check${GRIDDO_API_URL}/search${GRIDDO_API_URL}/ai/embeddings${GRIDDO_PUBLIC_API_URL}/alert

Decision evidence

public snapshot
AI called this Clean at 88.0% confidence as Benign with low false-positive risk.
Evidence for block
  • package.json has prepare script `yarn run build`, but it only invokes local esbuild/tsgo via exporter/build.sh.
  • cli.mjs exposes user-invoked `griddo-render` bin and runs fixed scripts from build/commands with node.
  • exporter/services/auth.ts posts GRIDDO_BOT_USER/PASSWORD to LOGIN derived from GRIDDO_API_URL.
  • exporter/commands/upload-search-content.ts can read rendered HTML/page-data and post search content to SEARCH/AI_EMBEDDINGS when feature envs are enabled.
Evidence against
  • No install-time postinstall/preinstall code found; prepare is a build step, not credential/file harvesting logic.
  • Network destinations in exporter/shared/endpoints.ts are env-configured Griddo API URLs, aligned with SSG/render product behavior.
  • build/commands/prepare-assets-directory.js is bundled/minified with undici, but source exporter/commands/prepare-assets-directory.ts only renames assets directories.
  • No evidence of AI-agent control writes, persistence, arbitrary remote payload download, npm token/SSH harvesting, or hidden exfil endpoint.
  • Dynamic require/import in gatsby-config.ts and load-config.ts loads local user Griddo/Gatsby config as expected for an SSG tool.
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsMinifiedObfuscatedUrlStrings
Manifest
NoLicense
scanned 117 file(s), 5.01 MB of source, external domains: api.indexnow.org, fetch.spec.whatwg.org, github.com, griddo.io, jimmy.warting.se, mimesniff.spec.whatwg.org, webidl.spec.whatwg.org, www.googletagmanager.com, www.ietf.org, www.sitemaps.org, www.w3.org

Source & flagged code

3 flagged · loading source
gatsby-config.tsView file
22// Gatsby configuration file from client L23: const { plugins, ...gatsbyConfig } = require(resolveComponentsPath("builder.config.js")); L24:
Medium
Dynamic Require

Package source references dynamic require/import behavior.

gatsby-config.tsView on unpkg · L22
build/commands/prepare-assets-directory.jsView file
126) L127: `)}close(){this.#t.close()}get(A){Lc(A);let t=this.#E(A);return t?{body:t.body?Buffer.from(t.body.buffer,t.body.byteOffset,t.body.byteLength):void 0,statusCode:t.statusCode,statusM... L128: ${n}`;break;case"retry":ty(n)&&(t[s]=n);break;case"id":ry(n)&&(t[s]=n);break;case"event":n.length>0&&(t[s]=n);break}}processEvent(A){A.retry&&ty(A.retry)&&(this.state.reconnectionT... ... L130: `);e.stack=t?`${t} L131: ${n}`:s.stack}p.exports.fetch=function(A,t=void 0){return MH(A,t).catch(r=>{throw Iy?uy(r,Iy):r&&typeof r=="object"&&Error.captureStackTrace(r,p.exports.fetch),r})};p.exports.Heade... L132: `);throw v.log(`
Critical
Builtin Api Tampering Exfiltration

Source mutates builtin networking, serialization, module-loading, or filesystem APIs while forwarding data to an external endpoint.

build/commands/prepare-assets-directory.jsView on unpkg · L126
exporter/build.shView file
path = exporter/build.sh kind = build_helper sizeBytes = 1802 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

exporter/build.shView on unpkg

Findings

1 Critical1 High5 Medium6 Low
CriticalBuiltin Api Tampering Exfiltrationbuild/commands/prepare-assets-directory.js
HighObfuscated
MediumDynamic Requiregatsby-config.ts
MediumNetwork
MediumEnvironment Vars
MediumShips Build Helperexporter/build.sh
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License