registry  /  @h1veframework/cli  /  0.5.0

@h1veframework/cli@0.5.0

CLI `nf` do H1VE Flow: opera o fluxo da feature (status/move/blocker/spec/done/health/start) da própria branch, via PAT.

AI Security Review

scanned 13d ago · by lpm-firewall-ai

No confirmed malicious attack surface. The risky primitives are documented CLI features for H1VE workflow, local env management, OAuth-style login, and deployment secret application.

Static reason
One or more suspicious static signals were detected.
Trigger
User runs nf commands such as login, connect, serve, start, done, status, or move.
Impact
Can modify local .env.local, ~/.config/h1ve/credentials.json, git branches, H1VE records, and user-selected deploy provider env vars when explicitly invoked.
Mechanism
Documented CLI network API calls, local credential/env writes, git commands, and loopback paired agent.
Rationale
Static source inspection shows potentially powerful capabilities, but they are user-invoked, documented, scoped to H1VE/deploy workflows, and protected by loopback/origin/pairing checks where a local agent is used. There is no install-time/import-time execution, hidden harvesting, or unsolicited exfiltration path.
Evidence
package.jsonREADME.mddist/index.js~/.config/h1ve/credentials.json.env.local
Network endpoints7
app.h1ve.orgapi.vercel.comapi.netlify.comapi.fly.io/graphqlbackboard.railway.com/graphql/v2api.render.com127.0.0.1

Decision evidence

public snapshot
AI called this Clean at 86.0% confidence as Benign with low false-positive risk.
Evidence for block
  • dist/index.js exposes user-invoked nf serve that can write/remove local env vars and deploy provider env vars after pairing token auth.
  • dist/index.js sends provided deploy tokens to provider APIs in Authorization headers for Vercel/Netlify/Fly/Railway/Render operations.
Evidence against
  • package.json has no install/preinstall/postinstall lifecycle scripts; bin is nf -> dist/index.js.
  • README.md documents login, local credential storage, connect .env.local writes, and nf serve local agent behavior.
  • dist/index.js binds serve/login callback servers to 127.0.0.1 and checks Host loopback, Origin, and x-pairing-token.
  • dist/index.js only uses child_process for git branch/remote operations and opening the login URL browser.
  • Credential/env writes are user-invoked and scoped to ~/.config/h1ve/credentials.json or gitignored .env.local.
  • No obfuscation, dynamic eval, dependency loading, persistence, or unsolicited exfiltration found.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
Manifest
WildcardDependency
scanned 1 file(s), 51.2 KB of source, external domains: 127.0.0.1, api.fly.io, api.netlify.com, api.render.com, api.vercel.com, app.h1ve.org, backboard.railway.com

Source & flagged code

2 flagged · loading source
dist/index.jsView file
7// ../core/src/branch.ts L8: import { execFile } from "child_process"; L9: import { promisify } from "util";
High
Child Process

Package source references child process execution.

dist/index.jsView on unpkg · L7
1107}); L1108: process.stdout.write( L1109: `Agente H1VE ouvindo em http://127.0.0.1:${port} L1110: Origem permitida: ${origin} ... L1122: import { randomBytes as randomBytes2 } from "crypto"; L1123: import { execFile as execFile2 } from "child_process"; L1124: var LOGIN_TIMEOUT_MS = 3 * 60 * 1e3;
High
Command Output Exfiltration

Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.

dist/index.jsView on unpkg · L1107

Findings

3 High3 Medium4 Low
HighChild Processdist/index.js
HighShell
HighCommand Output Exfiltrationdist/index.js
MediumNetwork
MediumEnvironment Vars
MediumWildcard Dependency
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings