registry  /  @happyvertical/github-actions  /  0.80.1

@happyvertical/github-actions@0.80.1

Reusable GitHub Actions utilities for issue triage, PR validation, and workflow automation

AI Security Review

scanned 3h ago · by lpm-firewall-ai

Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.

Static reason
No blocking static signals were detected.
Trigger
User runs `have-github-actions-context`.
Impact
Adds package-provided instructions and metadata to a local Claude control surface.
Mechanism
Explicit AI-agent context-file installation.
Rationale
This is not malicious because the mutation is explicit and package-owned, with no lifecycle execution or concrete harmful chain. It should be warned because it modifies an AI-agent control surface in the current project.
Evidence
package.jsondist/cli/claude-context.jsAGENT.mdmetadata.jsondist/cli.jsdist/src-CezXcNYi.js.claude/have-github-actions.md.claude/have-github-actions.meta.json

Decision evidence

public snapshot
AI called this Suspicious at 93.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `dist/cli/claude-context.js` explicitly creates `.claude/` and copies package context files there.
  • The agent-context mutation is exposed as the user-invoked `have-github-actions-context` bin in `package.json`.
Evidence against
  • `package.json` has no `preinstall`, `install`, or `postinstall` lifecycle hook.
  • The context installer only copies bundled `AGENT.md` and `metadata.json`; no remote fetch or shell execution appears there.
  • `AGENT.md` contains package build/test guidance, not credential-harvesting or control-bypass instructions.
  • Network calls in `dist/src-CezXcNYi.js` are explicit GitHub/AI triage operations using supplied environment credentials.
  • No `eval`, dynamic import, child-process execution, native loading, or destructive filesystem behavior was found.
Behavioral surface
Source
EnvironmentVarsFilesystemNetwork
Supply chain
HighEntropyStringsMinifiedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 4 file(s), 52.9 KB of source, external domains: api.anthropic.com, api.github.com, api.openai.com, models.inference.ai.azure.com

Source & flagged code

2 flagged · loading source
dist/cli/claude-context.jsView file
Published source reference
Medium
Ai Review Evidence

`dist/cli/claude-context.js` explicitly creates `.claude/` and copies package context files there.

dist/cli/claude-context.jsView on unpkg
package.jsonView file
Published source reference
Medium
Ai Review Evidence

The agent-context mutation is exposed as the user-invoked `have-github-actions-context` bin in `package.json`.

package.jsonView on unpkg

Findings

4 Medium4 Low
MediumNetwork
MediumEnvironment Vars
MediumAi Review Evidencedist/cli/claude-context.js
MediumAi Review Evidencepackage.json
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings