AI Security Review
scanned 7d ago · by lpm-firewall-aiNo confirmed malicious attack surface was found. Risky primitives are developer CLI features activated by explicit commands, not install-time or import-time behavior.
Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
Explicit smrt CLI command invocation
Impact
Creates or updates project files and may run configured package-manager/dev commands only for requested workflows
Mechanism
user-invoked project scaffolding, docs generation, template loading, and dev/test helpers
Rationale
Static inspection shows a broad developer CLI with dynamic imports, file writes, child processes, and network template downloads, but all are aligned with documented commands and require explicit user invocation. There is no lifecycle execution, hidden exfiltration, persistence, destructive install behavior, or unconsented AI-agent control-surface mutation.
Evidence
package.jsonbin/smrt.jsdist/index.jsdist/index-CZTaF6ei.jsAGENTS.mdCLAUDE.mdscripts/verify-package-types-exports.js.agents/smrt-framework.md.claude/smrt-framework.md.smrt/register.jssmrt.config.tssrc/lib/server/smrt.tssrc/lib/objects/index.tssrc/lib/objects/Example.ts.env.example.gitignore.gitattributesvite.config.tsvite.config.js
Network endpoints3
github.com/{user}/{repo}/archive/{ref}.tar.gzgitlab.com/{user}/{repo}/-/archive/{ref}/{repo}-{ref}.tar.gzbitbucket.org/{user}/{repo}/get/{ref}.tar.gz
Decision evidence
public snapshotAI called this Clean at 90.0% confidence as Benign with low false-positive risk.
Evidence for block
- dist/index-CZTaF6ei.js imports child_process, https, fs write APIs and can spawn package managers for user-invoked generators/dev commands.
- dist/index-CZTaF6ei.js can download user-specified git templates from GitHub/GitLab/Bitbucket and import template.config files.
- docs:agents/docs:claude can write agent documentation files under .agents or .claude when explicitly run.
Evidence against
- package.json has no install/preinstall/postinstall lifecycle scripts.
- bin/smrt.js only re-spawns node on dist/index.js or source fallback with forwarded CLI args.
- dist/index.js lazy-loads command bundle and imports project/.smrt modules only during CLI operations for SMRT object discovery.
- Network access is limited to user-requested template tarball downloads with HTTPS and trusted-host redirect checks.
- Secret-related code redacts DB URLs and config export filters secrets unless --include-secrets is explicitly supplied.
- AGENTS.md and CLAUDE.md contain package documentation, not reviewer/prompt manipulation.
Behavioral surface
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsUrlStrings
Source & flagged code
4 flagged · loading sourcebin/smrt.jsView file
2L3: import { spawnSync } from 'node:child_process';
L4: import { existsSync } from 'node:fs';
High
dist/index-CZTaF6ei.jsView file
•matchType = previous_version_dangerous_delta
matchedPackage = @happyvertical/smrt-cli@0.37.3
matchedIdentity = npm:QGhhcHB5dmVydGljYWwvc21ydC1jbGk:0.37.3
similarity = 0.500
summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta
This package version adds a dangerous source file absent from the previous stored version.
dist/index-CZTaF6ei.jsView on unpkg4303try {
L4304: execSync(
L4305: `git config ${configScope} merge.smrt-json.name "SMRT JSON merge driver"`,
...
L4308: execSync(
L4309: `git config ${configScope} merge.smrt-json.driver "npx smrt merge-json %O %A %B"`,
L4310: { stdio: "inherit" }
High
Runtime Package Install
Package source invokes a package manager install command at runtime.
dist/index-CZTaF6ei.jsView on unpkg · L4303124}
L125: const { getPackageConfig } = await import("@happyvertical/smrt-config");
L126: const { DEFAULT_CLI_CONFIG } = await import("./config-C8pQD-tk.js");
Medium
Dynamic Require
Package source references dynamic require/import behavior.
dist/index-CZTaF6ei.jsView on unpkg · L124Findings
1 Critical3 High4 Medium4 Low
CriticalPrevious Version Dangerous Deltadist/index-CZTaF6ei.js
HighChild Processbin/smrt.js
HighShell
HighRuntime Package Installdist/index-CZTaF6ei.js
MediumDynamic Requiredist/index-CZTaF6ei.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings