registry  /  @happyvertical/smrt-cli  /  0.39.13

@happyvertical/smrt-cli@0.39.13

Developer CLI for SMRT framework - introspection, testing, and project management

AI Security Review

scanned 2h ago · by lpm-firewall-ai

Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs `smrt docs:agents`, `smrt docs:claude`, or `smrt gnode create` with a template.
Impact
A user-selected template configuration can execute with the invoking user's Node permissions; documentation commands alter only named project-local agent paths.
Mechanism
Explicit project scaffolding, agent-context generation, and user-selected template loading.
Rationale
The package is not malicious by source evidence: it has no lifecycle execution or credential-exfiltration behavior. Downgrade to warn because explicit commands mutate an AI-agent-adjacent project control path and execute user-selected remote template configuration.
Evidence
package.jsonbin/smrt.jsdist/index.jsdist/commands-DOYdmiAx.js.agents/smrt-framework.md.claude/smrt-framework.md
Network endpoints4
github.comcodeload.github.comgitlab.combitbucket.org

Decision evidence

public snapshot
AI called this Suspicious at 86.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • `dist/commands-DOYdmiAx.js` implements `docs:agents` and `docs:claude`, explicitly writing `.agents/smrt-framework.md` or `.claude/smrt-framework.md`.
  • `dist/commands-DOYdmiAx.js` downloads a user-selected git template over HTTPS and dynamically imports its `template.config.js`/`.ts`, which executes template code during `smrt gnode create`.
  • `dist/commands-DOYdmiAx.js` runs validated base-generator commands only after the explicit `smrt gnode create` command.
Evidence against
  • `package.json` has no `preinstall`, `install`, `postinstall`, or other lifecycle hook.
  • `bin/smrt.js` only launches the packaged CLI after a user invokes the `smrt` binary.
  • No `eval`, `Function`, VM, native-module loading, credential harvesting, or outbound exfiltration path was found.
  • Network access is limited to explicit git-template downloads with HTTPS-only trusted-host redirect checks.
  • Agent-context writes are explicit CLI commands with a dry-run option, not install-time mutation.
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 6 file(s), 387 KB of source, external domains: bitbucket.org, github.com, gitlab.com

Source & flagged code

5 flagged · loading source
bin/smrt.jsView file
2L3: import { spawnSync } from 'node:child_process'; L4: import { existsSync } from 'node:fs';
High
Child Process

Package source references child process execution.

bin/smrt.jsView on unpkg · L2
dist/commands-DOYdmiAx.jsView file
matchType = previous_version_dangerous_delta matchedPackage = @happyvertical/smrt-cli@0.39.10 matchedIdentity = npm:QGhhcHB5dmVydGljYWwvc21ydC1jbGk:0.39.10 similarity = 0.667 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/commands-DOYdmiAx.jsView on unpkg
4474* Security: Command and arguments are validated to prevent injection attacks. L4475: * shell: true is NOT used to avoid command injection vulnerabilities. L4476: */
High
Shell

Package source references shell execution.

dist/commands-DOYdmiAx.jsView on unpkg · L4474
3653execSync(`git config ${configScope} merge.smrt-json.name "SMRT JSON merge driver"`, { stdio: "inherit" }); L3654: execSync(`git config ${configScope} merge.smrt-json.driver "npx smrt merge-json %O %A %B"`, { stdio: "inherit" }); L3655: changes.push(`Git merge driver configured (${options.global ? "global" : "local"})`);
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

dist/commands-DOYdmiAx.jsView on unpkg · L3653
122} L123: const { getPackageConfig } = await import("@happyvertical/smrt-config"); L124: const { DEFAULT_CLI_CONFIG } = await import("./config-BwrFRL8L.js");
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/commands-DOYdmiAx.jsView on unpkg · L122

Findings

1 Critical3 High4 Medium4 Low
CriticalPrevious Version Dangerous Deltadist/commands-DOYdmiAx.js
HighChild Processbin/smrt.js
HighShelldist/commands-DOYdmiAx.js
HighRuntime Package Installdist/commands-DOYdmiAx.js
MediumDynamic Requiredist/commands-DOYdmiAx.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings