AI Security Review
scanned 15d ago · by lpm-firewall-aiThe only agent-control mutation is an explicit bin command that installs package-owned context into .claude. It is not triggered at npm install or import time, and no exfiltration or remote code loading was found.
Static reason
No blocking static signals were detected.
Trigger
User runs have-sql-context
Impact
Adds first-party SQL package context files for AI-agent use; no confirmed malicious behavior.
Mechanism
explicit CLI copies package context files into .claude
Rationale
Warn because the package includes an explicit CLI that mutates .claude agent context, but do not block because it is not install-time, broad/foreign, stealthy, or tied to exfiltration. The remaining shell/network/file primitives are consistent with a SQL/backup library and require caller invocation.
Evidence
package.jsondist/cli/claude-context.jsdist/index.jsdist/chunks/postgres-cli-Cr6bBZ3q.jsdist/backup/index.jsdist/chunks/index-CzdYvRFp.js.claude/have-sql.md.claude/have-sql.meta.jsonAGENT.mdmetadata.json
Decision evidence
public snapshotAI called this Suspicious at 90.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for block
- dist/cli/claude-context.js bin creates .claude under process.cwd().
- dist/cli/claude-context.js copies AGENT.md and metadata.json to .claude/have-sql.* files.
Evidence against
- package.json has no preinstall/install/postinstall lifecycle scripts.
- Main export dist/index.js is database library exports only; no install-time execution.
- dist/chunks/postgres-cli-Cr6bBZ3q.js spawns pg_dump/pg_restore/createdb/dropdb only from exported user-invoked helpers.
- dist/backup/index.js writes backup manifests and shells out to git/pg tools in explicit backup APIs.
- No credential exfiltration or hardcoded remote payload endpoint found.
Behavioral surface
ChildProcessDynamicRequireEnvironmentVarsFilesystemShell
HighEntropyStrings
Source & flagged code
1 flagged · loading sourcedist/chunks/index-CzdYvRFp.jsView file
773const duckdbModule = "@duckdb/node-api";
L774: const { DuckDBInstance } = await import(
L775: /* @vite-ignore */
Medium
Dynamic Require
Package source references dynamic require/import behavior.
dist/chunks/index-CzdYvRFp.jsView on unpkg · L773Findings
2 Medium3 Low
MediumDynamic Requiredist/chunks/index-CzdYvRFp.js
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowHigh Entropy Strings