registry  /  @happyvertical/sql  /  0.80.1

@happyvertical/sql@0.80.1

Database interface with support for SQLite, PostgreSQL, and DuckDB

AI Security Review

scanned 3h ago · by lpm-firewall-ai

Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.

Static reason
No blocking static signals were detected.
Trigger
Explicit invocation of `have-sql-context` or database/backup APIs
Impact
Local AI-agent configuration mutation only after an explicit command; database operations affect caller-selected resources.
Mechanism
User-invoked AI-agent context setup plus database backup/restore helpers
Rationale
This is an explicit user-command AI-agent configuration mutation, which warrants a warn verdict under the stated policy. No concrete malicious chain or install-time hijack is present.
Evidence
package.jsonAGENT.mdmetadata.jsondist/cli/claude-context.jsdist/chunks/postgres-cli-DzZcXSIG.jsdist/backup/index.jsdist/index.js

Decision evidence

public snapshot
AI called this Suspicious at 94.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `dist/cli/claude-context.js` explicitly creates `./.claude` and copies package context files when `have-sql-context` is run.
Evidence against
  • `package.json` contains no `preinstall`, `install`, or `postinstall` hook.
  • The CLI only copies package-owned `AGENT.md` and `metadata.json` to fixed local filenames.
  • `AGENT.md` and `metadata.json` contain package documentation/metadata, not prompt injection.
  • No HTTP client, remote payload loader, credential harvesting, or exfiltration path was found in shipped JavaScript.
  • Database subprocess and filesystem operations are exposed through explicit backup/database APIs with safety guards.
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemShell
Supply chain
HighEntropyStringsProtestware
ManifestNo manifest risk signals triggered.
scanned 10 file(s), 258 KB of source

Source & flagged code

1 flagged · loading source
dist/cli/claude-context.jsView file
Published source reference
Medium
Ai Review Evidence

`dist/cli/claude-context.js` explicitly creates `./.claude` and copies package context files when `have-sql-context` is run.

dist/cli/claude-context.jsView on unpkg

Findings

3 Medium3 Low
MediumEnvironment Vars
MediumProtestware
MediumAi Review Evidencedist/cli/claude-context.js
LowScripts Present
LowFilesystem
LowHigh Entropy Strings