registry  /  @harpua/langgraph  /  0.1.6

@harpua/langgraph@0.1.6

Idiomatic NestJS integration for LangGraph: nodes as providers, typed edge lists, checkpointers, streaming, interrupts, and OpenTelemetry tracing

AI Security Review

scanned 1h ago · by lpm-firewall-ai

Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.

Static reason
No blocking static signals were detected.
Trigger
User runs harpua-skills or opts a consuming project into a prepare script that runs it
Impact
Adds @harpua skill directories to .claude/skills and .agents/skills for agent discovery
Mechanism
agent skill symlink setup
Rationale
Source inspection shows a package-aligned NestJS/LangGraph library with a CLI for explicit first-party agent skill setup, not install-time foreign control-surface hijacking. Because it can write agent skill symlinks when invoked or opt-in scripted, downgrade to warn rather than block.
Evidence
package.jsondist/cli/harpua-skills.jsdist/checkpointer.jsdist/optional-require.jsREADME.mdskills/graph-operations/SKILL.md.claude/skills/<skill>.agents/skills/<skill>

Decision evidence

public snapshot
AI called this Suspicious at 86.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • dist/cli/harpua-skills.js links discovered @harpua skills into .claude/skills and .agents/skills
  • README.md recommends wiring harpua-skills as a prepare script in the consuming project
Evidence against
  • package.json has no npm lifecycle scripts; bin is user-invoked unless consumer opts in
  • dist/cli/harpua-skills.js validates skill names as one safe path segment and does not clobber real files
  • dist/cli/harpua-skills.js only scans node_modules/@harpua/*/skills/*/SKILL.md and creates symlinks
  • dist/checkpointer.js dynamic require is optional peer loading for LangGraph checkpoint backends
  • No credential harvesting, shell execution, destructive behavior, or package network exfiltration found
Behavioral surface
Source
CryptoDynamicRequireFilesystem
Supply chainNo supply-chain packaging signals triggered.
ManifestNo manifest risk signals triggered.
scanned 29 file(s), 120 KB of source

Source & flagged code

1 flagged · loading source
dist/checkpointer.jsView file
10exports.buildCheckpointer = buildCheckpointer; L11: const common_1 = require("@nestjs/common"); L12: const langgraph_1 = require("@langchain/langgraph");
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/checkpointer.jsView on unpkg · L10

Findings

1 Medium2 Low
MediumDynamic Requiredist/checkpointer.js
LowScripts Present
LowFilesystem