registry  /  @hechura/noreaster-cli  /  0.2.1

@hechura/noreaster-cli@0.2.1

CLI for Hechura Noreaster agent API access

AI Security Review

scanned 2h ago · by lpm-firewall-ai

Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.

Static reason
No blocking static signals were detected.
Trigger
User runs `noreaster skill install` or another CLI subcommand with `HECHURA_AGENT_TOKEN` configured.
Impact
Writes a package-supplied instruction file into AI-agent skill locations; invoked commands may administer remote Noreaster resources within the supplied token's scope.
Mechanism
Explicit agent-skill installation and bearer-authenticated API client.
Rationale
Source inspection found no covert execution, credential harvesting, or unconsented lifecycle mutation. The explicit AI-agent configuration write and privileged administrative capability remain material security-relevant behavior.
Evidence
package.jsondist/index.jsdist/http.jsdist/commands/skill.jsdist/commands/admin.jsskills/hechura-manager-noreaster/SKILL.md~/.claude/skills/hechura-manager-noreaster/SKILL.md~/.cursor/skills/hechura-manager-noreaster/SKILL.md
Network endpoints1
noreaster.vercel.app

Decision evidence

public snapshot
AI called this Suspicious at 90.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `dist/commands/skill.js` exposes explicit `skill install` that copies a packaged prompt skill into Claude and Cursor user skill directories.
  • `dist/commands/admin.js` provides authenticated admin-agent and token lifecycle commands, including create/delete agents and issue/revoke tokens.
  • `dist/http.js` sends the configured bearer token to its API endpoint for invoked CLI commands.
Evidence against
  • `package.json` has no preinstall, install, or postinstall lifecycle hooks.
  • `dist/index.js` only registers Commander commands; it has no install-time mutation or automatic network request.
  • `dist/http.js` uses a single configured/default API host and does not harvest files or enumerate environment variables beyond its required token.
  • No child-process execution, eval/vm use, dynamic code loading, persistence, or covert exfiltration was found in `dist`.
  • The agent-skill write occurs only after the user explicitly runs `noreaster skill install`.
Behavioral surface
Source
EnvironmentVarsFilesystemNetwork
Supply chain
HighEntropyStringsUrlStrings
Manifest
NoLicense
scanned 19 file(s), 50.8 KB of source, external domains: noreaster.vercel.app

Source & flagged code

3 flagged · loading source
dist/commands/skill.jsView file
Published source reference
Medium
Ai Review Evidence

`dist/commands/skill.js` exposes explicit `skill install` that copies a packaged prompt skill into Claude and Cursor user skill directories.

dist/commands/skill.jsView on unpkg
dist/commands/admin.jsView file
Published source reference
Medium
Suspicious Lifecycle Evidence

`dist/commands/admin.js` provides authenticated admin-agent and token lifecycle commands, including create/delete agents and issue/revoke tokens.

dist/commands/admin.jsView on unpkg
dist/http.jsView file
Published source reference
Medium
Ai Review Evidence

`dist/http.js` sends the configured bearer token to its API endpoint for invoked CLI commands.

dist/http.jsView on unpkg

Findings

5 Medium5 Low
MediumNetwork
MediumEnvironment Vars
MediumAi Review Evidencedist/commands/skill.js
MediumSuspicious Lifecycle Evidencedist/commands/admin.js
MediumAi Review Evidencedist/http.js
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License