registry  /  @itsraeyy/agentsight-client  /  1.0.1

@itsraeyy/agentsight-client@1.0.1

Visual feedback bridge for AI coding agents

AI Security Review

scanned 2h ago · by lpm-firewall-ai

Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.

Static reason
No blocking static signals were detected.
Trigger
User runs the `agentsight` CLI.
Impact
Adds a package-controlled MCP capability to Cursor or Windsurf and edits application source.
Mechanism
Explicit project injection, MCP registration, and self-install command execution.
Rationale
The package is not malicious by the blocking threshold because no lifecycle-triggered or covert exfiltration/destructive behavior is present. Its explicit CLI nevertheless creates an IDE MCP entry that delegates execution to another package, so it warrants a warning.
Evidence
package.jsonbin/init.jsproject/app/layout.tsxproject/app/layout.jsxproject/src/app/layout.tsxproject/src/app/layout.jsxproject/src/App.tsxproject/src/App.jsxproject/src/main.tsxproject/src/main.jsxproject/.cursor/mcp.jsonproject/.windsurf/mcp.jsonproject/package.json

Decision evidence

public snapshot
AI called this Suspicious at 94.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `bin/init.js` runs immediately when the explicit `agentsight` CLI is invoked.
  • The CLI creates or modifies `project/.cursor/mcp.json` and `project/.windsurf/mcp.json`.
  • It registers `agentsight` to run `npx -y @itsraeyy/agentsight-mcp`, enabling a separate package.
  • It injects an AgentSight provider into detected Next.js/Vite source files and can run a package-manager install command.
Evidence against
  • `package.json` defines no preinstall, install, postinstall, or other lifecycle hook.
  • No network URL, credential harvesting, exfiltration, destructive deletion, eval, or remote code-loading primitive appears in the inspected files.
  • All project mutation occurs only after an explicit user invocation of the `agentsight` bin.
  • The MCP entry is package-aligned and idempotently avoids replacing an existing `agentsight` configuration.
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystem
Supply chain
HighEntropyStrings
Manifest
NoLicense
scanned 1 file(s), 9.09 KB of source

Source & flagged code

2 flagged · loading source
bin/init.jsView file
Published source reference
Medium
Ai Review Evidence

`bin/init.js` runs immediately when the explicit `agentsight` CLI is invoked.

bin/init.jsView on unpkg
project/.cursor/mcp.jsonView file
Published source reference
Medium
Ai Review Evidence

The CLI creates or modifies `project/.cursor/mcp.json` and `project/.windsurf/mcp.json`.

project/.cursor/mcp.jsonView on unpkg

Findings

5 Medium4 Low
MediumEnvironment Vars
MediumAi Review Evidencebin/init.js
MediumAi Review Evidenceproject/.cursor/mcp.json
MediumAi Review Evidence
MediumAi Review Evidence
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowNo License