registry  /  @jefuriiij/synthra  /  0.14.0

@jefuriiij/synthra@0.14.0

Local context engine for AI coding assistants — graph-based context, branch-aware memory, real-time human-activity awareness, deterministic Grep/Glob gating, and a live token dashboard.

AI Security Review

scanned 13d ago · by lpm-firewall-ai

No confirmed malicious attack surface. The package is an AI coding assistant context tool that, when explicitly run, installs local Claude hooks, starts localhost services, and records project context/logs.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
User runs syn . or related CLI commands
Impact
Local project files and Claude settings may be modified as documented; no unconsented install-time execution or external exfiltration confirmed.
Mechanism
user-invoked local context server and Claude Code hook integration
Rationale
Static inspection shows powerful AI-agent integration, but it is activated by documented CLI commands and uses localhost endpoints plus explicit Claude hook/MCP registration. No lifecycle execution, hidden payload, credential theft, destructive behavior, or external exfiltration was confirmed.
Evidence
package.jsonbin/syndist/cli/index.jsdist/server/index.jsREADME.md.claude/settings.local.json.claude/hooks/synthra-prime.{ps1,sh}.claude/hooks/synthra-pre-tool-use.{ps1,sh}.claude/hooks/synthra-pre-compact.{ps1,sh}.claude/hooks/synthra-stop.{ps1,sh}.synthra-graph/CLAUDE.md.gitignore.mcp.json~/.synthra/last-seen-version.json
Network endpoints6
127.0.0.1:<port>/prime127.0.0.1:<port>/gate127.0.0.1:<port>/log127.0.0.1:<port>/context-update127.0.0.1:<port>/mcpregistry.npmjs.org/@jefuriiij%2Fsynthra/latest

Decision evidence

public snapshot
AI called this Clean at 88.0% confidence as Benign with medium false-positive risk.
Evidence for block
  • dist/cli/index.js writes Claude Code hooks/settings and CLAUDE.md policy during user-invoked syn .
  • dist/cli/index.js can fetch https://registry.npmjs.org/@jefuriiij%2Fsynthra/latest and optionally spawn npm install -g after TTY confirmation
  • dist/cli/index.js registers a localhost MCP server with claude mcp add --scope project
Evidence against
  • package.json has no install/preinstall/postinstall/prepare lifecycle hooks
  • bin/syn only imports dist/cli/index.js and runs main on CLI invocation
  • Hook scripts call only 127.0.0.1:$PORT Synthra endpoints for prime/gate/log/context-update
  • Self-update path prompts in TTY and only logs instructions in non-TTY; SYN_NO_UPDATE_CHECK disables fetch
  • Unicode scanner hit is a leading BOM-tolerant regex in parseFrontmatter, not bidi control-flow obfuscation
  • No credential harvesting or external exfiltration found in inspected entrypoints
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 3 file(s), 723 KB of source, external domains: 127.0.0.1, github.com, registry.npmjs.org, www.w3.org

Source & flagged code

2 flagged · loading source
dist/server/index.jsView file
64}; L65: var activeLevel = process.env.SYN_LOG_LEVEL ?? "info"; L66: function shouldLog(level) { ... L70: if (!shouldLog(level)) return; L71: const stream = level === "error" || level === "warn" ? process.stderr : process.stdout; L72: stream.write(`[syn] ${msg}${args.length ? " " + args.map(String).join(" ") : ""} L73: `); ... L165: // src/activity/git-watcher.ts L166: import { execFile } from "child_process"; L167: import { watch } from "fs"; ... L1553: const raw = await readFile4(path, "utf8"); L1554: const parsed = JSON.parse(raw);
Low
Weak Crypto

Package source references weak cryptographic algorithms.

dist/server/index.jsView on unpkg · L64
dist/cli/index.jsView file
196contains invisible/control Unicode U+FEFF (zero width no-break space) const m = md.match(/^<U+FEFF>?\s*---\r?\n([\s\S]*?)\r?\n---/);
Critical
Trojan Source Unicode

Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.

dist/cli/index.jsView on unpkg · L196

Findings

1 Critical3 Medium5 Low
CriticalTrojan Source Unicodedist/cli/index.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowWeak Cryptodist/server/index.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings