registry  /  @jefuriiij/synthra  /  0.16.0

@jefuriiij/synthra@0.16.0

Local context engine for AI coding assistants — graph-based context, branch-aware memory, real-time human-activity awareness, deterministic Grep/Glob gating, and a live token dashboard.

AI Security Review

scanned 13d ago · by lpm-firewall-ai

No confirmed malicious attack surface. The package is a user-invoked local AI context/MCP tool that modifies project Claude settings and runs localhost services as documented.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
User runs bin command such as syn .
Impact
Project-local context files and Claude hook configuration are created or updated; no credential harvesting or exfiltration found.
Mechanism
documented local MCP server, dashboard, project graph files, and Claude hook installation
Rationale
Static inspection found high-privilege AI-agent integration behavior, but it is explicit, documented, user-invoked, and scoped to local project/MCP functionality. No install-time execution, credential collection, destructive behavior, persistence beyond configured project hooks, or remote exfiltration endpoint was found.
Evidence
package.jsonbin/syndist/cli/index.jsdist/server/index.jsREADME.md.synthra/.synthra-graph/.claude/settings.local.json.claude/hooks/synthra-*CLAUDE.md.gitignore.mcp.json~/.synthra/projects.json~/.synthra/last-seen-version.json
Network endpoints6
registry.npmjs.org/@jefuriiij%2Fsynthra/latest127.0.0.1:<port>/mcp127.0.0.1:<port>/gate127.0.0.1:<port>/prime127.0.0.1:<port>/route127.0.0.1:<port>/log

Decision evidence

public snapshot
AI called this Clean at 86.0% confidence as Benign with medium false-positive risk.
Evidence for block
  • dist/cli/index.js installs Claude Code hooks and edits .claude/settings.local.json when user runs syn .
  • dist/cli/index.js contacts https://registry.npmjs.org/@jefuriiij%2Fsynthra/latest for update checks unless SYN_NO_UPDATE_CHECK=1
  • dist/cli/index.js can spawn npm install -g @jefuriiij/synthra@latest only after interactive confirmation
Evidence against
  • package.json has no install/preinstall/postinstall lifecycle scripts
  • bin/syn only imports dist/cli/index.js and runs main on CLI invocation, not package import
  • Hook and MCP writes are documented in README.md and tied to explicit syn . setup/remove flows
  • Local servers bind to 127.0.0.1 and hooks call local /gate, /prime, /route, /log endpoints
  • Secrets in MCP configs are intentionally redacted in dashboard arsenal scanning
  • Trojan-source hint is a BOM-tolerant regex in parseFrontmatter, not hidden control-flow code
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 3 file(s), 758 KB of source, external domains: 127.0.0.1, github.com, registry.npmjs.org, www.w3.org

Source & flagged code

2 flagged · loading source
dist/server/index.jsView file
3036contains invisible/control Unicode U+FEFF (zero width no-break space) const m = md.match(/^<U+FEFF>?\s*---\r?\n([\s\S]*?)\r?\n---/);
Critical
Trojan Source Unicode

Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.

dist/server/index.jsView on unpkg · L3036
64}; L65: var activeLevel = process.env.SYN_LOG_LEVEL ?? "info"; L66: function shouldLog(level) { ... L70: if (!shouldLog(level)) return; L71: const stream = level === "error" || level === "warn" ? process.stderr : process.stdout; L72: stream.write(`[syn] ${msg}${args.length ? " " + args.map(String).join(" ") : ""} L73: `); ... L165: // src/activity/git-watcher.ts L166: import { execFile } from "child_process"; L167: import { watch } from "fs"; ... L1553: const raw = await readFile4(path, "utf8"); L1554: const parsed = JSON.parse(raw);
Low
Weak Crypto

Package source references weak cryptographic algorithms.

dist/server/index.jsView on unpkg · L64

Findings

1 Critical3 Medium5 Low
CriticalTrojan Source Unicodedist/server/index.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowWeak Cryptodist/server/index.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings