registry  /  @jefuriiij/synthra  /  0.16.1

@jefuriiij/synthra@0.16.1

Local context engine for AI coding assistants — graph-based context, branch-aware memory, real-time human-activity awareness, deterministic Grep/Glob gating, and a live token dashboard.

AI Security Review

scanned 13d ago · by lpm-firewall-ai

No confirmed malicious attack surface. The package is a user-invoked local AI context/MCP tool that modifies Claude project configuration as its documented core function.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
User runs `syn .`, `syn scan`, `syn serve`, `syn dashboard`, or `syn remove`.
Impact
Creates local project state and Claude hook/MCP configuration; no unauthorized install-time behavior or data exfiltration confirmed.
Mechanism
documented local MCP server, file scanner, Claude hook installer, and dashboard
Rationale
Static inspection found powerful but disclosed, user-invoked Claude/MCP integration behavior and no install-time execution, secret theft, exfiltration, destructive action, or hidden payload. Scanner findings are explained by package-aligned local hooks, localhost servers, environment configuration, and a registry update check.
Evidence
package.jsonbin/synREADME.mddist/cli/index.jsdist/server/index.jsCLAUDE.md.claude/settings.local.json.claude/hooks/synthra-prime.ps1.claude/hooks/synthra-prime.sh.claude/hooks/synthra-pre-tool-use.ps1.claude/hooks/synthra-pre-tool-use.sh.claude/hooks/synthra-pre-compact.ps1.claude/hooks/synthra-pre-compact.sh.claude/hooks/synthra-stop.ps1.claude/hooks/synthra-stop.sh.claude/hooks/synthra-route.ps1.claude/hooks/synthra-route.sh.mcp.json.gitignore.synthra/CONTEXT.md.synthra/context-store.json
Network endpoints6
registry.npmjs.org/%40jefuriiij%2Fsynthra/latest127.0.0.1:<port>/mcp127.0.0.1:<port>/prime127.0.0.1:<port>/gate127.0.0.1:<port>/route127.0.0.1:<port>/log

Decision evidence

public snapshot
AI called this Clean at 88.0% confidence as Benign with medium false-positive risk.
Evidence for block
  • dist/cli/index.js default `syn .` installs Claude hooks and registers an MCP server.
  • dist/server/index.js writes a Synthra-managed policy block into project CLAUDE.md.
  • dist/cli/index.js performs an update check against npm registry when SYN_NO_UPDATE_CHECK is not set.
Evidence against
  • package.json has no install/preinstall/postinstall lifecycle hooks.
  • bin/syn only imports dist/cli/index.js and calls main on explicit CLI execution.
  • Hook and MCP writes are disclosed in README.md and scoped to .claude, .mcp.json, CLAUDE.md, .synthra, and .synthra-graph.
  • Network service binds to 127.0.0.1 and hook scripts call local /prime, /gate, /route, /log endpoints.
  • No credential harvesting, destructive payload, persistence outside documented project state, or exfiltration found.
  • Trojan-source hint appears noisy; targeted control-character search found no bidi/invisible marker matches in package entry files.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 3 file(s), 766 KB of source, external domains: 127.0.0.1, github.com, registry.npmjs.org, www.w3.org

Source & flagged code

2 flagged · loading source
dist/server/index.jsView file
3036contains invisible/control Unicode U+FEFF (zero width no-break space) const m = md.match(/^<U+FEFF>?\s*---\r?\n([\s\S]*?)\r?\n---/);
Critical
Trojan Source Unicode

Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.

dist/server/index.jsView on unpkg · L3036
64}; L65: var activeLevel = process.env.SYN_LOG_LEVEL ?? "info"; L66: function shouldLog(level) { ... L70: if (!shouldLog(level)) return; L71: const stream = level === "error" || level === "warn" ? process.stderr : process.stdout; L72: stream.write(`[syn] ${msg}${args.length ? " " + args.map(String).join(" ") : ""} L73: `); ... L165: // src/activity/git-watcher.ts L166: import { execFile } from "child_process"; L167: import { watch } from "fs"; ... L1553: const raw = await readFile4(path, "utf8"); L1554: const parsed = JSON.parse(raw);
Low
Weak Crypto

Package source references weak cryptographic algorithms.

dist/server/index.jsView on unpkg · L64

Findings

1 Critical3 Medium5 Low
CriticalTrojan Source Unicodedist/server/index.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowWeak Cryptodist/server/index.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings