AI Security Review
scanned 13d ago · by lpm-firewall-aiNo confirmed malicious attack surface. The package is a user-invoked local AI context/MCP tool that modifies Claude project configuration as its documented core function.
Static reason
High-risk behavior combination matched malicious policy.
Trigger
User runs `syn .`, `syn scan`, `syn serve`, `syn dashboard`, or `syn remove`.
Impact
Creates local project state and Claude hook/MCP configuration; no unauthorized install-time behavior or data exfiltration confirmed.
Mechanism
documented local MCP server, file scanner, Claude hook installer, and dashboard
Rationale
Static inspection found powerful but disclosed, user-invoked Claude/MCP integration behavior and no install-time execution, secret theft, exfiltration, destructive action, or hidden payload. Scanner findings are explained by package-aligned local hooks, localhost servers, environment configuration, and a registry update check.
Evidence
package.jsonbin/synREADME.mddist/cli/index.jsdist/server/index.jsCLAUDE.md.claude/settings.local.json.claude/hooks/synthra-prime.ps1.claude/hooks/synthra-prime.sh.claude/hooks/synthra-pre-tool-use.ps1.claude/hooks/synthra-pre-tool-use.sh.claude/hooks/synthra-pre-compact.ps1.claude/hooks/synthra-pre-compact.sh.claude/hooks/synthra-stop.ps1.claude/hooks/synthra-stop.sh.claude/hooks/synthra-route.ps1.claude/hooks/synthra-route.sh.mcp.json.gitignore.synthra/CONTEXT.md.synthra/context-store.json
Network endpoints6
registry.npmjs.org/%40jefuriiij%2Fsynthra/latest127.0.0.1:<port>/mcp127.0.0.1:<port>/prime127.0.0.1:<port>/gate127.0.0.1:<port>/route127.0.0.1:<port>/log
Decision evidence
public snapshotAI called this Clean at 88.0% confidence as Benign with medium false-positive risk.
Evidence for block
- dist/cli/index.js default `syn .` installs Claude hooks and registers an MCP server.
- dist/server/index.js writes a Synthra-managed policy block into project CLAUDE.md.
- dist/cli/index.js performs an update check against npm registry when SYN_NO_UPDATE_CHECK is not set.
Evidence against
- package.json has no install/preinstall/postinstall lifecycle hooks.
- bin/syn only imports dist/cli/index.js and calls main on explicit CLI execution.
- Hook and MCP writes are disclosed in README.md and scoped to .claude, .mcp.json, CLAUDE.md, .synthra, and .synthra-graph.
- Network service binds to 127.0.0.1 and hook scripts call local /prime, /gate, /route, /log endpoints.
- No credential harvesting, destructive payload, persistence outside documented project state, or exfiltration found.
- Trojan-source hint appears noisy; targeted control-character search found no bidi/invisible marker matches in package entry files.
Behavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsUrlStrings
Source & flagged code
2 flagged · loading sourcedist/server/index.jsView file
3036contains invisible/control Unicode U+FEFF (zero width no-break space)
const m = md.match(/^<U+FEFF>?\s*---\r?\n([\s\S]*?)\r?\n---/);
Critical
Trojan Source Unicode
Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.
dist/server/index.jsView on unpkg · L303664};
L65: var activeLevel = process.env.SYN_LOG_LEVEL ?? "info";
L66: function shouldLog(level) {
...
L70: if (!shouldLog(level)) return;
L71: const stream = level === "error" || level === "warn" ? process.stderr : process.stdout;
L72: stream.write(`[syn] ${msg}${args.length ? " " + args.map(String).join(" ") : ""}
L73: `);
...
L165: // src/activity/git-watcher.ts
L166: import { execFile } from "child_process";
L167: import { watch } from "fs";
...
L1553: const raw = await readFile4(path, "utf8");
L1554: const parsed = JSON.parse(raw);
Low
Weak Crypto
Package source references weak cryptographic algorithms.
dist/server/index.jsView on unpkg · L64Findings
1 Critical3 Medium5 Low
CriticalTrojan Source Unicodedist/server/index.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowWeak Cryptodist/server/index.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings