AI Security Review
scanned 4h ago · by lpm-firewall-aiNo confirmed malicious attack surface. The package is an explicit CLI that installs bundled AI governance templates and compatibility pointers into a user-selected project directory.
Static reason
No blocking static signals were detected.
Trigger
User runs `sgs-harness init` or bundled helper scripts manually; no npm lifecycle trigger exists.
Impact
Creates or updates project-local harness documentation, agent adapter files, scripts, CI templates, and symlinks when invoked by the user.
Mechanism
Template copier and compatibility symlink/pointer generator
Rationale
The AI-agent control-surface writes are package-aligned, project-local, and activated by explicit user CLI/helper use rather than unconsented npm install hooks. Static inspection found no credential access, exfiltration, remote code execution, stealth persistence, destructive behavior, or prompt injection aimed at the reviewer.
Evidence
package.jsonbin/sgs-harness.jssrc/cli.jssrc/template-installer.jssrc/project-detection.jssrc/text-template.jsrepo-template/setup-agent-links.shrepo-template/scripts/harness/backup.mjsrepo-template/scripts/harness/doctor.mjsrepo-template/scripts/harness/run-evals.mjsrepo-template/.github/workflows/harness-quality-gate.ymlrepo-template/.github/workflows/harness-security-gate.ymlAGENTS.mdCLAUDE.mdGEMINI.mdAGENT.mddocs/ai/*docs/skills/*.cursor/*.codex/*.claude/*.opencode/*.github/*.agent/AGENTS.md.windsurfrules.gentle-ai/*.pi/*scripts/harness/*
Network endpoints4
github.com/Kal-elSam/harness#readmegit+https://github.com/Kal-elSam/harness.gitgithub.com/Kal-elSam/harness/issuesopencode.ai/config.json
Decision evidence
public snapshotAI called this Clean at 93.0% confidence as Benign with low false-positive risk.
Evidence for block
- User-invoked `init` writes AI-agent governance/adaptor files into the target repo.
- `repo-template/setup-agent-links.sh` can create symlinks/pointers for CLAUDE.md, GEMINI.md, .agent, .claude, .github, .codex, and .gentle-ai.
Evidence against
- `package.json` has no preinstall/install/postinstall lifecycle hooks.
- `bin/sgs-harness.js` only dispatches CLI args to `src/cli.js`; no import-time side effects beyond command execution.
- `src/template-installer.js` copies bundled templates to `--cwd`/process cwd only after explicit `init`; existing files are skipped unless `--force`.
- No fetch/http client, child_process, eval/vm/Function, credential harvesting, or exfiltration code found in `src`, `bin`, scripts, or templates.
- `doctor` only checks for expected harness files and reports status.
- Bundled scripts validate/copy local harness files and CI templates; no remote payload or persistence mechanism found.
Behavioral surface
Filesystem
NoLicense
Source & flagged code
1 flagged · loading sourcerepo-template/setup-agent-links.shView file
•path = repo-template/setup-agent-links.sh
kind = build_helper
sizeBytes = 1221
magicHex = [redacted]
Medium
Ships Build Helper
Package ships non-JavaScript build or shell helper files.
repo-template/setup-agent-links.shView on unpkgFindings
1 Medium3 Low
MediumShips Build Helperrepo-template/setup-agent-links.sh
LowScripts Present
LowFilesystem
LowNo License