registry  /  @kal-elsam/harness  /  0.4.0

@kal-elsam/harness@0.4.0

Installable AI governance harness for Codex, Cursor, Claude, Gemini, Copilot, Engram, and Graphify.

AI Security Review

scanned 3h ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. The package is an explicit AI-agent governance/config installer. It mutates local agent config surfaces only when the user invokes the CLI, not during npm install, and inspection found no exfiltration or remote code execution path.

Static reason
No blocking static signals were detected.
Trigger
User runs `harness install` or invokes the bin with no command; workspace scaffolding requires `--scope=workspace` or `init`.
Impact
Local AI agent behavior may be influenced by installed managed governance text, but no concrete malicious behavior was found.
Mechanism
explicit user-command AI agent config setup with managed sections and templates
Rationale
Static source inspection shows an explicit AI governance harness that modifies AI-agent control surfaces by user command, which is a lifecycle/control-surface risk but not malicious. Because there is no install-time hook or concrete attack behavior, warn rather than block.
Evidence
package.jsonbin/harness.jssrc/cli.jssrc/global/global-installer.jssrc/global/managed-config-adapter.jssrc/global/paths.jssrc/template-installer.jsrepo-template/setup-agent-links.sh~/.harness/state.json~/.harness/components/~/.harness/backups/~/.codex/AGENTS.md~/.cursor/AGENTS.md~/.claude/CLAUDE.md~/.config/opencode/AGENTS.md.harness/manifest.json.codex/.cursor/CLAUDE.mdGEMINI.md

Decision evidence

public snapshot
AI called this Suspicious at 86.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • Default CLI command is install; user running bin/harness.js with no args dispatches to agent-global install in src/cli.js.
  • Agent-global install writes managed sections into AI agent config files such as ~/.codex/AGENTS.md, ~/.cursor/AGENTS.md, ~/.claude/CLAUDE.md, and ~/.config/opencode/AGENTS.md.
  • Global install stores managed assets/state under ~/.harness and backs up existing configs before changes.
  • Workspace install can scaffold agent governance files and symlinks into the current repo, including .codex, .cursor, CLAUDE.md, GEMINI.md, and .harness/manifest.json.
Evidence against
  • package.json has no preinstall/install/postinstall lifecycle scripts.
  • No fetch/http client, curl/wget, or network execution paths found in source; package URLs are metadata/readme only.
  • No credential harvesting, env dumping, eval/vm/Function, native binary loading, or remote payload retrieval found.
  • Config mutation is explicit CLI behavior documented in README and bounded by managed markers/backups.
  • Uninstall removes only managed sections and package state, preserving backups.
Behavioral surface
Source
CryptoEnvironmentVarsFilesystem
Supply chain
HighEntropyStrings
Manifest
NoLicense
scanned 37 file(s), 83.1 KB of source

Source & flagged code

1 flagged · loading source
repo-template/setup-agent-links.shView file
path = repo-template/setup-agent-links.sh kind = build_helper sizeBytes = 1221 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

repo-template/setup-agent-links.shView on unpkg

Findings

2 Medium4 Low
MediumEnvironment Vars
MediumShips Build Helperrepo-template/setup-agent-links.sh
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowNo License