registry  /  @lesto/cli  /  0.2.0

@lesto/cli@0.2.0

Lesto's `lesto` command-line tool — load a project's lesto.app.ts and run, serve, migrate, or inspect routes.

AI Security Review

scanned 2h ago · by lpm-firewall-ai

Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.

Static reason
No blocking static signals were detected.
Trigger
User runs `lesto generate agents` or `lesto eval`.
Impact
`generate agents` can update `AGENTS.md` and `llms.txt` in the current project; `eval` may send evaluation inputs to Anthropic using the user-provided API key.
Mechanism
Explicit project scaffolding and optional Anthropic-backed evaluation.
Rationale
Source inspection found no lifecycle hook, install-time execution, stealth persistence, credential theft, or unconsented remote payload chain. The explicit agent-file generator is a real but user-invoked AI-agent capability, so warn rather than block.
Evidence
package.jsonbin/lesto.mjsdist/bin.jsdist/src-EEY4QS2T.jsAGENTS.mdllms.txtlesto.evals.tslesto.app.tsapp/routesapp/islands
Network endpoints1
api.anthropic.com/v1/messages

Decision evidence

public snapshot
AI called this Suspicious at 93.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `lesto generate agents` writes project-root `AGENTS.md` and `llms.txt`.
  • Writes occur only after explicit `generate agents` command dispatch.
  • `eval` can use `ANTHROPIC_API_KEY` to call Anthropic's messages API.
Evidence against
  • `package.json` has no preinstall, install, postinstall, or prepare hook.
  • Launcher only selects and imports the packaged CLI or local development entry.
  • Agent generation supports `--check` and `--dry-run`; no stealth trigger found.
  • No credential harvesting, broad agent-config discovery, or unsolicited exfiltration found.
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsEvalFilesystemNetworkShellWebSocket
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 11 file(s), 626 KB of source, external domains: 127.0.0.1, api.anthropic.com, auth.example.com, docs.anthropic.com, docs.expo.dev, github.com, issuer.example.com, json-schema.org, mcp.example.com, platform.claude.com, react.dev

Source & flagged code

2 flagged · loading source
dist/bin.jsView file
114deps.out(`eval: ${failures} of ${evals.length} failed`); L115: throw new CliError("CLI_EVAL_FAILED", `${failures} eval(s) failed.`, { L116: failed: failures,
Low
Eval

Package source references a known benign dynamic code generation pattern.

dist/bin.jsView on unpkg · L114
bin/lesto.mjsView file
27jsx: { runtime: "automatic", importSource: "react" }, L28: }).import(entry);
Medium
Dynamic Require

Package source references dynamic require/import behavior.

bin/lesto.mjsView on unpkg · L27

Findings

3 Medium5 Low
MediumDynamic Requirebin/lesto.mjs
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowEvaldist/bin.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings