registry  /  @lousy-agents/cli  /  5.16.0

@lousy-agents/cli@5.16.0

CLI scaffolding tool that sets up projects with structure, instructions, and feedback loops for AI coding assistants

AI Security Review

scanned 13d ago · by lpm-firewall-ai

No confirmed malicious attack surface. The package is a project scaffolding and AI-assistant setup CLI with user-invoked writes and aligned GitHub API usage.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
User runs lousy-agents CLI subcommands such as init-hooks, copilot-setup, new, or init.
Impact
Project files may be created or updated by requested CLI commands; no install-time execution or unconsented persistence found.
Mechanism
explicit project scaffolding and hook/workflow configuration
Rationale
Static inspection found AI-agent hook mutation and GitHub token/network primitives, but they are exposed through documented, user-invoked CLI commands and bounded to project setup behavior. There is no lifecycle execution, credential harvesting, hidden payload, or unconsented agent control-surface mutation.
Evidence
package.jsonREADME.mddist/index.jsdist/913.js.claude/settings.json.github/workflows/copilot-setup-steps.yml.npmrc.github/agents/<name>.md.github/skills/<name>/SKILL.md.lousy-agents/lessons/<slug>.md
Network endpoints2
api.github.comuploads.github.com

Decision evidence

public snapshot
AI called this Clean at 90.0% confidence as Benign with low false-positive risk.
Evidence for block
    Evidence against
    • package.json has no install/preinstall/postinstall lifecycle scripts; bin points to dist/index.js only.
    • dist/index.js registers explicit CLI subcommands: init, lint, new, copilot-setup, context, init-hooks, capture, doctor.
    • init-hooks writes .claude/settings.json only when user invokes the command, adding hooks that run lousy-agents context/capture.
    • context/capture read Claude hook stdin and local .lousy-agents/lessons; they emit context/prompts, not shell commands or exfiltration.
    • GitHub API/gh token use is limited to user-invoked copilot-setup ruleset management and repository detection.
    • dist/913.js Unicode finding is JSON5/confbox dependency character tables, not hidden control-flow source.
    Behavioral surface
    Source
    ChildProcessEnvironmentVarsFilesystemNetwork
    Supply chain
    HighEntropyStringsMinifiedObfuscatedUrlStrings
    Manifest
    WildcardDependency
    scanned 25 file(s), 618 KB of source, external domains: 127.0.0.1, api.github.com, bitbucket.com, bitbucket.org, caniuse.com, git.sr.ht, github.com, gitlab.com, raw.githubusercontent.com
    Oversized source lightweight scan
    dist/index.js2.08 MB file, sampled 256 KB
    FilesystemChildProcessEnvironmentVarsHighEntropyStringsUrlStringscaniuse.com

    Source & flagged code

    3 flagged · loading source
    dist/913.jsView file
    21contains invisible/control Unicode U+FEFF (zero width no-break space) `?(c++,l=0):e?l+=e.length:l++,e&&(s+=e.length),e}let S={default(){switch(v){case` `:case`\v`:case`\f`:case` `:case`\xA0`:case`<U+FEFF>`:case`
    Critical
    Trojan Source Unicode

    Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.

    dist/913.jsView on unpkg · L21
    dist/index.jsView file
    path = dist/index.js kind = oversized_source_file sizeBytes = 2176711 magicHex = [redacted]
    High
    Oversized Source File

    Package contains source files above the static scanner size ceiling.

    dist/index.jsView on unpkg
    path = dist/index.js kind = oversized_cli_entrypoint sizeBytes = 2176711 magicHex = [redacted]
    Medium
    Oversized Cli Entrypoint

    Package contains an oversized executable-looking CLI entrypoint.

    dist/index.jsView on unpkg

    Findings

    1 Critical1 High5 Medium5 Low
    CriticalTrojan Source Unicodedist/913.js
    HighOversized Source Filedist/index.js
    MediumNetwork
    MediumEnvironment Vars
    MediumOversized Cli Entrypointdist/index.js
    MediumStructural Risk Force Deep Review
    MediumWildcard Dependency
    LowScripts Present
    LowFilesystem
    LowObfuscated
    LowHigh Entropy Strings
    LowUrl Strings