registry  /  @lousy-agents/cli  /  5.17.0

@lousy-agents/cli@5.17.0

CLI scaffolding tool that sets up projects with structure, instructions, and feedback loops for AI coding assistants

AI Security Review

scanned 13d ago · by lpm-firewall-ai

No confirmed malicious attack surface. The package is an AI development scaffolding CLI that can modify project agent configuration only when a user runs its commands.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
User runs lousy-agents CLI subcommands such as init, new, copilot-setup, init-hooks, context, capture, lint, or doctor.
Impact
Creates or updates project files for Copilot/Claude workflows and optional GitHub rulesets; no install-time or covert behavior confirmed.
Mechanism
user-invoked project scaffolding and configuration
Rationale
Static source inspection shows a legitimate, user-invoked scaffolding and AI-agent configuration CLI with no lifecycle execution or covert exfiltration. Risky primitives are aligned with documented commands and guarded by prompts/path checks where relevant.
Evidence
package.jsondist/index.jsdist/913.jsapi/copilot-with-fastify/.vscode/mcp.jsoncli/copilot-with-citty/.vscode/mcp.jsonui/copilot-with-react/.vscode/mcp.json.claude/settings.json.github/copilot-instructions.md.github/instructions/*.md.github/workflows/copilot-setup-steps.yml.github/workflows/assign-copilot.yml.vscode/mcp.json.npmrc
Network endpoints2
api.github.comgithub.com

Decision evidence

public snapshot
AI called this Clean at 86.0% confidence as Benign with medium false-positive risk.
Evidence for block
  • CLI can write AI-agent control files on explicit commands: .claude/settings.json hooks, .github/copilot-instructions.md, .vscode/mcp.json.
  • copilot-setup can use GH_TOKEN/GITHUB_TOKEN or gh auth token to call GitHub ruleset APIs after user prompt.
  • copilot-setup may add script-shell=agent-shell to .npmrc only after confirmation.
Evidence against
  • package.json has no install/preinstall/postinstall lifecycle scripts; bin points to dist/index.js only.
  • dist/index.js writes occur from explicit CLI commands such as init, new, copilot-setup, and init-hooks, not import/install time.
  • Claude hook writes are package-aligned context/capture commands, scoped to .claude/settings.json, with symlink and safe path checks.
  • Network use is Octokit/GitHub ruleset management and documented scaffold URLs, not arbitrary exfiltration endpoints.
  • dist/913.js Unicode hint did not reveal bidi/invisible controls in direct scan; matches appear from bundled emoji/Unicode regex data.
  • No source evidence of credential harvesting, destructive behavior, persistence outside configured project files, or hidden payload loading.
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemNetwork
Supply chain
HighEntropyStringsMinifiedObfuscatedUrlStrings
Manifest
WildcardDependency
scanned 25 file(s), 618 KB of source, external domains: 127.0.0.1, api.github.com, bitbucket.com, bitbucket.org, caniuse.com, git.sr.ht, github.com, gitlab.com, raw.githubusercontent.com
Oversized source lightweight scan
dist/index.js2.08 MB file, sampled 256 KB
FilesystemChildProcessEnvironmentVarsHighEntropyStringsUrlStringscaniuse.com

Source & flagged code

3 flagged · loading source
dist/913.jsView file
21contains invisible/control Unicode U+FEFF (zero width no-break space) `?(c++,l=0):e?l+=e.length:l++,e&&(s+=e.length),e}let S={default(){switch(v){case` `:case`\v`:case`\f`:case` `:case`\xA0`:case`<U+FEFF>`:case`
Critical
Trojan Source Unicode

Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.

dist/913.jsView on unpkg · L21
dist/index.jsView file
path = dist/index.js kind = oversized_source_file sizeBytes = 2183827 magicHex = [redacted]
High
Oversized Source File

Package contains source files above the static scanner size ceiling.

dist/index.jsView on unpkg
path = dist/index.js kind = oversized_cli_entrypoint sizeBytes = 2183827 magicHex = [redacted]
Medium
Oversized Cli Entrypoint

Package contains an oversized executable-looking CLI entrypoint.

dist/index.jsView on unpkg

Findings

1 Critical1 High5 Medium5 Low
CriticalTrojan Source Unicodedist/913.js
HighOversized Source Filedist/index.js
MediumNetwork
MediumEnvironment Vars
MediumOversized Cli Entrypointdist/index.js
MediumStructural Risk Force Deep Review
MediumWildcard Dependency
LowScripts Present
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings