registry  /  @lousy-agents/cli  /  5.17.1

@lousy-agents/cli@5.17.1

CLI scaffolding tool that sets up projects with structure, instructions, and feedback loops for AI coding assistants

AI Security Review

scanned 13d ago · by lpm-firewall-ai

No confirmed malicious attack surface. The risky primitives are package-aligned scaffolding, optional GitHub ruleset management, and explicit AI-assistant hook setup.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
User runs commands such as lousy-agents init, new, copilot-setup, or init-hooks.
Impact
Creates or updates project templates, Copilot workflow/ruleset configuration, optional .npmrc script-shell entry, or Claude hook settings when requested.
Mechanism
user-invoked project scaffolding and assistant configuration
Rationale
Static inspection shows a legitimate scaffolding CLI with user-invoked writes and optional GitHub API use, not install-time execution, credential harvesting, exfiltration, persistence, or hidden AI-agent control mutation. Scanner hits are explained by bundled dependencies, templates/tests, repository URLs, and package-aligned assistant setup features.
Evidence
package.jsonREADME.mddist/index.jsdist/913.jsapi/copilot-with-fastify/src/app.integration.ts.github/copilot-instructions.md.github/workflows/copilot-setup-steps.yml.github/skills/*/SKILL.md.claude/settings.json.npmrc
Network endpoints3
api.github.comuploads.github.comgithub.com/${action}/releases/latest

Decision evidence

public snapshot
AI called this Clean at 90.0% confidence as Benign with low false-positive risk.
Evidence for block
  • User-invoked commands can write AI assistant configuration files such as .github/copilot-instructions.md, .github/skills/*/SKILL.md, and .claude/settings.json.
  • copilot-setup can read GH_TOKEN/GITHUB_TOKEN or gh auth token and call GitHub APIs after user interaction.
Evidence against
  • package.json defines no install/preinstall/postinstall lifecycle hooks; bin is dist/index.js only.
  • README describes the package as scaffolding for init, new, lint, and copilot-setup commands.
  • dist/index.js writes scaffold files only from explicit CLI commands and preserves existing files in createFilesystemStructure.
  • init-hooks is an explicit subcommand; hook entries run lousy-agents context/capture, not hidden arbitrary payloads.
  • Path handling uses resolveSafePath/readFileNoFollow/symlink checks for project file reads and writes.
  • Direct Trojan-source check of dist/913.js/dist/*.js found no bidi or invisible control matches.
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemNetwork
Supply chain
HighEntropyStringsMinifiedObfuscatedUrlStrings
Manifest
WildcardDependency
scanned 25 file(s), 618 KB of source, external domains: 127.0.0.1, api.github.com, bitbucket.com, bitbucket.org, caniuse.com, git.sr.ht, github.com, gitlab.com, raw.githubusercontent.com
Oversized source lightweight scan
dist/index.js2.08 MB file, sampled 256 KB
FilesystemChildProcessEnvironmentVarsHighEntropyStringsUrlStringscaniuse.com

Source & flagged code

3 flagged · loading source
dist/913.jsView file
21contains invisible/control Unicode U+FEFF (zero width no-break space) `?(c++,l=0):e?l+=e.length:l++,e&&(s+=e.length),e}let S={default(){switch(v){case` `:case`\v`:case`\f`:case` `:case`\xA0`:case`<U+FEFF>`:case`
Critical
Trojan Source Unicode

Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.

dist/913.jsView on unpkg · L21
dist/index.jsView file
path = dist/index.js kind = oversized_source_file sizeBytes = 2184721 magicHex = [redacted]
High
Oversized Source File

Package contains source files above the static scanner size ceiling.

dist/index.jsView on unpkg
path = dist/index.js kind = oversized_cli_entrypoint sizeBytes = 2184721 magicHex = [redacted]
Medium
Oversized Cli Entrypoint

Package contains an oversized executable-looking CLI entrypoint.

dist/index.jsView on unpkg

Findings

1 Critical1 High5 Medium5 Low
CriticalTrojan Source Unicodedist/913.js
HighOversized Source Filedist/index.js
MediumNetwork
MediumEnvironment Vars
MediumOversized Cli Entrypointdist/index.js
MediumStructural Risk Force Deep Review
MediumWildcard Dependency
LowScripts Present
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings