registry  /  @metasession.co/devaudit-cli  /  0.3.11

@metasession.co/devaudit-cli@0.3.11

DevAudit CLI — installs, syncs, and operates the Metasession SDLC across consumer projects.

AI Security Review

scanned 2h ago · by lpm-firewall-ai

Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs `devaudit install`, `devaudit update`, `devaudit push`, or plugin commands.
Impact
Can alter a consumer project's AI-agent guidance and execute code from a user-selected plugin source; no unconsented lifecycle trigger was found.
Mechanism
Explicit project template/AI-rule synchronization, credentialed evidence upload, and optional plugin execution.
Rationale
No concrete malicious or unconsented install-time chain is present, but explicit broad AI-agent control-surface mutation and plugin execution warrant a warning under the stated policy.
Evidence
package.jsonbin/devaudit.jsdist/index.jssdlc/src/bin/devaudit-sdlc.jssdlc/files/_common/scripts/upload-evidence.shAGENTS.mdCLAUDE.md.cursorrules.windsurfrulesGEMINI.md.claude/skillsINSTRUCTIONS.md~/.config/devaudit/auth.json~/.config/devaudit/plugins
Network endpoints2
devaudit.metasession.coapi.github.com

Decision evidence

public snapshot
AI called this Suspicious at 90.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `dist/index.js` explicit `install`/`update` commands overwrite project AI control files.
  • `dist/index.js` writes `AGENTS.md`, `CLAUDE.md`, `.cursorrules`, `.windsurfrules`, `GEMINI.md`, and `.claude/skills`.
  • `dist/index.js` supports user-selected plugin cloning, `npm install`, and dynamic plugin import.
  • `dist/index.js` uploads user-selected evidence files with `DEVAUDIT_API_KEY` authorization.
Evidence against
  • `package.json` has no preinstall, install, or postinstall lifecycle hook.
  • `bin/devaudit.js` only imports the CLI; mutations require registered CLI actions.
  • AI-rule mutation is attached to explicit `install`/`update` workflows, not package installation.
  • Network calls target declared DevAudit/GitHub service endpoints and use supplied credentials.
Behavioral surface
Source
ChildProcessDynamicRequireEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 8 file(s), 165 KB of source, external domains: api.github.com, devaudit.metasession.co, github.com, www.conventionalcommits.org

Source & flagged code

6 flagged · loading source
sdlc/src/bin/devaudit-sdlc.jsView file
matchType = previous_version_dangerous_delta matchedPackage = @metasession.co/devaudit-cli@0.3.9 matchedIdentity = npm:[redacted]:0.3.9 similarity = 0.750 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

sdlc/src/bin/devaudit-sdlc.jsView on unpkg
3const path = require('path'); L4: const { spawnSync } = require('child_process'); L5:
High
Child Process

Package source references child process execution.

sdlc/src/bin/devaudit-sdlc.jsView on unpkg · L3
dist/index.jsView file
3import { createConsola } from 'consola'; L4: import { execa } from 'execa'; L5: import { join, resolve, basename, dirname, relative } from 'path';
High
Shell

Package source references shell execution.

dist/index.jsView on unpkg · L3
1782} L1783: await execa("npx", ["husky", "init"], { cwd: ctx.projectPath, stdio: "inherit" }); L1784: return { step: "8/11 Bootstrap hook framework", status: "ok", message: ".husky/ bootstrapped" };
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

dist/index.jsView on unpkg · L1782
79const mainPath = resolve(dir, result.main); L80: const mod = await import(toFileUrl(mainPath)); L81: if (!mod.default || typeof mod.default !== "object") {
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/index.jsView on unpkg · L79
scripts/upload-evidence.shView file
path = scripts/upload-evidence.sh kind = build_helper sizeBytes = 24845 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

scripts/upload-evidence.shView on unpkg

Findings

1 Critical3 High5 Medium4 Low
CriticalPrevious Version Dangerous Deltasdlc/src/bin/devaudit-sdlc.js
HighChild Processsdlc/src/bin/devaudit-sdlc.js
HighShelldist/index.js
HighRuntime Package Installdist/index.js
MediumDynamic Requiredist/index.js
MediumNetwork
MediumEnvironment Vars
MediumShips Build Helperscripts/upload-evidence.sh
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings