AI Security Review
scanned 12d ago · by lpm-firewall-aiNo confirmed malicious attack surface. The package is an SDLC onboarding/evidence CLI with user-invoked project file writes, GitHub configuration, uploads, and plugin management.
Static reason
One or more suspicious static signals were detected.
Trigger
User runs devaudit CLI commands such as install, push, auth login, doctor, or plugin install/update.
Impact
Can modify consumer project SDLC files and run npm/git/gh commands when explicitly invoked; no install-time or hidden execution found.
Mechanism
User-directed SDLC scaffolding, evidence upload, GitHub automation, and local plugin management
Rationale
Static inspection confirms the scanner signals are real but package-aligned and activated by explicit CLI commands, not by install/import-time execution. The AI-agent rule-file writes are part of the documented SDLC sync/install workflow and do not establish unconsented lifecycle control-surface mutation.
Evidence
package.jsonbin/devaudit.jsdist/index.jsscripts/upload-evidence.sh~/.config/devaudit/auth.json~/.config/devaudit/pluginssdlc-config.jsonSDLC/.github/ISSUE_TEMPLATE/AGENTS.mdCLAUDE.mdGEMINI.mdINSTRUCTIONS.md.cursorrules.windsurfrules.husky/
Network endpoints4
devaudit.metasession.coapi.github.comuser-configured DEVAUDIT_BASE_URLpresigned uploadUrl returned by DevAudit API
Decision evidence
public snapshotAI called this Clean at 88.0% confidence as Benign with medium false-positive risk.
Evidence for block
- dist/index.js has user-invoked plugin install/update commands that run git clone/pull and npm install.
- dist/index.js syncAiRules writes AGENTS.md, CLAUDE.md, GEMINI.md, .cursorrules, .windsurfrules, and INSTRUCTIONS.md into target projects.
- dist/index.js uploads user-selected evidence files with bearer auth to configured DevAudit endpoints.
Evidence against
- package.json has no install/postinstall/preinstall lifecycle hooks.
- bin/devaudit.js only imports dist/index.js; behavior is CLI-triggered, not install-time.
- Network endpoints are package-aligned: https://devaudit.metasession.co and https://api.github.com plus user-configured base URLs.
- Auth storage is explicit login flow to ~/.config/devaudit/auth.json; env vars are named DEVAUDIT/GitHub tokens.
- Shell/package-manager use is tied to doctor, install/bootstrap, GitHub, and plugin management commands.
- No obfuscated payloads, credential harvesting beyond documented tokens, persistence, or destructive behavior found.
Behavioral surface
DynamicRequireEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsUrlStrings
Source & flagged code
4 flagged · loading sourcedist/index.jsView file
3import { createConsola } from 'consola';
L4: import { execa } from 'execa';
L5: import { join, resolve, basename, dirname, relative } from 'path';
High
1731}
L1732: await execa("npx", ["husky", "init"], { cwd: ctx.projectPath, stdio: "inherit" });
L1733: return { step: "8/11 Bootstrap hook framework", status: "ok", message: ".husky/ bootstrapped" };
High
Runtime Package Install
Package source invokes a package manager install command at runtime.
dist/index.jsView on unpkg · L173179const mainPath = resolve(dir, result.main);
L80: const mod = await import(toFileUrl(mainPath));
L81: if (!mod.default || typeof mod.default !== "object") {
Medium
Dynamic Require
Package source references dynamic require/import behavior.
dist/index.jsView on unpkg · L79scripts/upload-evidence.shView file
•path = scripts/upload-evidence.sh
kind = build_helper
sizeBytes = 23340
magicHex = [redacted]
Medium
Ships Build Helper
Package ships non-JavaScript build or shell helper files.
scripts/upload-evidence.shView on unpkgFindings
2 High5 Medium4 Low
HighShelldist/index.js
HighRuntime Package Installdist/index.js
MediumDynamic Requiredist/index.js
MediumNetwork
MediumEnvironment Vars
MediumShips Build Helperscripts/upload-evidence.sh
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings