registry  /  @moda-ai/cli  /  1.10.0

@moda-ai/cli@1.10.0

CLI for Moda - AI agent analytics and observability

AI Security Review

scanned 2d ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. The package is a Moda observability CLI with user-invoked commands that can write first-party agent skills/rules and local Moda artifacts. No install-time or import-time compromise path was found.

Static reason
No blocking static signals were detected.
Trigger
User runs commands such as moda init, moda skills pull, moda skills sync, or sdk integration prompts.
Impact
Potentially changes local agent instructions or runs a local coding-agent integration task only after user command/approval; no confirmed malicious behavior.
Mechanism
Authenticated CLI network calls and explicit local agent-extension/artifact writes
Rationale
Source inspection shows no unconsented npm lifecycle mutation, exfiltration, stealth persistence, destructive behavior, or remote code execution. Because the package includes first-party agent extension setup and generated skill pull into agent directories, warn rather than mark fully clean.
Evidence
package.jsondist/cli.jsdist/init/index.jsdist/init/rules.jsdist/skills.jsdist/init/sdk-integration.jsdist/workspace.jsdist/api-client.jsdist/update-check.jshooks/moda-snapshot.sh~/.moda/config.json~/.moda/auth.json~/.moda/profiles.json~/.moda/secrets/**.moda/prompts.yml.moda/skills.yml.moda/harness.json.claude/skills/<id>/SKILL.md.cursor/rules/<id>.mdc
Network endpoints6
moda.devstaging.moda.devmoda-ingest.modas.workers.devregistry.npmjs.org/@moda-ai/cli/latestlocalhost:3000localhost:8787

Decision evidence

public snapshot
AI called this Suspicious at 82.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • dist/init/rules.js can install bundled moda-cli skill into .claude/skills and .cursor/rules during user-run init.
  • dist/skills.js pulls authenticated server-generated skills and writes/prunes managed .claude/.cursor agent files plus .moda/skills.yml.
  • dist/init/sdk-integration.js can spawn claude/codex/cursor in write mode, gated by init setup approval.
  • dist/workspace.js contains hook installers for Claude/Codex/Cursor configs, though not registered in dist/cli.js.
Evidence against
  • package.json has no preinstall/install/postinstall lifecycle scripts.
  • dist/cli.js comments out workspace/hooks command registrations and init sets installHooks false.
  • Network use is package-aligned: moda.dev, moda-ingest.modas.workers.dev, staging/local profile URLs, npm registry update check.
  • Secrets are read from MODA_* env or ~/.moda config for authenticated user commands, with no broad credential harvesting seen.
  • No eval/vm/Function/native binary loading or remote payload execution found.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
Manifest
WildcardDependency
scanned 35 file(s), 654 KB of source, external domains: json-schema.org, moda-ingest.modas.workers.dev, moda.dev, registry.npmjs.org, staging.moda.dev

Source & flagged code

1 flagged · loading source
hooks/moda-snapshot.shView file
path = hooks/moda-snapshot.sh kind = build_helper sizeBytes = 1497 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

hooks/moda-snapshot.shView on unpkg

Findings

5 Medium4 Low
MediumNetwork
MediumEnvironment Vars
MediumShips Build Helperhooks/moda-snapshot.sh
MediumStructural Risk Force Deep Review
MediumWildcard Dependency
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings