registry  /  @moda-ai/cli  /  1.12.2

@moda-ai/cli@1.12.2

CLI for Moda - AI agent analytics and observability

AI Security Review

scanned 4h ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. The main unresolved risk is guarded, user-invoked first-party agent extension setup during `moda init`; it installs Moda-owned skills/rules for supported coding agents. No install-time mutation, stealth persistence, foreign control-surface hijack, or concrete exfiltration chain was found.

Static reason
No blocking static signals were detected.
Trigger
User runs `moda init` and approves/defaults agent skill setup or optional SDK integration.
Impact
Agent config/project files may receive Moda instructions; CLI sends authenticated requests to Moda services for analytics, auth, sync, telemetry, and update checks.
Mechanism
first-party agent skill/rule materialization and Moda API/telemetry calls
Rationale
Static inspection shows package-aligned CLI behavior with no npm lifecycle execution or unconsented install-time control-surface mutation. Because `moda init` can set up first-party agent skills and optionally run a coding agent in write mode, treat it as a warn-level agent extension lifecycle risk rather than malicious.
Evidence
package.jsondist/cli.jsdist/init/index.jsdist/init/rules.jsdist/init/sdk-integration.jsdist/api-client.jsdist/auth.jsdist/update-check.jsdist/telemetry.jsdist/workspace.jshooks/moda-snapshot.sh.claude/skills/moda-cli/SKILL.md.cursor/rules/moda-cli.mdc.moda/prompts.yml.moda/skills.yml~/.moda/config.json~/.moda/update-check.json
Network endpoints4
moda.devmoda-ingest.modas.workers.devregistry.npmjs.org/@moda-ai/cli/latestlocalhost:8432

Decision evidence

public snapshot
AI called this Suspicious at 86.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • dist/init/index.js runs installRules during user-invoked `moda init` for detected coding agents.
  • dist/init/rules.js writes first-party moda-cli skill to `.claude/skills/moda-cli/SKILL.md` or `.cursor/rules/moda-cli.mdc` after confirmation/yes mode.
  • dist/init/sdk-integration.js can run a detected coding-agent CLI in write mode only when optional SDK integration is approved.
  • dist/workspace.js contains hook installers for Claude/Codex/Cursor configs, but dist/cli.js comments out workspace/hooks command registration in this build.
Evidence against
  • package.json has no preinstall/install/postinstall lifecycle scripts.
  • dist/cli.js only runs main when executed directly, not on import.
  • Network calls are aligned to Moda APIs, ingest endpoints, browser auth, telemetry, and npm update check.
  • hooks/moda-snapshot.sh only invokes `moda workspace snapshot` when installed and run by agent hooks; hook command is disabled in CLI registry.
  • No evidence of credential harvesting beyond user Moda API/auth tokens used for Moda requests and local config.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
Manifest
WildcardDependency
scanned 41 file(s), 713 KB of source, external domains: docs.moda.dev, json-schema.org, moda-ingest.modas.workers.dev, moda.dev, registry.npmjs.org, staging.moda.dev

Source & flagged code

1 flagged · loading source
hooks/moda-snapshot.shView file
path = hooks/moda-snapshot.sh kind = build_helper sizeBytes = 1497 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

hooks/moda-snapshot.shView on unpkg

Findings

5 Medium4 Low
MediumNetwork
MediumEnvironment Vars
MediumShips Build Helperhooks/moda-snapshot.sh
MediumStructural Risk Force Deep Review
MediumWildcard Dependency
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings