registry  /  @monkeyray/contextweaver  /  1.3.7

@monkeyray/contextweaver@1.3.7

Context engine for AI coding agents with CLI retrieval, prompt-context preparation, and bundled Skills

AI Security Review

scanned 2h ago · by lpm-firewall-ai

Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.

Static reason
No blocking static signals were detected.
Trigger
User runs `contextweaver install-skills --dir <target>` and an agent later follows the installed Skill.
Impact
Can alter a selected agent Skill directory and cause later agent-driven indexing or code transmission to configured providers.
Mechanism
Explicit agent-Skill installation plus repository indexing and configured embedding/rerank requests.
Rationale
No concrete malicious or unconsented install-time behavior was found. Flag as warn because explicit installation of agent-executed Skills can influence subsequent agent actions and repository data flow.
Evidence
package.jsondist/index.jsdist/chunk-MRAB3EEO.jsdist/chunk-KCIJXGQ2.jsdist/chunk-6EEGV563.jsskills/using-contextweaver/SKILL.md~/.contextweaver/.env~/.contextweaver/indexes.jsoncwconfig.json<explicit --dir>/<bundled-skill>
Network endpoints2
api.siliconflow.cn/v1/embeddingsapi.siliconflow.cn/v1/rerank

Decision evidence

public snapshot
AI called this Suspicious at 86.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `dist/index.js` exposes `install-skills`, which copies bundled agent Skill directories to an explicitly supplied target.
  • With `--force`, `dist/chunk-MRAB3EEO.js` recursively removes same-named target Skill directories before copying.
  • `skills/using-contextweaver/SKILL.md` instructs agents to proactively initialize/index repositories and use configured remote embedding/rerank APIs.
Evidence against
  • `package.json` has no preinstall, install, or postinstall lifecycle hook.
  • CLI mutations occur only under explicit commands such as `init`, `index`, `init-project`, or `install-skills`.
  • Network calls in `dist/chunk-6EEGV563.js` and `dist/SearchService-X3QLUJNE.js` use user-supplied API configuration for stated embedding/reranking.
  • No shell payload execution, credential harvesting beyond configured API keys, or hidden exfiltration was found.
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 17 file(s), 260 KB of source, external domains: api.siliconflow.cn

Source & flagged code

2 flagged · loading source
dist/chunk-4D5C37FX.jsView file
307async function addFileHash(label, filePath, hashes) { L308: const crypto2 = await import("crypto"); L309: try {
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/chunk-4D5C37FX.jsView on unpkg · L307
dist/chunk-BJVI5XLJ.jsView file
4import { L5: ensurePrivateDirSync, L6: hardenPrivatePathSync ... L348: import Database from "better-sqlite3"; L349: var BASE_DIR = path.join(os.homedir(), ".contextweaver"); L350: function getDirectoryBirthtime(projectPath) {
Low
Weak Crypto

Package source references weak cryptographic algorithms.

dist/chunk-BJVI5XLJ.jsView on unpkg · L4

Findings

3 Medium5 Low
MediumDynamic Requiredist/chunk-4D5C37FX.js
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowWeak Cryptodist/chunk-BJVI5XLJ.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings