registry  /  @mushi-mushi/cli  /  0.23.0

@mushi-mushi/cli@0.23.0

CLI for Mushi Mushi — `mushi init` wizard installs the right SDK for your framework, plus report triage and pipeline health commands

AI Security Review

scanned 10d ago · by lpm-firewall-ai

No confirmed malicious attack surface. Risky primitives are package-aligned CLI setup behavior activated by explicit commands.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
User runs mushi init, login, connect, setup, doctor, or other CLI subcommands.
Impact
Stores Mushi credentials locally and may write project env/MCP config as documented; no evidence of hidden exfiltration, persistence, or destructive behavior.
Mechanism
User-authorized SDK setup, credential storage, API calls, and IDE MCP wiring.
Rationale
Static inspection shows a feature-rich CLI that performs user-invoked Mushi SDK setup, auth, reporting, diagnostics, and MCP configuration. Scanner exfiltration hints map to documented API-key headers and local config/env writes, with no install-time execution or hidden credential harvesting found.
Evidence
package.jsondist/index.jsdist/chunk-GSQO35YD.jsdist/chunk-LDPFTQLE.jsdist/connect-XFVSH4JZ.jsREADME.md.env.local.env.cursor/mcp.json.claude/mcp.json.continue/mcp.json.cursorrules.claude/rules/mushi.md
Network endpoints4
dxptnwrhwsqckaftyymj.supabase.co/functions/v1/apiregistry.npmjs.orgkensaur.us/mushi-mushi/adminlocalhost:6464

Decision evidence

public snapshot
AI called this Clean at 91.0% confidence as Benign with low false-positive risk.
Evidence for block
    Evidence against
    • package.json has no lifecycle scripts; bin is user-invoked ./dist/index.js.
    • dist/index.js network calls are CLI auth/project/report/admin operations against configured Mushi endpoints.
    • dist/index.js credential reads are limited to MUSHI_* config/env values and user prompts, then saved for CLI use.
    • dist/index.js writes .env.local and .cursor/.claude/IDE MCP config only from explicit init/connect/setup commands.
    • dist/chunk-GSQO35YD.js validates API keys, project IDs, and HTTPS endpoints before API/MCP use.
    • MCP/rules writes are disclosed command behavior, not install-time or import-time mutation.
    Behavioral surface
    Source
    ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
    Supply chain
    HighEntropyStringsUrlStrings
    ManifestNo manifest risk signals triggered.
    scanned 12 file(s), 303 KB of source, external domains: dxptnwrhwsqckaftyymj.supabase.co, github.com, kensaur.us, registry.npmjs.org, xyz.supabase.co, your-app.vercel.app

    Source & flagged code

    2 flagged · loading source
    dist/index.jsView file
    51import * as p from "@clack/prompts"; L52: import { spawn } from "child_process"; L53: import { randomUUID } from "crypto"; ... L60: let end = endpoint.length; L61: while (end > 0 && endpoint.charCodeAt(end - 1) === 47) end--; L62: return endpoint.slice(0, end); L63: } L64: async function deviceFetch(url, init = {}) { L65: const controller = new AbortController(); ... L90: headers: { "Content-Type": "application/json" }, L91: body: JSON.stringify({ device_code: deviceCode }) L92: });
    Critical
    Credential Exfiltration

    Source appears to send environment or credential material to an external endpoint.

    dist/index.jsView on unpkg · L51
    51Trigger-reachable chain: manifest.exports -> dist/index.js L51: import * as p from "@clack/prompts"; L52: import { spawn } from "child_process"; L53: import { randomUUID } from "crypto"; ... L60: let end = endpoint.length; L61: while (end > 0 && endpoint.charCodeAt(end - 1) === 47) end--; L62: return endpoint.slice(0, end); L63: } L64: async function deviceFetch(url, init = {}) { L65: const controller = new AbortController(); ... L90: headers: { "Content-Type": "application/json" }, L91: body: JSON.stringify({ device_code: deviceCode }) L92: });
    Critical
    Trigger Reachable Dangerous Capability

    A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.

    dist/index.jsView on unpkg · L51

    Findings

    2 Critical3 Medium4 Low
    CriticalCredential Exfiltrationdist/index.js
    CriticalTrigger Reachable Dangerous Capabilitydist/index.js
    MediumNetwork
    MediumEnvironment Vars
    MediumStructural Risk Force Deep Review
    LowScripts Present
    LowFilesystem
    LowHigh Entropy Strings
    LowUrl Strings