registry  /  @pat-lewczuk/cezar  /  0.1.3

@pat-lewczuk/cezar@0.1.3

Local cockpit for running and tracking AI agent tasks in your repo. Uses your logged-in `claude` CLI and `gh` — zero config, zero database.

AI Security Review

scanned 3d ago · by lpm-firewall-ai

No confirmed malicious attack surface is established. The package is an explicitly invoked local AI-task cockpit that can run installed agent CLIs and user-defined workflow checks.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs the cezar CLI, starts a task, refreshes configured skills, or opens a draft PR through the local UI.
Impact
It can modify the chosen project through the selected AI agent or configured shell checks, which is the stated package function; no unconsented install-time action was found.
Mechanism
User-invoked local agent orchestration, git worktrees, and optional GitHub CLI operations.
Rationale
Static hints conflate intended user-invoked orchestration with malicious behavior. Source inspection found no lifecycle execution, token exfiltration, remote payload execution, or stealthy persistence.
Evidence
package.jsondist/index.jsdist/core/backend-detect.jsdist/core/claude-cli-runner.jsdist/core/codex-app-server-runner.jsdist/workflows/run.js.ai/cezar/~/.cache/cez/skills/

Decision evidence

public snapshot
AI called this Clean at 95.0% confidence as Benign with low false-positive risk.
Evidence for block
    Evidence against
    • package.json has only prepublishOnly; no install-time lifecycle hook.
    • dist/core/backend-detect.js only probes existing CLIs; it does not install packages.
    • dist/core/backend-detect.js reads a GitHub token but no package code consumes or transmits it.
    • dist/index.js starts a local CLI/server only after explicit user invocation.
    • dist/workflows/run.js runs configured agent/check commands in user-selected workflows and worktrees.
    • No eval, dynamic module loading, credential exfiltration, or hidden persistence found in inspected source.
    Behavioral surface
    Source
    ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
    Supply chain
    HighEntropyStringsUrlStrings
    ManifestNo manifest risk signals triggered.
    scanned 28 file(s), 365 KB of source, external domains: 127.0.0.1, claude.com, github.com, opencode.ai

    Source & flagged code

    3 flagged · loading source
    dist/core/claude-cli-runner.jsView file
    1import { spawn as nodeSpawn } from 'node:child_process'; L2: import { fileURLToPath } from 'node:url';
    High
    Child Process

    Package source references child process execution.

    dist/core/claude-cli-runner.jsView on unpkg · L1
    dist/core/backend-detect.jsView file
    matchType = previous_version_dangerous_delta matchedPackage = @pat-lewczuk/cezar@0.1.2 matchedIdentity = npm:QHBhdC1sZXdjenVrL2NlemFy:0.1.2 similarity = 0.609 summary = stored previous version shares package body but lacks this dangerous source file
    Critical
    Previous Version Dangerous Delta

    This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

    dist/core/backend-detect.jsView on unpkg
    40available: false, L41: hint: 'install Claude Code (npm i -g @anthropic-ai/claude-code) and log in', L42: }; ... L47: try { L48: const { stdout } = await exec(bin, ['--version'], { timeout: 10_000 }); L49: return {
    High
    Runtime Package Install

    Package source invokes a package manager install command at runtime.

    dist/core/backend-detect.jsView on unpkg · L40

    Findings

    1 Critical3 High3 Medium5 Low
    CriticalPrevious Version Dangerous Deltadist/core/backend-detect.js
    HighChild Processdist/core/claude-cli-runner.js
    HighShell
    HighRuntime Package Installdist/core/backend-detect.js
    MediumNetwork
    MediumEnvironment Vars
    MediumStructural Risk Force Deep Review
    LowNon Install Lifecycle Scripts
    LowScripts Present
    LowFilesystem
    LowHigh Entropy Strings
    LowUrl Strings