registry  /  @pimmesz/afterburner  /  2.10.0

@pimmesz/afterburner@2.10.0

Convert idle AI-subscription quota (Claude or Codex) into shippable engineering work: budget-aware trigger, bounded task selection, PR-only output.

AI Security Review

scanned 8d ago · by lpm-firewall-ai

No confirmed malicious attack surface was found. The package is a CLI automation tool with powerful user-invoked operations, but no install-time execution or hidden exfiltration was identified.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs afterburner CLI subcommands such as run-once, schedule install, statusline install, auth, skill install, notify, or update.
Impact
Can modify configured repos, create local scheduler/statusline files, store a Claude OAuth token, notify ntfy topics, or update the global package when explicitly invoked/configured.
Mechanism
User-invoked AI-agent and scheduler automation
Rationale
Static source inspection shows a powerful but transparent CLI for AI-driven PR automation; the suspicious primitives are user-invoked and aligned with the documented package purpose. No lifecycle hook, hidden import-time execution, credential harvesting/exfiltration, destructive persistence, or reviewer/prompt manipulation was found.
Evidence
package.jsondist/cli/index.jsdist/chunk-MYXWLJW7.jsdist/core/index.jsskill/SKILL.mdafterburner.config.example.ts.env.exampleREADME.md~/.afterburner~/.claude/settings.json~/.claude/skills/afterburner/SKILL.md~/.zshrc~/.bashrc~/Library/LaunchAgents/io.afterburner.run-once.plist~/.config/systemd/user/afterburner.service~/.config/systemd/user/afterburner.timer
Network endpoints3
registry.npmjs.orgntfy.shgithub.com/pimmesz/afterburner

Decision evidence

public snapshot
AI called this Clean at 87.0% confidence as Benign with medium false-positive risk.
Evidence for block
  • dist/cli/index.js has user-invoked commands that spawn tools such as claude, codex, git, gh, brew, launchctl, and package-manager update commands.
  • dist/cli/index.js can write scheduler entries, Claude statusLine settings, shell rc prompt blocks, OAuth token files, and bundled Claude skill files when corresponding subcommands/prompts are used.
  • dist/chunk-MYXWLJW7.js runs live AI agents against configured repos and can push/merge PRs when explicitly configured.
Evidence against
  • package.json has no install/postinstall/preinstall lifecycle hooks; executable surface is bin-only.
  • Default config/backend is dry-run, with live Codex and auto-merge requiring explicit opt-ins.
  • Potentially dangerous behavior is documented and package-aligned: AI quota automation, scheduling, statusline, notifications, and self-update.
  • Untrusted task text is passed via stdin/env and verification commands use execFile/argv splitting rather than shell strings in reviewed paths.
  • Network use is aligned: npm update checks, ntfy notifications, GitHub/gh workflows, configured repo remotes.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 4 file(s), 392 KB of source, external domains: crontab.guru, git-scm.com, github.com, nodejs.org, ntfy.sh, registry.npmjs.org, www.apple.com

Source & flagged code

6 flagged · loading source
dist/chunk-MYXWLJW7.jsView file
matchType = previous_version_dangerous_delta matchedPackage = @pimmesz/afterburner@2.15.0 matchedIdentity = npm:QHBpbW1lc3ovYWZ0ZXJidXJuZXI:2.15.0 similarity = 0.500 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version.

dist/chunk-MYXWLJW7.jsView on unpkg
527// src/core/exec.ts L528: import { execFile } from "child_process"; L529: import { promisify } from "util";
High
Child Process

Package source references child process execution.

dist/chunk-MYXWLJW7.jsView on unpkg · L527
818return { L819: tool: "powershell-toast", L820: available: true,
High
Shell

Package source references shell execution.

dist/chunk-MYXWLJW7.jsView on unpkg · L818
255// never attached over it (see NtfyNotifier.publish). L256: server: z.url().default("https://ntfy.sh") L257: }).prefault({}) ... L431: function claudeConfigDir() { L432: return process.env.CLAUDE_CONFIG_DIR || join(homedir(), ".claude"); L433: } ... L527: // src/core/exec.ts L528: import { execFile } from "child_process"; L529: import { promisify } from "util"; ... L535: const networkBound = isNetwork ? { timeout: REMOTE_NET_TIMEOUT_MS, killSignal: "SIGKILL" } : {}; L536: const { stdout } = await execFileP("git", args, { L537: cwd,
Medium
Install Persistence

Source writes installer persistence such as shell profile or service configuration.

dist/chunk-MYXWLJW7.jsView on unpkg · L255
dist/cli/index.jsView file
2849if (platform === "win32") { L2850: return { name: "notify", ok: true, detail: "desktop banners via PowerShell toast" }; L2851: } ... L2859: function checkNtfy(config) { L2860: const hasToken = !!process.env.AFTERBURNER_NTFY_TOKEN; L2861: const server = config.notify.ntfy.server; L2862: if (hasToken && !server.startsWith("https://")) { L2863: return {
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

dist/cli/index.jsView on unpkg · L2849
2708const results = []; L2709: const version = spawnSync("claude", ["--version"], { encoding: "utf8" }); L2710: if (version.status !== 0) { ... L2714: detail: "claude-code engine selected but the `claude` CLI is not on PATH", L2715: fix: "Install Claude Code: `npm install -g @anthropic-ai/claude-code`, then run `claude /login`." L2716: });
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

dist/cli/index.jsView on unpkg · L2708

Findings

1 Critical4 High4 Medium4 Low
CriticalPrevious Version Dangerous Deltadist/chunk-MYXWLJW7.js
HighChild Processdist/chunk-MYXWLJW7.js
HighShelldist/chunk-MYXWLJW7.js
HighSame File Env Network Executiondist/cli/index.js
HighRuntime Package Installdist/cli/index.js
MediumNetwork
MediumEnvironment Vars
MediumInstall Persistencedist/chunk-MYXWLJW7.js
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings