registry  /  @platfory/cli  /  0.1.2

@platfory/cli@0.1.2

Earn from your AI coding tool's wait-state, from any editor or terminal. Install, sign in, and manage Platfory entirely from the shell.

AI Security Review

scanned 15h ago · by lpm-firewall-ai

Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs platfory login or platfory enable; helpers later run from Claude Code statusLine or Codex shell wrapper.
Impact
Warn-level AI agent control-surface mutation; no confirmed malicious install-time or import-time behavior.
Mechanism
consented AI-agent surface configuration plus ad/impression network calls
Rationale
Static inspection does not support a malicious verdict because there is no install-time mutation, stealth persistence, prompt/code harvesting, or remote code execution. The AI-agent configuration writes are real but consent-gated and aligned with the advertised product, so this should be warned rather than blocked.
Evidence
package.jsonREADME.mddist/index.jsdist/adapters/codex/codex-banner.mjsdist/adapters/claude-code/statusline.mjsdist/adapters/claude-code/refresh.mjsdist/adapters/copilot/copilot-hook.mjs~/.platfory/auth.json~/.platfory/current-line.txt~/.platfory/current-line.json~/.platfory/codex-line.json~/.platfory/copilot-line.json~/.claude/settings.json~/.claude/settings.json.platfory-bak~/.zshrc~/.bashrc~/.bash_profile~/.config/fish/config.fish~/Documents/PowerShell/Microsoft.PowerShell_profile.ps1~/Documents/WindowsPowerShell/Microsoft.PowerShell_profile.ps1
Network endpoints8
www.platfory.aiwww.platfory.ai/apiwww.platfory.ai/api/auth/extension/startwww.platfory.ai/api/auth/extension/exchangewww.platfory.ai/api/me/sessionwww.platfory.ai/api/me/metricswww.platfory.ai/api/ad/servewww.platfory.ai/api/event/impression

Decision evidence

public snapshot
AI called this Suspicious at 86.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • dist/index.js has explicit enable/login commands that write Claude Code settings and Codex shell profile wrappers.
  • dist/index.js writes ~/.claude/settings.json statusLine/spinnerTipsOverride and backups under ~/.claude.
  • dist/index.js writes marked codex() shell functions into ~/.zshrc, ~/.bashrc, fish, or PowerShell profiles.
  • dist/adapters/* read ~/.platfory/auth.json and send Bearer-authenticated ad/impression requests.
  • dist/index.js update command runs npm install -g @platfory/cli@latest when user invokes platfory update.
Evidence against
  • package.json defines only a bin entry and no preinstall/install/postinstall lifecycle hooks.
  • AI tool config mutation is reached via user-invoked login/enable with confirmation unless --yes is provided.
  • README.md describes the sponsored AI-tool integrations and says changes are consent-gated and reversible.
  • Restore/disable paths remove the marked Codex block and restore or clean Claude settings.
  • Source sanitizes ad text/control bytes and validates https click URLs in reviewed paths.
  • No code/prompt file harvesting, broad filesystem collection, remote payload execution, or credential exfiltration found.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
Manifest
NoLicense
scanned 5 file(s), 49.3 KB of source, external domains: 127.0.0.1, www.platfory.ai

Source & flagged code

5 flagged · loading source
dist/index.jsView file
matchType = previous_version_dangerous_delta matchedPackage = @platfory/cli@0.1.1 matchedIdentity = npm:QHBsYXRmb3J5L2NsaQ:0.1.1 similarity = 0.600 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/index.jsView on unpkg
3// src/index.ts L4: import { spawnSync } from "node:child_process"; L5:
High
Child Process

Package source references child process execution.

dist/index.jsView on unpkg · L3
335for (const base of docBases) { L336: rcs.push({ path: path3.join(base, "PowerShell", "Microsoft.PowerShell_profile.ps1"), fn: PS_FN }); L337: rcs.push({ path: path3.join(base, "WindowsPowerShell", "Microsoft.PowerShell_profile.ps1"), fn: PS_FN });
High
Shell

Package source references shell execution.

dist/index.jsView on unpkg · L335
868line(" Updating platfory via npm..."); L869: const r = spawnSync("npm", ["install", "-g", "@platfory/cli@latest"], { stdio: "inherit" }); L870: if (r.status !== 0) { L871: err(` ${cross} Update failed. Try manually: npm install -g @platfory/cli@latest`); L872: return 1;
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

dist/index.jsView on unpkg · L868
3// src/index.ts L4: import { spawnSync } from "node:child_process"; L5: ... L41: import * as fs from "node:fs/promises"; L42: var PLATFORY_DIR = path.join(os.homedir(), ".platfory"); L43: var LINE_FILE = path.join(PLATFORY_DIR, "current-line.txt"); ... L80: const raw = await fs.readFile(AUTH_FILE, "utf8"); L81: const parsed = JSON.parse(raw); L82: if (typeof parsed.token === "string" && typeof parsed.apiBaseUrl === "string") { ... L320: const rcs = [ L321: { path: path3.join(home, ".zshrc"), fn: POSIX_FN }, L322: { path: path3.join(home, ".bashrc"), fn: POSIX_FN }
Medium
Install Persistence

Source writes installer persistence such as shell profile or service configuration.

dist/index.jsView on unpkg · L3

Findings

1 Critical3 High4 Medium5 Low
CriticalPrevious Version Dangerous Deltadist/index.js
HighChild Processdist/index.js
HighShelldist/index.js
HighRuntime Package Installdist/index.js
MediumNetwork
MediumEnvironment Vars
MediumInstall Persistencedist/index.js
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License