registry  /  @powerkraut/devkit  /  0.32.1

@powerkraut/devkit@0.32.1

Claude Code devkit plugin — agents, skills en guidelines voor AI-assisted development

AI Security Review

scanned 5h ago · by lpm-firewall-ai

Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs `devkit setup`, `devkit setup patch-permissions`, or `devkit setup patch-hooks`.
Impact
Can broaden Claude Code capabilities and run devkit cache hook scripts during future Claude sessions.
Mechanism
Explicit Claude settings permission and hook mutation.
Rationale
Source supports a warning for explicit AI-agent configuration mutation. It does not support a malicious block verdict because no unconsented install-time execution or concrete harmful chain was found.
Evidence
package.jsondist/cli.jsdist/setup/setup.jsdist/setup/claude-settings.jsdist/setup/patch-permissions.jsdist/setup/patch-hooks.jsdist/credentials/store.js~/.claude/settings.json~/.claude/devkit-settings.json~/.claude/devkit-credentials.json~/.claude/plugins/cache/PowerKraut/devkit/<version>/hooks/check-update.sh~/.claude/plugins/cache/PowerKraut/devkit/<version>/hooks/check-update-cached.sh
Network endpoints2
api.bitbucket.org/2.0registry.npmjs.org/%40powerkraut%2fdevkit/latest

Decision evidence

public snapshot
AI called this Suspicious at 91.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `dist/setup/setup.js` invokes Claude settings patching during explicit `devkit setup`.
  • `dist/setup/claude-settings.js` adds `Bash(*)`, agent/skill tools, home reads, and project writes to `~/.claude/settings.json`.
  • `dist/setup/patch-permissions.js` merges a template with `WebFetch(*)` and broad filesystem permissions.
  • `dist/setup/patch-hooks.js` writes SessionStart and PreToolUse shell-hook commands into `~/.claude/settings.json`.
Evidence against
  • `package.json` has no `preinstall`, `install`, `postinstall`, or other lifecycle script.
  • The CLI exposes setup mutation through named user commands, not import-time execution.
  • Credential use is limited to package-aligned Bitbucket, Jira, GitLab, and npm update operations.
  • No `eval`, VM execution, hidden binary loading, credential exfiltration endpoint, or destructive file deletion was found.
Behavioral surface
Source
ChildProcessDynamicRequireEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
Manifest
NoLicense
scanned 40 file(s), 221 KB of source, external domains: api.bitbucket.org, bitbucket.org, gitlab.com, id.atlassian.com, registry.npmjs.org

Source & flagged code

5 flagged · loading source
dist/clients/gitlab/mr.jsView file
1import { execSync } from 'node:child_process'; L2: import { die, gitUserName } from '../bitbucket/utils.js';
High
Child Process

Package source references child process execution.

dist/clients/gitlab/mr.jsView on unpkg · L1
dist/build/runner.jsView file
22process.stdout.write(` $ ${cmd}\n`); L23: const result = spawnSync(cmd, { shell: true, stdio: 'inherit' }); L24: if (result.status !== 0) {
High
Shell

Package source references shell execution.

dist/build/runner.jsView on unpkg · L22
dist/setup/validate.jsView file
149{ L150: const { existsSync, readFileSync } = await import('node:fs'); L151: const { join } = await import('node:path');
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/setup/validate.jsView on unpkg · L149
dist/setup/setup.jsView file
51process.stdout.write(' npm install -g @powerkraut/devkit ...\n'); L52: execSync('npm install -g @powerkraut/devkit', { stdio: 'inherit' }); L53: process.stdout.write('✅ Plugin geïnstalleerd\n');
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

dist/setup/setup.jsView on unpkg · L51
dist/cli.jsView file
matchType = previous_version_dangerous_delta matchedPackage = @powerkraut/devkit@0.31.1 matchedIdentity = npm:QHBvd2Vya3JhdXQvZGV2a2l0:0.31.1 similarity = 0.944 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/cli.jsView on unpkg

Findings

1 Critical3 High4 Medium5 Low
CriticalPrevious Version Dangerous Deltadist/cli.js
HighChild Processdist/clients/gitlab/mr.js
HighShelldist/build/runner.js
HighRuntime Package Installdist/setup/setup.js
MediumDynamic Requiredist/setup/validate.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License