registry  /  @powerkraut/devkit  /  0.8.0

@powerkraut/devkit@0.8.0

Claude Code devkit plugin — agents, skills en guidelines voor AI-assisted development

AI Security Review

scanned 7d ago · by lpm-firewall-ai

No confirmed malicious attack surface was established. The package is a developer CLI/plugin that can mutate Claude settings, store tokens, run git/glab/npm commands, and call SCM APIs, but these behaviors are tied to explicit devkit commands and setup/validation workflows.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs devkit setup, devkit setup patch-permissions, devkit setup validate, devkit bb validate, devkit gl mr comment, or devkit run build.
Impact
Potentially high if a user grants broad Claude permissions or runs configured build commands, but no hidden install-time/import-time execution, harvesting, persistence, or exfiltration was found.
Mechanism
User-invoked developer automation with broad local permissions and SCM API calls.
Rationale
Static inspection found powerful developer-tool capabilities, including Claude permission changes and SCM API actions, but they are exposed through explicit CLI setup/validation/build commands with no lifecycle hook, import-time execution, secret exfiltration, or hidden payload. Scanner findings map to package-aligned functionality rather than concrete malicious behavior.
Evidence
package.jsondist/cli.jsdist/setup/setup.jsdist/setup/claude-settings.jsdist/templates/user-permissions.jsondist/setup/validate.jsdist/credentials/store.jsdist/setup/init.jsdist/build/runner.jsdist/clients/gitlab/mr.jsdist/tasks/story-lookup.js~/.claude/settings.json~/.claude/devkit-settings.json~/.claude/devkit-credentials.json.claude/devkit-plugin.json.claude/keys/<name>.token.gitignoreCLAUDE.md
Network endpoints5
api.bitbucket.org/2.0registry.npmjs.org/%40powerkraut%2fdevkit/latestbitbucket.orgid.atlassian.comgitlab.com

Decision evidence

public snapshot
AI called this Clean at 88.0% confidence as Benign with medium false-positive risk.
Evidence for block
  • dist/setup/claude-settings.js and dist/templates/user-permissions.json can add broad Claude permissions such as Bash(*) and WebFetch(*).
  • dist/setup/setup.js can run npm install -g @powerkraut/devkit and sudo fallback, but only after interactive confirmation.
  • dist/setup/validate.js performs Bitbucket/Jira/GitLab validation actions including temporary PR/comment creation when user runs validate commands.
Evidence against
  • package.json has no install/preinstall/postinstall lifecycle hooks; execution is via devkit bin commands.
  • dist/cli.js exposes setup/init/validate/build commands; risky actions are user-invoked, not import-time or install-time.
  • Credential writes in dist/credentials/store.js and dist/setup/init.js store user-entered tokens locally under ~/.claude or project .claude/keys, with no credential exfiltration path found.
  • Network use is aligned with documented developer workflow: Bitbucket, Jira/Atlassian, GitLab, and npm registry validation/update checks.
  • Shell execution is limited to user-requested tooling, git/glab/npm validation, configured build commands, or interactive setup.
Behavioral surface
Source
ChildProcessDynamicRequireEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
Manifest
NoLicense
scanned 29 file(s), 112 KB of source, external domains: api.bitbucket.org, bitbucket.org, gitlab.com, id.atlassian.com, registry.npmjs.org

Source & flagged code

5 flagged · loading source
dist/clients/gitlab/mr.jsView file
1import { execSync } from 'node:child_process'; L2: import { die, gitUserName } from '../bitbucket/utils.js';
High
Child Process

Package source references child process execution.

dist/clients/gitlab/mr.jsView on unpkg · L1
dist/build/runner.jsView file
19process.stdout.write(` $ ${cmd}\n`); L20: const result = spawnSync(cmd, { shell: true, stdio: 'inherit' }); L21: if (result.status !== 0) {
High
Shell

Package source references shell execution.

dist/build/runner.jsView on unpkg · L19
dist/setup/validate.jsView file
135{ L136: const { existsSync, readFileSync } = await import('node:fs'); L137: const { join } = await import('node:path');
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/setup/validate.jsView on unpkg · L135
dist/setup/setup.jsView file
51process.stdout.write(' npm install -g @powerkraut/devkit ...\n'); L52: execSync('npm install -g @powerkraut/devkit', { stdio: 'inherit' }); L53: process.stdout.write('✅ Plugin geïnstalleerd\n');
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

dist/setup/setup.jsView on unpkg · L51
dist/tasks/story-lookup.jsView file
matchType = previous_version_dangerous_delta matchedPackage = @powerkraut/devkit@0.7.11 matchedIdentity = npm:QHBvd2Vya3JhdXQvZGV2a2l0:0.7.11 similarity = 0.923 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version.

dist/tasks/story-lookup.jsView on unpkg

Findings

1 Critical3 High4 Medium5 Low
CriticalPrevious Version Dangerous Deltadist/tasks/story-lookup.js
HighChild Processdist/clients/gitlab/mr.js
HighShelldist/build/runner.js
HighRuntime Package Installdist/setup/setup.js
MediumDynamic Requiredist/setup/validate.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License