registry  /  @principal-ai/principal-view-cli  /  0.32.0

@principal-ai/principal-view-cli@0.32.0

Principal View CLI - Validate and manage .canvas configuration files

AI Security Review

scanned 1h ago · by lpm-firewall-ai

No confirmed malicious attack surface is established. Risky primitives are tied to documented, user-invoked CLI features for project setup, browser opening, token-authenticated Principal ADE APIs, local bridge handoff, and viewer launch.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs specific CLI subcommands such as init, hooks --init/--add, trail, topic, inbox, or starred-collections.
Impact
Expected project file creation/hooks setup or package-aligned API interaction; no unconsented install-time behavior found.
Mechanism
user-invoked CLI project setup, authenticated API calls, local viewer/browser launch
Rationale
Static source inspection shows no lifecycle execution and no concrete malicious chain; scanner findings map to explicit CLI features and package-aligned network/token use. The husky/package-manager mutations are user-command setup behavior, not unconsented install-time persistence or AI-agent hijacking.
Evidence
package.jsondist/index.jsdist/commands/init.jsdist/commands/hooks.jsdist/commands/starred-collections.jsdist/commands/trail.jsdist/lib/open-url.jsdist/lib/bridge-ipc.jsdist/lib/github-user.js.principal-views/.principal-views/<name>.canvas.principal-views/library.yaml.husky/pre-commit
Network endpoints5
app.principal-ade.comapi.github.comlocalhost:3044127.0.0.1:3044[::1]:3044

Decision evidence

public snapshot
AI called this Clean at 88.0% confidence as Benign with low false-positive risk.
Evidence for block
  • dist/commands/init.js can install husky and write .husky/pre-commit, but only when user runs principal-ai init without --no-husky.
  • dist/commands/hooks.js can run npm install --save-dev husky and mutate .husky/pre-commit, gated by explicit hooks --init/--add commands.
  • dist/commands/trail.js resolves GitHub tokens via gh/git credential and may pass TRAIL_GH_TOKEN to first-party @principal-ai/trail-viewer in remote mode.
Evidence against
  • package.json has no preinstall/install/postinstall lifecycle scripts; prepack is publish-time build only.
  • dist/index.js only wires commander subcommands and parses argv; no import-time install or network action found.
  • Network calls are command-scoped and package-aligned: app.principal-ade.com APIs, api.github.com user lookup, and localhost bridge/collector endpoints.
  • dist/commands/starred-collections.js uses GitHub token as Authorization only for Principal ADE starred-collections API after user invokes that command.
  • dist/lib/open-url.js only spawns platform browser opener for user-facing URL open behavior.
  • No evidence of credential harvesting, stealth persistence, destructive behavior, remote payload execution, or broad AI-agent control-surface mutation.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 51 file(s), 826 KB of source, external domains: api.github.com, app.principal-ade.com, github.com, lucide.dev, opentelemetry.io, refactoring.guru, www.typescriptlang.org
Oversized source lightweight scan
dist/index.cjs12.0 MB file, sampled 256 KB
FilesystemNetworkChildProcessEnvironmentVarsHighEntropyStringsUrlStringsapp.principal-ade.comrefactoring.guruwww.typescriptlang.org

Source & flagged code

10 flagged · loading source
dist/commands/trail.jsView file
68patternName = generic_password severity = medium line = 68 matchedText = const to...m();
Medium
Secret Pattern

Package contains a possible secret pattern.

dist/commands/trail.jsView on unpkg · L68
dist/lib/open-url.jsView file
9*/ L10: import { spawn } from 'node:child_process'; L11: export function openInBrowser(url) {
High
Child Process

Package source references child process execution.

dist/lib/open-url.jsView on unpkg · L9
dist/commands/starred-collections.jsView file
matchType = previous_version_dangerous_delta matchedPackage = @principal-ai/principal-view-cli@0.31.1 matchedIdentity = npm:[redacted]:0.31.1 similarity = 0.980 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/commands/starred-collections.jsView on unpkg
10import { Command } from 'commander'; L11: import { spawnSync } from 'node:child_process'; L12: const BASE_URL = process.env.PRINCIPAL_ADE_BASE_URL?.replace(/\/+$/, '') || L13: 'https://app.principal-ade.com'; L14: // ============================================================================
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

dist/commands/starred-collections.jsView on unpkg · L10
39patternName = generic_password severity = medium line = 39 matchedText = const to...m();
Medium
Secret Pattern

Hardcoded password in dist/commands/starred-collections.js

dist/commands/starred-collections.jsView on unpkg · L39
dist/commands/hooks.jsView file
4* This command installs/removes pre-commit hooks into a target project L5: * that will run `npx @principal-ai/principal-view-cli doctor` and `npx @principal-ai/principal-view-cli validate` before each commit. L6: */ ... L10: import chalk from 'chalk'; L11: import { execSync } from 'node:child_process'; L12: const HUSKY_DIR = '.husky';
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

dist/commands/hooks.jsView on unpkg · L4
dist/index.cjsView file
path = dist/index.cjs kind = oversized_source_file sizeBytes = 12549730 magicHex = [redacted]
High
Oversized Source File

Package contains source files above the static scanner size ceiling.

dist/index.cjsView on unpkg
path = dist/index.cjs kind = oversized_cli_entrypoint sizeBytes = 12549730 magicHex = [redacted]
Medium
Oversized Cli Entrypoint

Package contains an oversized executable-looking CLI entrypoint.

dist/index.cjsView on unpkg
dist/commands/inbox.jsView file
37patternName = generic_password severity = medium line = 37 matchedText = const to...m();
Medium
Secret Pattern

Hardcoded password in dist/commands/inbox.js

dist/commands/inbox.jsView on unpkg · L37
dist/commands/topic.jsView file
47patternName = generic_password severity = medium line = 47 matchedText = const to...m();
Medium
Secret Pattern

Hardcoded password in dist/commands/topic.js

dist/commands/topic.jsView on unpkg · L47

Findings

1 Critical5 High8 Medium4 Low
CriticalPrevious Version Dangerous Deltadist/commands/starred-collections.js
HighChild Processdist/lib/open-url.js
HighShell
HighSame File Env Network Executiondist/commands/starred-collections.js
HighRuntime Package Installdist/commands/hooks.js
HighOversized Source Filedist/index.cjs
MediumSecret Patterndist/commands/trail.js
MediumNetwork
MediumEnvironment Vars
MediumOversized Cli Entrypointdist/index.cjs
MediumStructural Risk Force Deep Review
MediumSecret Patterndist/commands/starred-collections.js
MediumSecret Patterndist/commands/inbox.js
MediumSecret Patterndist/commands/topic.js
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings