registry  /  @rubytech/create-property-administrators  /  0.1.434

@rubytech/create-property-administrators@0.1.434

Install Property Administrators — Every detail handled with precision.

AI Security Review

scanned 8h ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. An explicit CLI run provisions a broad local AI/admin platform, including service installation, bundled Claude plugins, and system changes. It also downloads and executes third-party installer scripts without integrity pinning. No unconsented npm install-time execution is present.

Static reason
High-risk behavior combination matched malicious policy.; source matched previously finalized malicious package; routed for review
Trigger
User runs the `create-property-administrators` binary.
Impact
Remote installer compromise could execute code as the invoking user; the installed brand-scoped Claude environment defaults to bypassing permission prompts.
Mechanism
User-invoked platform provisioning with remote shell installers and brand-scoped Claude permission seeding.
Rationale
The package is not proven malicious because dangerous actions are explicit CLI installer behavior and there is no install hook. It remains risky enough to warn because it executes unpinned remote shell installers and seeds a permission-bypassing AI-agent configuration.
Evidence
package.jsondist/index.jsdist/permissions-seed.jsdist/specialist-registration.jspayload/platform/config/brand.json
Network endpoints2
ollama.ai/install.shastral.sh/uv/install.sh

Decision evidence

public snapshot
AI called this Suspicious at 94.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `dist/index.js` executes the installer directly when its CLI binary is invoked.
  • `dist/index.js` uses `curl | sh` for `https://ollama.ai/install.sh` and `https://astral.sh/uv/install.sh`.
  • `dist/index.js` deploys bundled payloads, enables services, and performs privileged system configuration.
  • `dist/permissions-seed.js` writes a brand-scoped Claude `settings.json` with `defaultMode: bypassPermissions`.
  • `dist/specialist-registration.js` symlinks bundled agent definitions into the brand-scoped Claude agents directory.
Evidence against
  • `package.json` has no `preinstall`, `install`, or `postinstall` lifecycle hook.
  • The risky actions are reached through the explicit `create-property-administrators` CLI, not package import.
  • Claude configuration is redirected to a per-brand `CLAUDE_CONFIG_DIR`, not the default user `.claude` directory.
  • No source evidence of credential harvesting or exfiltration to an unrelated endpoint was found.
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsEvalFilesystemNativeBindingsNetworkShell
Supply chain
HighEntropyStringsMinifiedObfuscatedProtestwareTelemetryUrlStrings
Manifest
NoLicense
scanned 807 file(s), 12.1 MB of source, external domains: 0.0.0.0, 127.0.0.1, api.anthropic.com, api.loop.software, api.propertydata.co.uk, api.replicate.com, api.telegram.org, appcenter.intuit.com, astral.sh, brew.sh, chevrotain.io, claude.ai, deb.nodesource.com, debian.neo4j.com, dl.google.com, docs.getmaxy.com, docs.realagent.network, en.wikipedia.org, fonts.googleapis.com, fonts.gstatic.com, getmaxy.com, github.com, graph.microsoft.com, langium.org, llmstxt.org, login.microsoftonline.com, maxy.bot, maxy.setup, ns.adobe.com, oauth.platform.intuit.com, ollama.ai, one.dash.cloudflare.com, platform.claude.com, player.vimeo.com, quickbooks.api.intuit.com, react.dev, registry.npmjs.org, sandbox-quickbooks.api.intuit.com, schema.org, www.anthropic.com, www.linkedin.com, www.w3.org, www.xfa.org, www.youtube-nocookie.com

Source & flagged code

24 flagged · loading source
payload/platform/scripts/smoke-boot-services.shView file
334patternName = generic_password severity = medium line = 334 matchedText = local ne...:-}"
Medium
Secret Pattern

Package contains a possible secret pattern.

payload/platform/scripts/smoke-boot-services.shView on unpkg · L334
dist/index.jsView file
139for (const host of ["registry.npmjs.org", "github.com"]) { L140: const dns = spawnSync("host", ["-W", "5", host], { encoding: "utf-8", stdio: "pipe", timeout: 10_000 }); L141: logFile(`DNS ${host}: ${dns.status === 0 ? "OK" : "FAIL"} — ${(dns.stdout || dns.stderr || "").trim().split("\n")[0]}`); ... L146: "--connect-timeout", "10", L147: "https://registry.npmjs.org/", L148: ], { encoding: "utf-8", stdio: "pipe", timeout: 15_000 }); ... L153: function captureNpmDebugLog() { L154: const logsDir = resolve(process.env.HOME ?? "/root", ".npm/_logs"); L155: if (!existsSync(logsDir))
Critical
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution with blocking evidence.

dist/index.jsView on unpkg · L139
1#!/usr/bin/env node L2: import { execFileSync, spawn, spawnSync } from "node:child_process"; L3: import { existsSync, mkdirSync, writeFileSync, cpSync, readFileSync, rmSync, readdirSync, appendFileSync, openSync, closeSync, chmodSync, statSync, realpathSync, accessSync, consta... ... L9: import { buildHeartbeatCronBlock, mergeHeartbeatBlock } from "./cron-registration.js"; L10: import { validateTierFlag, validateEntitlementBase64, applyTierToAccountConfig, entitlementPath } from "./tier-flag.js"; L11: import { parseOsRelease, isUbuntuLike as isUbuntuLikePure, parseAptCacheCandidate, decideAptResolution, } from "./apt-resolve.js"; ... L49: } L50: const INSTALL_DIR = resolve(process.env.HOME ?? "/root", BRAND.installDir); L51: const PERSIST_DIR = resolve(process.env.HOME ?? "/root", BRAND.configDir); ... L105: ` ${BRAND.productName} Install Log — ${new Date().toISOString()}`, L106: ` Node ${process.version} | ${process.platform} ${process.arch}`, L107: "=".repeat(64),
Critical
Download Execute

Source downloads or fetches remote code and executes it.

dist/index.jsView on unpkg · L1
1Trigger-reachable chain: manifest.bin -> dist/index.js L1: #!/usr/bin/env node L2: import { execFileSync, spawn, spawnSync } from "node:child_process"; L3: import { existsSync, mkdirSync, writeFileSync, cpSync, readFileSync, rmSync, readdirSync, appendFileSync, openSync, closeSync, chmodSync, statSync, realpathSync, accessSync, consta... ... L9: import { buildHeartbeatCronBlock, mergeHeartbeatBlock } from "./cron-registration.js"; L10: import { validateTierFlag, validateEntitlementBase64, applyTierToAccountConfig, entitlementPath } from "./tier-flag.js"; L11: import { parseOsRelease, isUbuntuLike as isUbuntuLikePure, parseAptCacheCandidate, decideAptResolution, } from "./apt-resolve.js"; ... L49: } L50: const INSTALL_DIR = resolve(process.env.HOME ?? "/root", BRAND.installDir); L51: const PERSIST_DIR = resolve(process.env.HOME ?? "/root", BRAND.configDir); ... L105: ` ${BRAND.productName} Install Log — ${new Date().toISOString()}`, L106: ` Node ${process.version} | ${process.platform} ${process.arch}`, L107: "=".repeat(64),
Critical
Trigger Reachable Dangerous Capability

A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.

dist/index.jsView on unpkg · L1
1#!/usr/bin/env node L2: import { execFileSync, spawn, spawnSync } from "node:child_process"; L3: import { existsSync, mkdirSync, writeFileSync, cpSync, readFileSync, rmSync, readdirSync, appendFileSync, openSync, closeSync, chmodSync, statSync, realpathSync, accessSync, consta...
High
Child Process

Package source references child process execution.

dist/index.jsView on unpkg · L1
534// Fetch + dearmor the signing key, write to /etc/apt/trusted.gpg.d/. Pipe L535: // composition runs through bash -c so the curl|gpg pipeline is one L536: // privileged command rather than two separate sudo escalations.
High
Shell

Package source references shell execution.

dist/index.jsView on unpkg · L534
1#!/usr/bin/env node L2: import { execFileSync, spawn, spawnSync } from "node:child_process"; L3: import { existsSync, mkdirSync, writeFileSync, cpSync, readFileSync, rmSync, readdirSync, appendFileSync, openSync, closeSync, chmodSync, statSync, realpathSync, accessSync, consta... ... L9: import { buildHeartbeatCronBlock, mergeHeartbeatBlock } from "./cron-registration.js"; L10: import { validateTierFlag, validateEntitlementBase64, applyTierToAccountConfig, entitlementPath } from "./tier-flag.js"; L11: import { parseOsRelease, isUbuntuLike as isUbuntuLikePure, parseAptCacheCandidate, decideAptResolution, } from "./apt-resolve.js"; ... L49: } L50: const INSTALL_DIR = resolve(process.env.HOME ?? "/root", BRAND.installDir); L51: const PERSIST_DIR = resolve(process.env.HOME ?? "/root", BRAND.configDir); ... L105: ` ${BRAND.productName} Install Log — ${new Date().toISOString()}`, L106: ` Node ${process.version} | ${process.platform} ${process.arch}`, L107: "=".repeat(64),
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

dist/index.jsView on unpkg · L1
1Cross-file remote execution chain: dist/index.js spawns payload/platform/scripts/wifi-provision-server/server.js; helper contains network access plus dynamic code execution. L1: #!/usr/bin/env node L2: import { execFileSync, spawn, spawnSync } from "node:child_process"; L3: import { existsSync, mkdirSync, writeFileSync, cpSync, readFileSync, rmSync, readdirSync, appendFileSync, openSync, closeSync, chmodSync, statSync, realpathSync, accessSync, consta... ... L9: import { buildHeartbeatCronBlock, mergeHeartbeatBlock } from "./cron-registration.js"; L10: import { validateTierFlag, validateEntitlementBase64, applyTierToAccountConfig, entitlementPath } from "./tier-flag.js"; L11: import { parseOsRelease, isUbuntuLike as isUbuntuLikePure, parseAptCacheCandidate, decideAptResolution, } from "./apt-resolve.js"; ... L49: } L50: const INSTALL_DIR = resolve(process.env.HOME ?? "/root", BRAND.installDir); L51: const PERSIST_DIR = resolve(process.env.HOME ?? "/root", BRAND.configDir); ... L105: ` ${BRAND.productName} Install Log — ${new Date().toISOString()}`, L106: ` Node ${process.version} | ${process.platform} ${process.arch}`, L107: "=".repeat(64),
High
Cross File Remote Execution Context

Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.

dist/index.jsView on unpkg · L1
282function canSudo() { L283: const result = spawnSync("sudo", ["-n", "true"], { stdio: "pipe", timeout: 5_000 }); L284: return result.status === 0; ... L286: /** True when the npm global prefix's node_modules dir is writable by the current L287: * user (nvm/Homebrew installs) — meaning `npm install -g` needs no sudo. */ L288: function npm[redacted]() {
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

dist/index.jsView on unpkg · L282
1#!/usr/bin/env node L2: import { execFileSync, spawn, spawnSync } from "node:child_process"; L3: import { existsSync, mkdirSync, writeFileSync, cpSync, readFileSync, rmSync, readdirSync, appendFileSync, openSync, closeSync, chmodSync, statSync, realpathSync, accessSync, consta... ... L9: import { buildHeartbeatCronBlock, mergeHeartbeatBlock } from "./cron-registration.js"; L10: import { validateTierFlag, validateEntitlementBase64, applyTierToAccountConfig, entitlementPath } from "./tier-flag.js"; L11: import { parseOsRelease, isUbuntuLike as isUbuntuLikePure, parseAptCacheCandidate, decideAptResolution, } from "./apt-resolve.js"; ... L49: } L50: const INSTALL_DIR = resolve(process.env.HOME ?? "/root", BRAND.installDir); L51: const PERSIST_DIR = resolve(process.env.HOME ?? "/root", BRAND.configDir); ... L105: ` ${BRAND.productName} Install Log — ${new Date().toISOString()}`, L106: ` Node ${process.version} | ${process.platform} ${process.arch}`, L107: "=".repeat(64),
Medium
Install Persistence

Source writes installer persistence such as shell profile or service configuration.

dist/index.jsView on unpkg · L1
payload/platform/plugins/prompt-optimiser/skills/prompt-optimiser/__tests__/restatement-ladder.test.shView file
path = payload/platform/plugins/prompt-optimiser/skills/prompt-optimiser/__tests__/restatement-ladder.test.sh kind = payload_in_excluded_dir sizeBytes = 936 magicHex = [redacted]
High
Payload In Excluded Dir

Package hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.

payload/platform/plugins/prompt-optimiser/skills/prompt-optimiser/__tests__/restatement-ladder.test.shView on unpkg
path = payload/platform/plugins/prompt-optimiser/skills/prompt-optimiser/__tests__/restatement-ladder.test.sh kind = build_helper sizeBytes = 936 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

payload/platform/plugins/prompt-optimiser/skills/prompt-optimiser/__tests__/restatement-ladder.test.shView on unpkg
payload/server/public/brand/fonts/opensans-400.woff2View file
path = [redacted]-400.woff2 kind = high_entropy_blob sizeBytes = 13452 magicHex = [redacted]
High
Ships High Entropy Blob

Package ships high-entropy non-source blobs.

payload/server/public/brand/fonts/opensans-400.woff2View on unpkg
payload/platform/plugins/cloudflare/mcp/dist/lib/cloudflared.jsView file
matchType = normalized_sha256 matchedPackage = @rubytech/create-sitedesk-code@0.1.378 matchedPath = [redacted].js matchedIdentity = npm:[redacted]:0.1.378 similarity = 1.000 summary = normalized source hash matched finalized malicious source
High
Known Malware Source Similarity

Source file is highly similar to a previously finalized malicious package; route for source-aware review.

payload/platform/plugins/cloudflare/mcp/dist/lib/cloudflared.jsView on unpkg
payload/platform/plugins/admin/lib/mcp-spawn-tee/index.jsView file
matchType = normalized_sha256 matchedPackage = @rubytech/create-sitedesk-code@0.1.378 matchedPath = [redacted]-spawn-tee/index.js matchedIdentity = npm:[redacted]:0.1.378 similarity = 1.000 summary = normalized source hash matched finalized malicious source
High
Known Malware Source Similarity

Source file is highly similar to a previously finalized malicious package; route for source-aware review.

payload/platform/plugins/admin/lib/mcp-spawn-tee/index.jsView on unpkg
payload/platform/plugins/aeo/lib/mcp-spawn-tee/index.jsView file
matchType = normalized_sha256 matchedPackage = @rubytech/create-sitedesk-code@0.1.378 matchedPath = [redacted]-spawn-tee/index.js matchedIdentity = npm:[redacted]:0.1.378 similarity = 1.000 summary = normalized source hash matched finalized malicious source
High
Known Malware Source Similarity

Source file is highly similar to a previously finalized malicious package; route for source-aware review.

payload/platform/plugins/aeo/lib/mcp-spawn-tee/index.jsView on unpkg
payload/platform/plugins/browser/lib/mcp-spawn-tee/index.jsView file
matchType = normalized_sha256 matchedPackage = @rubytech/create-sitedesk-code@0.1.378 matchedPath = [redacted]-spawn-tee/index.js matchedIdentity = npm:[redacted]:0.1.378 similarity = 1.000 summary = normalized source hash matched finalized malicious source
High
Known Malware Source Similarity

Source file is highly similar to a previously finalized malicious package; route for source-aware review.

payload/platform/plugins/browser/lib/mcp-spawn-tee/index.jsView on unpkg
payload/platform/plugins/connector/lib/mcp-spawn-tee/index.jsView file
matchType = normalized_sha256 matchedPackage = @rubytech/create-sitedesk-code@0.1.378 matchedPath = [redacted]-spawn-tee/index.js matchedIdentity = npm:[redacted]:0.1.378 similarity = 1.000 summary = normalized source hash matched finalized malicious source
High
Known Malware Source Similarity

Source file is highly similar to a previously finalized malicious package; route for source-aware review.

payload/platform/plugins/connector/lib/mcp-spawn-tee/index.jsView on unpkg
payload/platform/plugins/email/mcp/dist/__tests__/email-delete.test.jsView file
52patternName = generic_password severity = medium line = 52 matchedText = credenti..." },
Medium
Secret Pattern

Hardcoded password in payload/platform/plugins/email/mcp/dist/__tests__/email-delete.test.js

payload/platform/plugins/email/mcp/dist/__tests__/email-delete.test.jsView on unpkg · L52
payload/platform/plugins/email/mcp/dist/__tests__/email-setup.test.jsView file
28patternName = generic_password severity = medium line = 28 matchedText = password...nt",
Medium
Secret Pattern

Hardcoded password in payload/platform/plugins/email/mcp/dist/__tests__/email-setup.test.js

payload/platform/plugins/email/mcp/dist/__tests__/email-setup.test.jsView on unpkg · L28
43patternName = generic_password severity = medium line = 43 matchedText = password...nt",
Medium
Secret Pattern

Hardcoded password in payload/platform/plugins/email/mcp/dist/__tests__/email-setup.test.js

payload/platform/plugins/email/mcp/dist/__tests__/email-setup.test.jsView on unpkg · L43
57patternName = generic_password severity = medium line = 57 matchedText = password...nt",
Medium
Secret Pattern

Hardcoded password in payload/platform/plugins/email/mcp/dist/__tests__/email-setup.test.js

payload/platform/plugins/email/mcp/dist/__tests__/email-setup.test.jsView on unpkg · L57
127patternName = generic_password severity = medium line = 127 matchedText = email: "...0*",
Medium
Secret Pattern

Hardcoded password in payload/platform/plugins/email/mcp/dist/__tests__/email-setup.test.js

payload/platform/plugins/email/mcp/dist/__tests__/email-setup.test.jsView on unpkg · L127
payload/platform/lib/task-secrets/src/__tests__/redact-secrets.test.tsView file
73patternName = generic_password severity = medium line = 73 matchedText = { passwo...' },
Medium
Secret Pattern

Hardcoded password in payload/platform/lib/task-secrets/src/__tests__/redact-secrets.test.ts

payload/platform/lib/task-secrets/src/__tests__/redact-secrets.test.tsView on unpkg · L73

Findings

3 Critical12 High14 Medium9 Low
CriticalSame File Env Network Executiondist/index.js
CriticalDownload Executedist/index.js
CriticalTrigger Reachable Dangerous Capabilitydist/index.js
HighChild Processdist/index.js
HighShelldist/index.js
HighSandbox Evasion Gated Capabilitydist/index.js
HighCross File Remote Execution Contextdist/index.js
HighRuntime Package Installdist/index.js
HighShips High Entropy Blobpayload/server/public/brand/fonts/opensans-400.woff2
HighPayload In Excluded Dirpayload/platform/plugins/prompt-optimiser/skills/prompt-optimiser/__tests__/restatement-ladder.test.sh
HighKnown Malware Source Similaritypayload/platform/plugins/cloudflare/mcp/dist/lib/cloudflared.js
HighKnown Malware Source Similaritypayload/platform/plugins/admin/lib/mcp-spawn-tee/index.js
HighKnown Malware Source Similaritypayload/platform/plugins/aeo/lib/mcp-spawn-tee/index.js
HighKnown Malware Source Similaritypayload/platform/plugins/browser/lib/mcp-spawn-tee/index.js
HighKnown Malware Source Similaritypayload/platform/plugins/connector/lib/mcp-spawn-tee/index.js
MediumSecret Patternpayload/platform/scripts/smoke-boot-services.sh
MediumDynamic Require
MediumNetwork
MediumEnvironment Vars
MediumInstall Persistencedist/index.js
MediumProtestware
MediumShips Build Helperpayload/platform/plugins/prompt-optimiser/skills/prompt-optimiser/__tests__/restatement-ladder.test.sh
MediumStructural Risk Force Deep Review
MediumSecret Patternpayload/platform/plugins/email/mcp/dist/__tests__/email-delete.test.js
MediumSecret Patternpayload/platform/plugins/email/mcp/dist/__tests__/email-setup.test.js
MediumSecret Patternpayload/platform/plugins/email/mcp/dist/__tests__/email-setup.test.js
MediumSecret Patternpayload/platform/plugins/email/mcp/dist/__tests__/email-setup.test.js
MediumSecret Patternpayload/platform/plugins/email/mcp/dist/__tests__/email-setup.test.js
MediumSecret Patternpayload/platform/lib/task-secrets/src/__tests__/redact-secrets.test.ts
LowNon Install Lifecycle Scripts
LowScripts Present
LowEval
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowTelemetry
LowUrl Strings
LowNo License