registry  /  @ryangallacher/design-system  /  0.2.0

@ryangallacher/design-system@0.2.0

Personal design system — reusable UI components and design tokens

AI Security Review

scanned 2h ago · by lpm-firewall-ai

Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.

Static reason
No blocking static signals were detected.
Trigger
User explicitly runs the `design-system` bin; configured agent later launches `mcp/server.mjs`.
Impact
Adds a package-owned MCP command to project `.mcp.json` and optionally Claude settings; no exfiltration or remote execution observed.
Mechanism
Explicit MCP configuration mutation and local manifest-backed stdio server.
Rationale
The explicit agent-config mutation is a real capability and warrants a warning under the stated policy, but it is user-invoked and package-aligned rather than covert install-time control hijacking. No concrete malicious chain was found.
Evidence
package.jsonmcp/init.mjsmcp/server.mjsdist/index.jsdist/adaptive.js.mcp.json.claude/settings.jsoncomponents.jsondist/manifest.json

Decision evidence

public snapshot
AI called this Suspicious at 92.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `mcp/init.mjs` is an executable bin that writes cwd `.mcp.json`.
  • `mcp/init.mjs` also adds its server to `.claude/settings.json` when `.claude` exists.
  • `mcp/server.mjs` writes `components.json` beside the installed package at startup.
Evidence against
  • `package.json` has no preinstall, install, or postinstall lifecycle hook.
  • MCP configuration writes occur only when the user explicitly invokes the `design-system` bin.
  • `mcp/server.mjs` reads local `dist/manifest.json` and uses stdio transport; no network client/endpoints found.
  • Published UI entrypoints contain component exports and no Node built-in imports or shell execution.
Behavioral surface
Source
EnvironmentVarsFilesystem
Supply chain
HighEntropyStringsMinifiedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 8 file(s), 197 KB of source, external domains: fb.me, www.w3.org

Source & flagged code

3 flagged · loading source
mcp/init.mjsView file
Published source reference
Medium
Ai Review Evidence

`mcp/init.mjs` is an executable bin that writes cwd `.mcp.json`.

mcp/init.mjsView on unpkg
Published source reference
Medium
Ai Review Evidence

`mcp/init.mjs` also adds its server to `.claude/settings.json` when `.claude` exists.

mcp/init.mjsView on unpkg
mcp/server.mjsView file
Published source reference
Medium
Ai Review Evidence

`mcp/server.mjs` writes `components.json` beside the installed package at startup.

mcp/server.mjsView on unpkg

Findings

4 Medium4 Low
MediumEnvironment Vars
MediumAi Review Evidencemcp/init.mjs
MediumAi Review Evidencemcp/init.mjs
MediumAi Review Evidencemcp/server.mjs
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings