AI Security Review
scanned 4h ago · by lpm-firewall-aiNo confirmed malicious attack surface is established. Explicit CLI and MCP actions can intentionally decrypt, export, or inject managed secrets and call the configured Seekrit API.
Static reason
One or more suspicious static signals were detected.
Trigger
User runs `seekrit` commands or explicitly starts `seekrit mcp`.
Impact
Expected privileged secrets-management behavior; no unconsented install-time execution or unrelated exfiltration found.
Mechanism
Authenticated Seekrit API client with user-invoked secret materialization and process launching.
Rationale
The flagged primitives are package-aligned and activated only by explicit CLI or MCP use. Static inspection found no lifecycle persistence, stealth execution, foreign AI-agent configuration mutation, or concrete exfiltration chain.
Evidence
package.jsondist/index.jsdist/mcp-ARBuneH3.jsREADME.md
Network endpoints1
api.seekrit.dev
Decision evidence
public snapshotAI called this Clean at 93.0% confidence as Benign with low false-positive risk.
Evidence for block
- `dist/index.js` spawns only the command explicitly passed to `seekrit run`, with resolved secrets in its environment.
- `dist/mcp-ARBuneH3.js` exposes explicit MCP tools to run a requested command and write a requested dotenv path.
- `dist/index.js` reads credential and cloud-provider environment variables for documented secret-management commands.
Evidence against
- `package.json` has no preinstall, install, postinstall, or other lifecycle hook.
- `dist/index.js` has one API transport, targeting the configured base URL (default `https://api.seekrit.dev`).
- No `eval`, `Function`, VM loading, remote code loading, shell-string execution, or hidden binary loading was found.
- Filesystem writes are tied to explicit commands: Seekrit config, `seekrit.json`, SSH output, or MCP-requested dotenv export.
- `dist/index.js` starts MCP only through the explicit `seekrit mcp` command over stdio.
- The scanner's token/secret indicators match this package's stated encrypted-secrets-manager function.
Behavioral surface
ChildProcessEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsUrlStrings
NoLicense
Source & flagged code
2 flagged · loading sourcedist/index.jsView file
1171patternName = private_key_openssh
severity = critical
line = 1171
matchedText = return `...\n`;
Critical
Critical Secret
Package contains a critical-looking secret pattern.
dist/index.jsView on unpkg · L11711171patternName = private_key_openssh
severity = critical
line = 1171
matchedText = return `...\n`;
Critical
Findings
2 Critical2 Medium5 Low
CriticalCritical Secretdist/index.js
CriticalSecret Patterndist/index.js
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License