AI Security Review
scanned 7d ago · by lpm-firewall-aiNo confirmed malicious attack surface. The package is a secrets-manager CLI with explicit commands for login, key setup, secret CRUD, env export, command execution with injected secrets, and an optional package-owned MCP server.
Decision evidence
public snapshot- dist/mcp-hxTidFyj.js registers MCP tools that can reveal a secret when reveal:true and run user-specified commands with injected env.
- dist/index.js run command spawns a user-supplied command with decrypted secrets in env.
- dist/index.js and MCP can write config/project/env files on explicit commands.
- package.json has no preinstall/install/postinstall lifecycle hooks.
- package.json bin is seekrit -> ./dist/index.js; behavior is CLI/MCP command-activated.
- Network client only calls configured API base URL, default http://localhost:8787, using documented SEEKRIT credentials.
- Secret decryption, service tokens, env injection, and token management match README-described secrets-manager functionality.
- No eval/vm/Function, native binary loading, stealth persistence, destructive install behavior, or foreign AI-agent config mutation found.
Source & flagged code
3 flagged · loading sourcedist/mcp-hxTidFyj.js registers MCP tools that can reveal a secret when reveal:true and run user-specified commands with injected env.
dist/mcp-hxTidFyj.jsView on unpkgdist/index.js run command spawns a user-supplied command with decrypted secrets in env.
dist/index.jsView on unpkgdist/index.js and MCP can write config/project/env files on explicit commands.
dist/index.jsView on unpkg