registry  /  @seekrit/cli  /  0.3.0

@seekrit/cli@0.3.0

End-to-end encrypted secrets manager CLI — inject decrypted secrets into any command.

AI Security Review

scanned 7d ago · by lpm-firewall-ai

No confirmed malicious attack surface. The package is a secrets-manager CLI with explicit commands for login, key setup, secret CRUD, env export, command execution with injected secrets, and an optional package-owned MCP server.

Static reason
No blocking static signals were detected.
Trigger
User runs seekrit CLI commands or starts seekrit mcp.
Impact
Can access, decrypt, export, delete, or inject user-authorized secrets when invoked by the user or an MCP client with those credentials.
Mechanism
Explicit secrets manager CLI/MCP operations with configured credentials.
Rationale
The risky primitives are package-aligned and explicit user-invoked functionality for a secrets manager, including MCP tools, not install-time or hidden behavior. No evidence of unconsented exfiltration, remote payload execution, persistence, or AI-agent control hijack was found.
Evidence
package.jsonREADME.mddist/index.jsdist/mcp-hxTidFyj.js$XDG_CONFIG_HOME/seekrit/config.json~/.config/seekrit/config.jsonseekrit.json.env or user-supplied env/export paths
Network endpoints1
localhost:8787

Decision evidence

public snapshot
AI called this Clean at 92.0% confidence as Benign with low false-positive risk.
Evidence for block
  • dist/mcp-hxTidFyj.js registers MCP tools that can reveal a secret when reveal:true and run user-specified commands with injected env.
  • dist/index.js run command spawns a user-supplied command with decrypted secrets in env.
  • dist/index.js and MCP can write config/project/env files on explicit commands.
Evidence against
  • package.json has no preinstall/install/postinstall lifecycle hooks.
  • package.json bin is seekrit -> ./dist/index.js; behavior is CLI/MCP command-activated.
  • Network client only calls configured API base URL, default http://localhost:8787, using documented SEEKRIT credentials.
  • Secret decryption, service tokens, env injection, and token management match README-described secrets-manager functionality.
  • No eval/vm/Function, native binary loading, stealth persistence, destructive install behavior, or foreign AI-agent config mutation found.
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStrings
Manifest
NoLicense
scanned 2 file(s), 69.1 KB of source

Source & flagged code

3 flagged · loading source
dist/mcp-hxTidFyj.jsView file
Published source reference
Low
Ai Review Evidence

dist/mcp-hxTidFyj.js registers MCP tools that can reveal a secret when reveal:true and run user-specified commands with injected env.

dist/mcp-hxTidFyj.jsView on unpkg
dist/index.jsView file
Published source reference
Low
Ai Review Evidence

dist/index.js run command spawns a user-supplied command with decrypted secrets in env.

dist/index.jsView on unpkg
Published source reference
Low
Ai Review Evidence

dist/index.js and MCP can write config/project/env files on explicit commands.

dist/index.jsView on unpkg

Findings

2 Medium7 Low
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowNo License
LowAi Review Evidencedist/mcp-hxTidFyj.js
LowAi Review Evidencedist/index.js
LowAi Review Evidencedist/index.js