registry  /  @sgtbeatdown/edc  /  1.1.2

@sgtbeatdown/edc@1.1.2

EDC — Every Day Carry skills for AI coding agents. Deep codebase understanding and context-aware code review.

AI Security Review

scanned 2h ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. No confirmed malicious attack chain was found. This is an explicitly installed AI-agent extension that persists package-owned skills, hooks, and runtime files in agent and project locations.

Static reason
No blocking static signals were detected.
Trigger
User runs install.sh for an agent, or activates the installed Claude/Cursor/Pi extension in a project.
Impact
Can influence supported AI-agent sessions and execute its bundled review orchestration in the active project.
Mechanism
Agent-hook context injection and package-owned runtime deployment.
Rationale
Source shows first-party AI-agent extension setup and session hooks, which warrants a warning under the stated lifecycle policy. No concrete malicious behavior was established.
Evidence
package.jsoninstall.shplugins/edc/hooks/hooks.jsonplugins/edc/hooks/lib/route.mjsplugins/edc/hooks/session-start.mjspi/index.mjs~/.codex/skills~/.cursor/skills~/.cursor/commands~/.edc/scripts~/.edc/skills~/.zshrc~/.bashrc.edc/scripts.edc/hooks/lib.edc/skills
Network endpoints2
raw.githubusercontent.com/almogdepaz/edc/main/install.shgithub.com/almogdepaz/EDC/archive/refs/tags/

Decision evidence

public snapshot
AI called this Suspicious at 88.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • install.sh explicitly writes global Codex skills under ~/.codex/skills.
  • install.sh writes Cursor command wrappers and adds ~/.edc/scripts to shell PATH unless --no-path.
  • hooks.json registers SessionStart and PreToolUse hook commands for supported agent platforms.
  • hooks/lib/route.mjs copies executable runtime and prompt bundles into project .edc/ on agent session start.
Evidence against
  • package.json has only prepublishOnly; no preinstall, install, or postinstall hook.
  • No credential-path harvesting or network exfiltration code found in reviewed runtime files.
  • Network use is limited to explicit installer GitHub archive download and user-requested gh PR diff.
  • Hook injection is gated on an EDC project manifest and non-advisory context mode.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemShell
Supply chain
HighEntropyStrings
ManifestNo manifest risk signals triggered.
scanned 10 file(s), 102 KB of source

Source & flagged code

1 flagged · loading source
plugins/edc/scripts/edc-doctor.shView file
path = plugins/edc/scripts/edc-doctor.sh kind = build_helper sizeBytes = 2739 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

plugins/edc/scripts/edc-doctor.shView on unpkg

Findings

3 Medium4 Low
MediumEnvironment Vars
MediumShips Build Helperplugins/edc/scripts/edc-doctor.sh
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings