registry  /  @shipeasy/cli  /  2.6.0

@shipeasy/cli@2.6.0

CLI for the Shipeasy platform (flags, experiments, translations, bugs)

AI Security Review

scanned 2h ago · by lpm-firewall-ai

Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs `shipeasy mcp install`, `shipeasy setup`, or `shipeasy upgrade`.
Impact
Can add a Shipeasy MCP endpoint to supported agent configuration and invoke package-manager or agent CLI commands after user selection.
Mechanism
Explicit AI-agent MCP/skill registration and optional subprocess-based updates.
Rationale
No concrete malicious or unconsented install-time behavior was found. The explicit user-command mutation of AI-agent configuration is a risky capability that warrants a warning under the firewall policy.
Evidence
package.jsonbin/shipeasy.jsdist/index.js~/.claude/settings.json~/.cursor/mcp.json~/.codex/config.toml.mcp.json.cursor/mcp.json.vscode/mcp.jsonAGENTS.mdshipeasy-wiring.md
Network endpoints3
mcp.shipeasy.ai/mcpapi.shipeasy.airegistry.npmjs.org/@shipeasy/cli/latest

Decision evidence

public snapshot
AI called this Suspicious at 90.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `dist/index.js` registers explicit `mcp install`, `setup`, and `upgrade` commands that configure AI-agent integrations.
  • `registerMcp` conditionally writes MCP entries for Claude, Cursor, Copilot, or invokes `codex mcp add`.
  • MCP configuration points to first-party `https://mcp.shipeasy.ai/mcp`; setup can install or refresh marketplace skills.
  • CLI invocation performs a cached update check against `https://registry.npmjs.org/@shipeasy/cli/latest`.
Evidence against
  • `package.json` has no `preinstall`, `install`, or `postinstall` lifecycle hook.
  • `bin/shipeasy.js` only invokes `run()` after the user executes the CLI.
  • Agent-config and SDK-install behavior is attached to named user commands, with dry-run, scope, and prompt controls.
  • Network/auth code uses Shipeasy endpoints and stores its own credentials under the Shipeasy config directory; no arbitrary credential harvesting found.
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetwork
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 25 file(s), 496 KB of source, external domains: 127.0.0.1, api.cursor.com, api.github.com, api.shipeasy.ai, app.shipeasy.ai, cdn.shipeasy.ai, claude.ai, docs.shipeasy.ai, github.com, jules.googleapis.com, mcp.shipeasy.ai, raw.githubusercontent.com, registry.npmjs.org, shipeasy.ai, www.w3.org

Source & flagged code

5 flagged · loading source
dist/index.jsView file
matchType = previous_version_dangerous_delta matchedPackage = @shipeasy/cli@2.4.0 matchedIdentity = npm:QHNoaXBlYXN5L2NsaQ:2.4.0 similarity = 0.960 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/index.jsView on unpkg
46var import_node_http = __toESM(require("http")); L47: var import_node_child_process = require("child_process"); L48:
High
Child Process

Package source references child process execution.

dist/index.jsView on unpkg · L46
45var import_node_crypto = __toESM(require("crypto")); L46: var import_node_http = __toESM(require("http")); L47: var import_node_child_process = require("child_process"); L48: ... L55: function configPath() { L56: const xdg = process.env.XDG_CONFIG_HOME; L57: const root = xdg ? xdg : import_node_path.default.join(import_node_os.default.homedir(), ".config");
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

dist/index.jsView on unpkg · L45
45var import_node_crypto = __toESM(require("crypto")); L46: var import_node_http = __toESM(require("http")); L47: var import_node_child_process = require("child_process"); L48: ... L55: function configPath() { L56: const xdg = process.env.XDG_CONFIG_HOME; L57: const root = xdg ? xdg : import_node_path.default.join(import_node_os.default.homedir(), ".config"); L58: return import_node_path.default.join(root, "shipeasy", "config.json"); ... L76: const raw = import_node_fs.default.readFileSync(configPath(), "utf-8"); L77: const parsed = JSON.parse(raw); L78: if (!parsed.project_id || !parsed.cli_token) return null; ... L136: if (url.pathname !== "/" && url.pathname !== "/callback") {
High
Host Fingerprint Exfiltration

Source collects local host identity data and sends it to an external endpoint.

dist/index.jsView on unpkg · L45
bin/shipeasy.jsView file
1#!/usr/bin/env node L2: require("../dist/index.js").run();
Medium
Dynamic Require

Package source references dynamic require/import behavior.

bin/shipeasy.jsView on unpkg · L1

Findings

1 Critical3 High3 Medium4 Low
CriticalPrevious Version Dangerous Deltadist/index.js
HighChild Processdist/index.js
HighSame File Env Network Executiondist/index.js
HighHost Fingerprint Exfiltrationdist/index.js
MediumDynamic Requirebin/shipeasy.js
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings