registry  /  @supersession/sup  /  0.1.4

@supersession/sup@0.1.4

Your AI coding session, superseded — hand it off to any tool and keep going.

AI Security Review

scanned 2h ago · by lpm-firewall-ai

Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.

Static reason
No blocking static signals were detected.
Trigger
User runs `sup <tool>`, `sup refresh`, `sup push`, or invokes the MCP handoff/refresh tool.
Impact
A user or connected agent can place session-derived instructions into `AGENTS.md` or related tool files; explicit cloud/LLM use transfers session content to configured endpoints.
Mechanism
Session harvesting, redaction, agent-file generation, and optional cloud/LLM transfer.
Rationale
No concrete malicious or install-time behavior was found. The package nonetheless has explicit user-command/MCP capability to alter AI-agent control files and transfer session data, so it warrants a warn rather than a clean verdict under the stated policy.
Evidence
package.jsondist/cli.jsdist/mcp.jsdist/tools.jsdist/discover.jsdist/cloud.jsdist/llm.jsdist/redact.jsdist/login-browser.jsAGENTS.mdCLAUDE.local.mdGEMINI.md~/.supersession/config.json~/.claude/projects~/.codex/sessions
Network endpoints4
supersession.supersession.workers.devsupersession-web.supersession.workers.devapi.anthropic.comapi.openai.com

Decision evidence

public snapshot
AI called this Suspicious at 90.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • `dist/tools.js` maps Codex/Cursor handoffs to project `AGENTS.md`.
  • `dist/cli.js` writes handoff files after explicit CLI commands.
  • `dist/mcp.js` exposes `handoff`/`refresh` tools that write target agent files.
  • `dist/discover.js` reads Claude Code, Codex, and Cursor session stores.
  • `dist/cloud.js` uploads complete redacted session objects on explicit `sup push`.
  • `dist/llm.js` sends redacted transcript prompts when user API keys are configured.
Evidence against
  • `package.json` has no preinstall, install, postinstall, or prepare hook.
  • Writes occur only through user-invoked CLI commands or MCP tool calls.
  • `dist/redact.js` redacts recognized secrets before distillation and cloud upload.
  • `dist/login-browser.js` binds OAuth callback only to `127.0.0.1` and validates state.
  • No remote code loading, eval/vm use, destructive deletion, or stealth persistence found.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 22 file(s), 105 KB of source, external domains: 127.0.0.1, api.anthropic.com, api.openai.com, supersession-web.supersession.workers.dev, supersession.supersession.workers.dev

Source & flagged code

5 flagged · loading source
dist/tools.jsView file
Published source reference
Medium
Ai Review Evidence

`dist/tools.js` maps Codex/Cursor handoffs to project `AGENTS.md`.

dist/tools.jsView on unpkg
dist/cli.jsView file
Published source reference
Medium
Ai Review Evidence

`dist/cli.js` writes handoff files after explicit CLI commands.

dist/cli.jsView on unpkg
dist/mcp.jsView file
Published source reference
Medium
Ai Review Evidence

`dist/mcp.js` exposes `handoff`/`refresh` tools that write target agent files.

dist/mcp.jsView on unpkg
dist/discover.jsView file
Published source reference
Medium
Ai Review Evidence

`dist/discover.js` reads Claude Code, Codex, and Cursor session stores.

dist/discover.jsView on unpkg
dist/cloud.jsView file
Published source reference
Medium
Ai Review Evidence

`dist/cloud.js` uploads complete redacted session objects on explicit `sup push`.

dist/cloud.jsView on unpkg

Findings

7 Medium5 Low
MediumNetwork
MediumEnvironment Vars
MediumAi Review Evidencedist/tools.js
MediumAi Review Evidencedist/cli.js
MediumAi Review Evidencedist/mcp.js
MediumAi Review Evidencedist/discover.js
MediumAi Review Evidencedist/cloud.js
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings