registry  /  @syntharil/cli  /  0.2.1

@syntharil/cli@0.2.1

Syntharil CLI — observe seeding/replication/metadata jobs from your terminal or agent

AI Security Review

scanned 2h ago · by lpm-firewall-ai

No confirmed malicious attack surface. The CLI sends explicit user-command API requests and stores its own OAuth token locally after login.

Static reason
One or more suspicious static signals were detected.
Trigger
User invokes syntharil login, logout, or jobs commands.
Impact
Can manage the user's authorized Syntharil jobs and local CLI token only.
Mechanism
Authenticated Syntharil job-management CLI
Rationale
Source inspection shows a conventional CLI with no install-time execution and no concrete exfiltration or persistence beyond its own token config. Scanner signals arise from legitimate authenticated API, environment, filesystem, and bundled dependency use.
Evidence
package.jsonREADME.mddist/index.mjs~/.config/syntharil/config.json
Network endpoints3
prod.syntharil.app/api/v1/oauth/revoke/api/v1/jobs

Decision evidence

public snapshot
AI called this Clean at 96.0% confidence as Benign with low false-positive risk.
Evidence for block
    Evidence against
    • package.json has no preinstall/install/postinstall lifecycle hook.
    • dist/index.mjs only runs through the declared syntharil CLI bin.
    • Network requests are authenticated API calls to the configured Syntharil endpoint.
    • Token persistence is limited to ~/.config/syntharil/config.json with mode 0600.
    • Job run/cancel actions are explicit user CLI commands.
    • No harvesting, arbitrary shell execution, remote payload loading, or agent-control writes found.
    Behavioral surface
    Source
    ChildProcessEnvironmentVarsNetwork
    Supply chain
    HighEntropyStringsMinifiedUrlStrings
    Manifest
    WildcardDependency
    scanned 1 file(s), 360 KB of source, external domains: 127.0.0.1, json-schema.org, prod.syntharil.app

    Source & flagged code

    3 flagged · loading source
    dist/index.mjsView file
    14(Did you mean one of ${o.join(", ")}?)`:o.length===1?` L15: (Did you mean ${o[0]}?)`:""}du.suggestSimilar=ap});var hu=ye(Yn=>{var sp=ct("node:events").EventEmitter,qn=ct("node:child_process"),ae=ct("node:path"),Wt=ct("node:fs"),I=ct("node:p... L16: - specify the name in Command constructor or using .name()`);return n=n||{},n.isDefault&&(this._defaultCommandName=r._name),(n.noHelp||n.hidden)&&(r._hidden=!0),this._registerComma...
    High
    Child Process

    Package source references child process execution.

    dist/index.mjsView on unpkg · L14
    14(Did you mean one of ${o.join(", ")}?)`:o.length===1?` L15: (Did you mean ${o[0]}?)`:""}du.suggestSimilar=ap});var hu=ye(Yn=>{var sp=ct("node:events").EventEmitter,qn=ct("node:child_process"),ae=ct("node:path"),Wt=ct("node:fs"),I=ct("node:p... L16: - specify the name in Command constructor or using .name()`);return n=n||{},n.isDefault&&(this._defaultCommandName=r._name),(n.noHelp||n.hidden)&&(r._hidden=!0),this._registerComma... ... L27: Expecting one of '${o.join("', '")}'`);let e=`${r}Help`;return this.on(e,i=>{let a;typeof n=="function"?a=n({error:i.error,command:i.command}):a=n,a&&i.write(`${a} L28: `)}),this}_outputHelpIfRequested(r){let n=this._getHelpOption();n&&r.find(e=>n.is(e))&&(this.outputHelp(),this._exit(0,"commander.helpDisplayed","(outputHelp)"))}};function gu(t){r... L29: `,{mode:384}),gp(r,384)}function Su(t=ti()){$p(t,{force:!0})}function lt(t,r=process.env,n=ri()){return{apiUrl:t.apiUrl||r.SYNTHARIL_API_URL||n.apiUrl||ei,token:t.token||r.SYNTHARI...
    High
    Same File Env Network Execution

    A single source file combines environment access, network access, and code or shell execution; review context before blocking.

    dist/index.mjsView on unpkg · L14
    14(Did you mean one of ${o.join(", ")}?)`:o.length===1?` L15: (Did you mean ${o[0]}?)`:""}du.suggestSimilar=ap});var hu=ye(Yn=>{var sp=ct("node:events").EventEmitter,qn=ct("node:child_process"),ae=ct("node:path"),Wt=ct("node:fs"),I=ct("node:p... L16: - specify the name in Command constructor or using .name()`);return n=n||{},n.isDefault&&(this._defaultCommandName=r._name),(n.noHelp||n.hidden)&&(r._hidden=!0),this._registerComma... ... L27: Expecting one of '${o.join("', '")}'`);let e=`${r}Help`;return this.on(e,i=>{let a;typeof n=="function"?a=n({error:i.error,command:i.command}):a=n,a&&i.write(`${a} L28: `)}),this}_outputHelpIfRequested(r){let n=this._getHelpOption();n&&r.find(e=>n.is(e))&&(this.outputHelp(),this._exit(0,"commander.helpDisplayed","(outputHelp)"))}};function gu(t){r... L29: `,{mode:384}),gp(r,384)}function Su(t=ti()){$p(t,{force:!0})}function lt(t,r=process.env,n=ri()){return{apiUrl:t.apiUrl||r.SYNTHARIL_API_URL||n.apiUrl||ei,token:t.token||r.SYNTHARI...
    High
    Command Output Exfiltration

    Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.

    dist/index.mjsView on unpkg · L14

    Findings

    3 High3 Medium3 Low
    HighChild Processdist/index.mjs
    HighSame File Env Network Executiondist/index.mjs
    HighCommand Output Exfiltrationdist/index.mjs
    MediumNetwork
    MediumEnvironment Vars
    MediumWildcard Dependency
    LowScripts Present
    LowHigh Entropy Strings
    LowUrl Strings