registry  /  @testsprite/testsprite-cli  /  0.4.0

@testsprite/testsprite-cli@0.4.0

Official TestSprite command-line interface

AI Security Review

scanned 8h ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. No install-time attack behavior is established. An explicit `testsprite agent install` command writes persistent TestSprite instructions into selected project AI-agent configuration paths, including a managed section in `AGENTS.md`.

Static reason
No blocking static signals were detected.
Trigger
User runs `testsprite agent install` or setup that invokes it.
Impact
Installed guidance can affect subsequent coding-agent behavior in that project; it is user-invoked and path-constrained.
Mechanism
Explicit project-scoped AI-agent extension setup.
Rationale
Not malicious by source inspection: there are no lifecycle hooks or concrete attack chain. The explicit persistent AI-agent configuration capability warrants a warning under the firewall policy.
Evidence
package.jsondist/index.jsdist/commands/agent.jsdist/lib/agent-targets.jsdist/lib/credentials.jsdist/lib/update-check.jsAGENTS.md.claude/skills/testsprite-verify/SKILL.md.cursor/rules/testsprite-verify.mdc.github/instructions/testsprite-verify.instructions.md~/.testsprite/update-check.json
Network endpoints2
api.testsprite.comregistry.npmjs.org/@testsprite%2ftestsprite-cli/latest

Decision evidence

public snapshot
AI called this Suspicious at 93.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `dist/commands/agent.js` implements explicit `testsprite agent install` project-file writes.
  • `dist/lib/agent-targets.js` targets `AGENTS.md` and agent instruction directories including `.claude`, `.cursor`, and `.github`.
  • Agent installation persists TestSprite verification/onboarding instructions that can influence coding-agent behavior.
  • `dist/index.js` performs a TTY-gated update check and writes a local update cache.
Evidence against
  • `package.json` has no `preinstall`, `install`, or `postinstall` lifecycle hook.
  • Agent writes require an explicit CLI subcommand and constrain paths beneath the selected `--dir`.
  • `dist/commands/agent.js` rejects symlink traversal and preserves content outside its Codex managed section.
  • No child-process, shell, eval/vm, dynamic payload-loading, credential harvesting, or unconsented exfiltration was found.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetwork
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 40 file(s), 794 KB of source, external domains: api.testsprite.com, example.com, nodejs.org, registry.npmjs.org, s3-presigned.example.com, staging.example.com, www.testsprite.com, your-app.com

Source & flagged code

3 flagged · loading source
dist/commands/agent.jsView file
Published source reference
Medium
Ai Review Evidence

`dist/commands/agent.js` implements explicit `testsprite agent install` project-file writes.

dist/commands/agent.jsView on unpkg
dist/lib/agent-targets.jsView file
Published source reference
Medium
Ai Review Evidence

`dist/lib/agent-targets.js` targets `AGENTS.md` and agent instruction directories including `.claude`, `.cursor`, and `.github`.

dist/lib/agent-targets.jsView on unpkg
dist/index.jsView file
Published source reference
Medium
Ai Review Evidence

`dist/index.js` performs a TTY-gated update check and writes a local update cache.

dist/index.jsView on unpkg

Findings

6 Medium4 Low
MediumNetwork
MediumEnvironment Vars
MediumAi Review Evidencedist/commands/agent.js
MediumAi Review Evidencedist/lib/agent-targets.js
MediumAi Review Evidence
MediumAi Review Evidencedist/index.js
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings