registry  /  @toolfactory.dev/core  /  1.0.0-rc.2

@toolfactory.dev/core@1.0.0-rc.2

Shared codegen library for api2ai and db2ai

AI Security Review

scanned 2d ago · by lpm-firewall-ai

No confirmed malicious attack surface. The package is a shared code-generation library that emits MCP host/runtime files and project stubs when its exported helpers are invoked.

Static reason
No blocking static signals were detected.
Trigger
npm postinstall runs husky; runtime behavior requires importing ./codegen helpers or running generated hosts
Impact
User-invoked file generation and local server hosting; no observed credential exfiltration or AI-agent control hijack
Mechanism
code generation helpers, local env loading, generated local HTTP MCP server templates
Rationale
Static inspection found lifecycle and code-generation primitives, but they are package-aligned and user-invoked with no concrete malicious chain. The postinstall husky hook is not an AI-agent control-surface mutation and no exfiltration, remote code execution, or stealth persistence was found.
Evidence
package.jsonout/codegen/index.jsout/codegen/project-bootstrap.jsout/codegen/render-http-mcp-server.jsout/codegen/render-oauth-http-mcp-server.jsout/codegen/render-mcp-host-shared.jsout/codegen/mcp-host-product-runtime.jsout/scripts/render-kill-listeners-on-port.mjs.jsout/codegen/auth-stub-bootstrap.jsout/codegen/logging-adapter-bootstrap.jsout/codegen/write-demos-test-support.js

Decision evidence

public snapshot
AI called this Clean at 90.0% confidence as Benign with low false-positive risk.
Evidence for block
  • package.json defines postinstall "husky", an install-time lifecycle command
  • out/scripts/render-kill-listeners-on-port.mjs.js renders a user-invoked helper using execSync to run lsof/ps/kill
  • out/codegen/project-bootstrap.js and auth/logging bootstrap files write generated project files when called
Evidence against
  • package.json exports only ./codegen and has no bin entrypoint
  • No preinstall/install/postinstall code in package source writes AI-agent config or exfiltrates data
  • Network code in out/codegen/render-http-mcp-server.js and render-oauth-http-mcp-server.js renders user-run local MCP HTTP servers
  • Env and credential handling is for generated MCP host auth/base URL context, not harvesting or outbound transmission
  • No hardcoded external exfiltration endpoint, dynamic remote payload loading, eval/vm, persistence, or destructive install behavior found
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 27 file(s), 127 KB of source, external domains: 127.0.0.1

Source & flagged code

1 flagged · loading source
package.jsonView file
scripts.postinstall = husky
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg

Findings

1 High2 Medium5 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumNetwork
MediumEnvironment Vars
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings