registry  /  @toolfactory.dev/core  /  1.0.0-rc.6

@toolfactory.dev/core@1.0.0-rc.6

Shared codegen library for api2ai and db2ai

AI Security Review

scanned 32m ago · by lpm-firewall-ai

No confirmed malicious attack surface was established. The package is a shared codegen library for MCP hosts; suspicious primitives are guarded lifecycle/dev tooling or user-invoked generators.

Static reason
One or more suspicious static signals were detected.
Trigger
npm install, importing ./codegen, or explicit downstream generator/runtime use
Impact
Install in the published package does not execute build/husky paths; runtime helpers may read local env files and generate project files only when called by consumers.
Mechanism
guarded dev lifecycle scripts and user-invoked MCP code generation/runtime helpers
Rationale
Static inspection found install-time scripts, env handling, local HTTP runtime templates, and file-writing codegen helpers, but they are package-aligned and either guarded to a dev checkout absent from the tarball or activated by explicit consumer codegen/runtime use. No exfiltration, remote payload loading, stealth persistence, destructive behavior, or unconsented AI-agent control-surface mutation was found.
Evidence
package.jsonscripts/npm-prepare.mjsscripts/npm-postinstall.mjsout/codegen/index.jsout/codegen/project-bootstrap.jsout/codegen/auth-stub-bootstrap.jsout/codegen/templates/mcp-host-shared.template.jsout/codegen/templates/http-runtime.template.jsout/codegen/templates/oauth-http-runtime.template.jssrc/codegen/index.tsnode_modules/husky/bin.js.env.env.localsrc/hooks/<product>/<module>/*.tsgenerated/<product>/mcp-build-generated-at.ts
Network endpoints5
github.com/annettedorothea/core2aigithub.com/annettedorothea/api2aigithub.com/annettedorothea/db2ai127.0.0.1:<port>/mcp<listenHost>:<port>/mcp

Decision evidence

public snapshot
AI called this Clean at 88.0% confidence as Benign with low false-positive risk.
Evidence for block
  • package.json defines postinstall and prepare lifecycle scripts.
  • scripts/npm-prepare.mjs and scripts/npm-postinstall.mjs import child_process.execSync.
  • out/codegen/* exports MCP host/codegen helpers that can write generated files and read .env/.env.local when invoked.
  • out/codegen/templates/* can generate local HTTP/OAuth MCP runtimes.
Evidence against
  • Published package has no src/ directory, so both lifecycle scripts' dev-checkout guards are false in this tarball.
  • No fetch/axios/undici or remote network client code found; HTTP references are local server/runtime templates or README GitHub links.
  • No credential harvesting or exfiltration path found; credential/env handling is passed into generated MCP hosts for user-invoked runtime behavior.
  • File writes are explicit codegen/bootstrap outputs under caller-provided project paths, not install/import-time mutation.
  • No broad AI-agent config writes such as Cursor/Claude/Codex settings mutation were found.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 43 file(s), 121 KB of source, external domains: 127.0.0.1

Source & flagged code

1 flagged · loading source
package.jsonView file
scripts.postinstall = node scripts/npm[redacted]
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg

Findings

1 High3 Medium5 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings