registry  /  @uge/payo  /  1.1.1

@uge/payo@1.1.1

CLI tool to generate AI rules and skills for your project

AI Security Review

scanned 10d ago · by lpm-firewall-ai

No confirmed malicious attack surface was found. The package is a user-invoked CLI that generates AI-assistant guidance files and can optionally drive locally installed AI CLIs.

Static reason
One or more suspicious static signals were detected.
Trigger
User runs payo/npx @uge/payo and chooses generation options
Impact
Creates or renames documented guidance files in the current project; optional selected AI CLIs may contact their own providers under the user's account.
Mechanism
Interactive local file generation with optional AI CLI subprocesses
Rationale
The suspicious primitives are aligned with the documented CLI functionality and require explicit runtime use; there is no install-time execution, hidden endpoint, credential harvesting, or unconsented AI-agent control-surface mutation. Optional subprocess execution targets known local AI assistant CLIs to write requested guidance files.
Evidence
package.jsonREADME.mddist/index.jsAGENTS.mdCLAUDE.md.cursorrules.cursor/rules/**.github/copilot-instructions.md.github/instructions/**.claude/skills/**.agents/skills/**.windsurfrulesAI_RULES.md.payo/**bootstrap-prompt.md

Decision evidence

public snapshot
AI called this Clean at 88.0% confidence as Benign with low false-positive risk.
Evidence for block
  • dist/index.js imports child_process spawn/spawnSync for optional AI CLI execution
  • dist/index.js defines agent args with permissive flags for claude/copilot/antigravity/codex when user selects those tools
  • dist/index.js can write AI guidance files such as AGENTS.md, CLAUDE.md, .cursorrules, and .claude/skills/**
Evidence against
  • package.json has no install/preinstall/postinstall lifecycle hooks
  • README.md describes the CLI purpose: generate AI assistant rules/skills in the current project
  • dist/index.js only activates generation through the payo CLI flow, not on package import/install
  • dist/index.js network-like behavior is delegated to locally installed AI CLIs; no hardcoded exfiltration endpoint found
  • dist/index.js uses fs writes/renames for documented project artifacts and .payo session state
  • Scanner eval signal appears from bundled zod/JIT code, not package attack logic
Behavioral surface
Source
ChildProcessEnvironmentVarsEvalFilesystemNetwork
Supply chain
HighEntropyStringsMinifiedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 1 file(s), 471 KB of source, external domains: github.com, json-schema.org

Source & flagged code

4 flagged · loading source
dist/index.jsView file
171`)+` L172: `}var W_={id:"cursor",displayName:"Cursor",knownArtifacts:[".cursorrules",".cursor/rules"],generate:(r)=>[{path:".cursorrules",content:vr("Cursor Rules",r.sections)}],agent:{binary... L173: `),I=v.map((b)=>`- ${b}: one of [${ab(b,g).join(", ")}]`).join(`
High
Child Process

Package source references child process execution.

dist/index.jsView on unpkg · L171
171`)+` L172: `}var W_={id:"cursor",displayName:"Cursor",knownArtifacts:[".cursorrules",".cursor/rules"],generate:(r)=>[{path:".cursorrules",content:vr("Cursor Rules",r.sections)}],agent:{binary... L173: `),I=v.map((b)=>`- ${b}: one of [${ab(b,g).join(", ")}]`).join(` ... L176: `),"Review your stack"),await g()==="generate")return v;let i=OX(r,v),u=await $(i);if(!u)continue;let I=i.find((U)=>U.id===u);if(!I)continue;if(I.kind==="gate")v=EX(r,v,u);else{let... L177: `),`Recommended ${g.title} settings`)}let b=await $v({id:g.id,type:"select",message:`${g.title} — how to proceed?`,options:U,allowOther:!1},v.answers);v=Ar(v,g.id,b),I=n1(b)}if(I==... L178: `)}];var dN={id:"tailwind",title:"Tailwind CSS",category:"styling",appliesTo:(r)=>r.stylingLibrary==="tailwind",questions:()=>[{id:"tailwind.config",type:"select",summary:"Config s...
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

dist/index.jsView on unpkg · L171
161`)})}let z=r.documentation;if(Array.isArray(z)&&z.length){let V=z.map((H)=>nX[H]??`- Maintain ${H} documentation.`);v.push({title:"Documentation",body:V.join(` L162: `)})}let N=Jr(r,"logger"),j=N==="centralized"?"- Build one simple centralized logger module (a thin wrapper over the stdlib output) and import it everywhere; no third-party logging... L163: `)});let k=r.testTypes,G=["- Keep a separate testing setup: dedicated test config and directory layout; use fixtures/factories."];if(Array.isArray(k)&&k.length)G.unshift(`- Test ty... ... L171: `)+` L172: `}var W_={id:"cursor",displayName:"Cursor",knownArtifacts:[".cursorrules",".cursor/rules"],generate:(r)=>[{path:".cursorrules",content:vr("Cursor Rules",r.sections)}],agent:{binary... L173: `),I=v.map((b)=>`- ${b}: one of [${ab(b,g).join(", ")}]`).join(` ... L176: `),"Review your stack"),await g()==="generate")return v;let i=OX(r,v),u=await $(i);if(!u)continue;let I=i.find((U)=>U.id===u);if(!I)continue;if(I.kind==="gate")v=EX(r,v,u);else{let... L177: `),`Recommended ${g.title} settings`)}let b=await $v({id:g.id,type:"select",message:`${g.title} — how to proceed?`,options:U,allowOther:!1},v.answers);v=Ar(v,g.id,b),I=n1(b)}if(I
High
Command Output Exfiltration

Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.

dist/index.jsView on unpkg · L161
83${I} L84: `}}}}).prompt();import dv from"fs";import BW from"path";import{randomUUID as AW}from"crypto";var Gr={};xr(Gr,{xor:()=>VD,xid:()=>d0,void:()=>LD,uuidv7:()=>l0,uuidv6:()=>R0,uuidv4:(... L85: `)}var Q$=(r)=>(v,n,g,$)=>{let i=g?{...g,async:!1}:{async:!1},u=v._zod.run({value:n,issues:[]},i);if(u instanceof Promise)throw new Mr;if(u.issues.length){let I=new($?.Err??r)(u.is...
Low
Eval

Package source references a known benign dynamic code generation pattern.

dist/index.jsView on unpkg · L83

Findings

3 High2 Medium5 Low
HighChild Processdist/index.js
HighSame File Env Network Executiondist/index.js
HighCommand Output Exfiltrationdist/index.js
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowEvaldist/index.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings