registry  /  @ureck/alexandria  /  0.2.1

@ureck/alexandria@0.2.1

Alexandria — bóveda de conocimiento local para agentes de IA (Claude Code, Cursor, OpenCode, Windsurf y más): captura automática, búsqueda semántica offline y grafo de conexiones estilo Obsidian. Ahorra tokens inyectando solo el contexto relevante.

AI Security Review

scanned 5d ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. No confirmed malicious attack surface: the package is a local knowledge-vault CLI/MCP integration that intentionally registers hooks and MCP servers when invoked. It does have broad AI-agent extension lifecycle behavior, but it is user-command setup and package-aligned.

Static reason
One or more suspicious static signals were detected.
Trigger
Explicit commands such as `ale init`, `ale agents`, `ale doctor`, `ale skills`, or registered Claude hooks after setup.
Impact
Local prompts/transcripts may be stored in the configured vault and injected back as context; agent configs may be updated to point at this package's MCP server.
Mechanism
User-invoked local vault, hook, MCP, and skill setup
Rationale
Static inspection shows AI-agent config and hook registration, prompt/transcript capture, and runtime skill installation are explicit package features activated by user CLI commands, with no install-time execution or concrete exfiltration chain. This fits a warning for agent extension lifecycle risk rather than a publish block.
Evidence
package.jsondist/cli.jsdist/chunk-KHTYRYDR.jsdist/mcp/server.jsdist/hooks/on-prompt.jsdist/hooks/on-stop.jsdist/hooks/on-session-start.js.claude/settings.json~/.claude/settings.json.mcp.json~/.claude.json.cursor/mcp.json~/.config/opencode/opencode.jsonopencode.json~/.codeium/windsurf/mcp_config.jsoncline_mcp_settings.json~/.codex/config.toml~/.gemini/settings.json.gemini/settings.json~/.openclaw/openclaw.json~/.hermes/config.yaml.vscode/mcp.json
Network endpoints2
127.0.0.1:<dynamic-port>opencode.ai/config.json

Decision evidence

public snapshot
AI called this Suspicious at 86.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • The CLI registers Alexandria hooks/MCP into multiple AI-agent configs when users run `ale init`, `ale agents`, or `ale doctor`.
  • `dist/hooks/on-prompt.js` captures user prompts into the local vault and injects local search context into Claude Code prompt flow.
  • `dist/hooks/on-stop.js` reads Claude transcript paths provided by hook input and saves session summaries locally.
  • `dist/cli.js` can run `npx --yes skills add ... --yes` from explicit `ale skills` recommendations.
Evidence against
  • `package.json` has no preinstall/install/postinstall hooks; only `prepublishOnly` build script.
  • Agent config writes are explicit CLI commands matching README-described purpose, not install-time mutation.
  • MCP server tools read/write the configured local vault only; no remote exfiltration endpoint found.
  • Network-facing code is a localhost graph viewer at `127.0.0.1` and model dependency loading, package-aligned.
  • Child process use is for opening browser, `claude mcp add`, `hermes mcp add`, and explicit skill install commands.
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemNetworkShell
Supply chain
UrlStrings
ManifestNo manifest risk signals triggered.
scanned 13 file(s), 75.5 KB of source, external domains: 127.0.0.1, nodejs.org, opencode.ai

Source & flagged code

2 flagged · loading source
dist/chunk-KHTYRYDR.jsView file
7import { fileURLToPath } from "url"; L8: import { execFileSync } from "child_process"; L9: function distDir() {
High
Child Process

Package source references child process execution.

dist/chunk-KHTYRYDR.jsView on unpkg · L7
dist/cli.jsView file
289try { L290: execFileSync("npx", ["--yes", "skills", "add", rec.skill, "--yes"], { L291: stdio: "pipe",
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

dist/cli.jsView on unpkg · L289

Findings

3 High2 Medium4 Low
HighChild Processdist/chunk-KHTYRYDR.js
HighShell
HighRuntime Package Installdist/cli.js
MediumNetwork
MediumEnvironment Vars
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowUrl Strings