registry  /  @ureck/alexandria  /  0.5.2

@ureck/alexandria@0.5.2

Alexandria — bóveda de conocimiento local para agentes de IA (Claude Code, Cursor, OpenCode, Windsurf y más): captura automática, búsqueda semántica offline y grafo de conexiones estilo Obsidian. Ahorra tokens inyectando solo el contexto relevante.

AI Security Review

scanned 3d ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. Explicit CLI setup persists Alexandria MCP/hook integrations across supported AI-agent configurations. This is an agent-extension lifecycle surface, not install-time execution.

Static reason
One or more suspicious static signals were detected.
Trigger
User runs `ale init`, `ale agents`, or `ale skills`.
Impact
Future configured agent sessions can invoke Alexandria hooks/MCP and receive its local-vault context.
Mechanism
Writes agent configuration/hooks and optionally installs recommended skills via `npx`.
Rationale
No malicious install-time or covert attack behavior was found. Flag as warn because explicit setup creates persistent AI-agent hooks/configuration and can install third-party skills at runtime.
Evidence
package.jsondist/cli.jsdist/chunk-IQM5S5N4.jsdist/hooks/on-prompt.jsdist/hooks/on-session-start.jsdist/hooks/on-stop.jsdist/chunk-UTXUGXDB.js.claude/settings.json.mcp.jsonCLAUDE.md~/.claude/settings.json~/.claude/CLAUDE.md.claude/skills
Network endpoints1
127.0.0.1

Decision evidence

public snapshot
AI called this Suspicious at 86.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `dist/cli.js` `ale init` explicitly registers persistent hooks, MCP servers, and a CLAUDE.md instruction block.
  • `dist/chunk-IQM5S5N4.js` writes Claude hooks and MCP configuration; the hooks run Node scripts on future agent events.
  • `dist/cli.js` supports multiple agent configs and can invoke `npx skills add` from the explicit `ale skills` command.
Evidence against
  • `package.json` has no `preinstall`, `install`, or `postinstall`; `prepublishOnly` is publisher-side.
  • All config and hook mutations are reached through explicit CLI commands, chiefly `ale init`, `ale agents`, and `ale skills`.
  • `dist/chunk-UTXUGXDB.js` serves only `http://127.0.0.1` for the local graph viewer.
  • No source evidence of credential harvesting, data exfiltration, remote payload evaluation, or destructive filesystem behavior.
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemNetworkShell
Supply chain
UrlStrings
ManifestNo manifest risk signals triggered.
scanned 16 file(s), 112 KB of source, external domains: 127.0.0.1, nodejs.org, opencode.ai

Source & flagged code

2 flagged · loading source
dist/chunk-UTXUGXDB.jsView file
9import path from "path"; L10: import { spawn } from "child_process"; L11: function buildGraphData(idx) {
High
Child Process

Package source references child process execution.

dist/chunk-UTXUGXDB.jsView on unpkg · L9
dist/cli.jsView file
125try { L126: execFileSync("npx", ["--yes", "skills", "add", rec.skill, "--yes"], { L127: stdio: "pipe",
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

dist/cli.jsView on unpkg · L125

Findings

3 High2 Medium4 Low
HighChild Processdist/chunk-UTXUGXDB.js
HighShell
HighRuntime Package Installdist/cli.js
MediumNetwork
MediumEnvironment Vars
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowUrl Strings