registry  /  @vue-skuilder/cli  /  0.2.16

@vue-skuilder/cli@0.2.16

CLI scaffolding tool for vue-skuilder projects

AI Security Review

scanned 2h ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. No install-time attack behavior was found. The notable risk is explicit skuilder studio writing a Claude Code MCP config for a package-owned local course editing server.

Static reason
One or more suspicious static signals were detected.
Trigger
User runs skuilder studio on a valid course directory or manifest.
Impact
Adds .mcp.json in cwd and can enable local MCP course editing if the user/client consumes it; no evidence of exfiltration or stealth persistence.
Mechanism
explicit user-command MCP config setup and local course/studio services
Rationale
Source inspection shows no lifecycle execution or concrete malicious chain, but the explicit .mcp.json mutation for Claude Code is an agent control-surface setup that warrants warning under policy. The behavior is first-party and package-aligned, so it should not be publish-blocked.
Evidence
package.jsondist/cli.jsdist/commands/studio.jsdist/mcp-server.jsdist/commands/pack.jsdist/commands/unpack.jsdist/utils/template.js.mcp.jsonpublic/static-courses/static-data/chunks/indices/.skuilder/studio-builds/dist-lib/
Network endpoints4
localhost:5984localhost:5985localhost:7174localhost:3000

Decision evidence

public snapshot
AI called this Suspicious at 88.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • dist/commands/studio.js writes .mcp.json into process.cwd() during explicit skuilder studio.
  • dist/commands/studio.js generates Claude Code MCP config pointing to bundled dist/mcp-server.js with CouchDB env.
  • dist/mcp-server.js exposes course editing MCP tools over stdio when launched by an MCP client.
Evidence against
  • package.json has no preinstall/install/postinstall hooks; bin only points to dist/cli.js.
  • dist/cli.js only initializes logging, reads package.json version, and registers commander subcommands.
  • Network use is package-aligned CouchDB/Express/studio localhost or user-provided CouchDB URLs for pack/unpack/import.
  • child_process use is explicit studio workflow: open browser, npm run build, npm run build:lib in user course/build dirs.
  • No credential harvesting, external exfiltration endpoint, persistence, destructive install-time behavior, or remote payload loader found.
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetwork
Supply chain
HighEntropyStringsUrlStrings
Manifest
NoLicense
scanned 50 file(s), 352 KB of source, external domains: github.com, parceljs.org

Source & flagged code

5 flagged · loading source
dist/commands/studio.jsView file
379patternName = generic_password severity = medium line = 379 matchedText = password...rd}'
Medium
Secret Pattern

Package contains a possible secret pattern.

dist/commands/studio.jsView on unpkg · L379
409patternName = generic_password severity = medium line = 409 matchedText = password...rd}'
Medium
Secret Pattern

Hardcoded password in dist/commands/studio.js

dist/commands/studio.jsView on unpkg · L409
dist/studio-ui-src/main.tsView file
103customQuestionsStatus.importAttempted = true; L104: const customModule = await import(/* @vite-ignore */ customConfig.importPath); L105: customQuestionsStatus.importSucceeded = true;
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/studio-ui-src/main.tsView on unpkg · L103
src/commands/studio.tsView file
498patternName = generic_password severity = medium line = 498 matchedText = password...rd}'
Medium
Secret Pattern

Hardcoded password in src/commands/studio.ts

src/commands/studio.tsView on unpkg · L498
529patternName = generic_password severity = medium line = 529 matchedText = password...rd}'
Medium
Secret Pattern

Hardcoded password in src/commands/studio.ts

src/commands/studio.tsView on unpkg · L529

Findings

7 Medium5 Low
MediumSecret Patterndist/commands/studio.js
MediumDynamic Requiredist/studio-ui-src/main.ts
MediumNetwork
MediumEnvironment Vars
MediumSecret Patterndist/commands/studio.js
MediumSecret Patternsrc/commands/studio.ts
MediumSecret Patternsrc/commands/studio.ts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License