AI Security Review
scanned 8d ago · by lpm-firewall-aiNo confirmed malicious attack surface. Sensitive-looking behavior is aligned with a course scaffolding/editing CLI and is activated by explicit CLI commands, not install or import.
Static reason
One or more suspicious static signals were detected.
Trigger
User invokes skuilder init, pack, unpack, studio, or bundled mcp-server.
Impact
Creates/overwrites project/course files and local .mcp.json during requested workflows; no stealth persistence, credential harvesting, or exfiltration observed.
Mechanism
User-driven scaffolding, local service startup, CouchDB course import/export, and MCP course-editing integration
Rationale
Static inspection found no install-time execution, hidden exfiltration, persistence, or unconsented AI-agent control-surface mutation. The scanner hits are explained by documented CLI functionality: local CouchDB/network access, project file generation, browser opening, npm builds, and user-invoked MCP course editing.
Evidence
package.jsondist/cli.jsdist/commands/init.jsdist/commands/pack.jsdist/commands/unpack.jsdist/commands/studio.jsdist/mcp-server.jsdist/utils/template.jsdist/utils/questions-hash.jsdist/utils/NodeFileSystemAdapter.jsCLAUDE.mdREADME.md
Network endpoints8
localhost:5984localhost:5985localhost:3000localhost:3001localhost:7174localhost:5173fonts.googleapis.com/css?family=Roboto:300,400,500,700|Material+Iconsgithub.com/NiloCK/vue-skuilder
Decision evidence
public snapshotAI called this Clean at 90.0% confidence as Benign with low false-positive risk.
Evidence for block
Evidence against
- package.json has no install/preinstall/postinstall lifecycle hooks.
- dist/cli.js only reads package.json version and registers commander subcommands.
- dist/commands/init.js writes scaffolded project files only after user runs skuilder init; destructive rmSync requires --dangerously-clobber.
- dist/commands/pack.js and dist/commands/unpack.js connect to user-supplied/default CouchDB and read/write course data for declared pack/unpack behavior.
- dist/commands/studio.js starts local CouchDB/API/UI, may spawn browser/npm builds, and writes .mcp.json only during user-invoked studio mode.
- dist/mcp-server.js exposes course-editing MCP tools over stdio for the selected course; no credential harvesting or exfiltration found.
Behavioral surface
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetwork
HighEntropyStringsUrlStrings
NoLicense
Source & flagged code
5 flagged · loading sourcedist/commands/studio.jsView file
379patternName = generic_password
severity = medium
line = 379
matchedText = password...rd}'
Medium
Secret Pattern
Package contains a possible secret pattern.
dist/commands/studio.jsView on unpkg · L379409patternName = generic_password
severity = medium
line = 409
matchedText = password...rd}'
Medium
Secret Pattern
Hardcoded password in dist/commands/studio.js
dist/commands/studio.jsView on unpkg · L409dist/studio-ui-src/main.tsView file
103customQuestionsStatus.importAttempted = true;
L104: const customModule = await import(/* @vite-ignore */ customConfig.importPath);
L105: customQuestionsStatus.importSucceeded = true;
Medium
Dynamic Require
Package source references dynamic require/import behavior.
dist/studio-ui-src/main.tsView on unpkg · L103src/commands/studio.tsView file
498patternName = generic_password
severity = medium
line = 498
matchedText = password...rd}'
Medium
Secret Pattern
Hardcoded password in src/commands/studio.ts
src/commands/studio.tsView on unpkg · L498529patternName = generic_password
severity = medium
line = 529
matchedText = password...rd}'
Medium
Secret Pattern
Hardcoded password in src/commands/studio.ts
src/commands/studio.tsView on unpkg · L529Findings
7 Medium5 Low
MediumSecret Patterndist/commands/studio.js
MediumDynamic Requiredist/studio-ui-src/main.ts
MediumNetwork
MediumEnvironment Vars
MediumSecret Patterndist/commands/studio.js
MediumSecret Patternsrc/commands/studio.ts
MediumSecret Patternsrc/commands/studio.ts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License