registry  /  @vue-skuilder/cli  /  0.2.13

@vue-skuilder/cli@0.2.13

CLI scaffolding tool for vue-skuilder projects

AI Security Review

scanned 6d ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. The main residual risk is a user-invoked studio command that creates a Claude/MCP project config for the package's own course-editing server. This is agent-facing and can mutate course content, but it is not installed or run automatically.

Static reason
One or more suspicious static signals were detected.
Trigger
User runs skuilder studio for a course project.
Impact
May let an MCP client create, update, tag, or delete Vue Skuilder course cards in the local studio CouchDB session; no unconsented install-time control-surface mutation found.
Mechanism
User-invoked first-party MCP server registration
Policy narrative
When a user explicitly runs skuilder studio, the CLI starts local course-editing services and writes a .mcp.json that points Claude/MCP clients at this package's MCP server with local CouchDB credentials. The MCP server exposes course-editing tools. This is agent extension setup with content mutation capability, but it is not delivered through npm lifecycle execution and remains tied to the user-invoked studio workflow.
Rationale
Static inspection found no install-time execution, exfiltration, persistence, or lifecycle AI-agent hijack; the scanner hits are explained by CLI scaffolding, local servers, and user-supplied CouchDB migration options. The unprompted .mcp.json write during the explicit studio command is agent-facing enough to warn, not block.
Evidence
package.jsondist/cli.jsdist/commands/studio.jsdist/mcp-server.jsdist/commands/init.jsdist/commands/pack.jsdist/commands/unpack.js.mcp.json
Network endpoints4
localhost:5984localhost:5985localhost:7174localhost:3000

Decision evidence

public snapshot
AI called this Suspicious at 87.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • dist/commands/studio.js writes .mcp.json into process.cwd() during user-invoked skuilder studio.
  • Generated .mcp.json registers vue-skuilder-studio MCP server with CouchDB env credentials and node dist/mcp-server.js args.
  • dist/mcp-server.js exposes course MCP tools including create_card, update_card, tag_card, delete_card.
  • dist/commands/studio.js launches local CouchDB, Express, and UI servers; child_process spawn is used for browser open and npm builds in studio build paths.
Evidence against
  • package.json has no npm lifecycle hooks, so MCP/config writes are not install-time triggered.
  • dist/cli.js only initializes logging, reads package.json version, and registers commander subcommands.
  • Network activity is package-aligned: localhost studio services and user-supplied CouchDB server URLs for pack/unpack/import.
  • No hardcoded third-party exfiltration endpoint, credential harvesting, persistence hook, shell startup edit, or lifecycle AI-agent hijack found.
  • Project deletion in init is gated behind explicit --dangerously-clobber on a user-selected project path.
  • Pack/unpack credentials are CLI options used for user-requested CouchDB course migration.
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetwork
Supply chain
HighEntropyStringsUrlStrings
Manifest
NoLicense
scanned 50 file(s), 352 KB of source, external domains: github.com, parceljs.org

Source & flagged code

5 flagged · loading source
dist/commands/studio.jsView file
379patternName = generic_password severity = medium line = 379 matchedText = password...rd}'
Medium
Secret Pattern

Package contains a possible secret pattern.

dist/commands/studio.jsView on unpkg · L379
409patternName = generic_password severity = medium line = 409 matchedText = password...rd}'
Medium
Secret Pattern

Hardcoded password in dist/commands/studio.js

dist/commands/studio.jsView on unpkg · L409
dist/studio-ui-src/main.tsView file
103customQuestionsStatus.importAttempted = true; L104: const customModule = await import(/* @vite-ignore */ customConfig.importPath); L105: customQuestionsStatus.importSucceeded = true;
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/studio-ui-src/main.tsView on unpkg · L103
src/commands/studio.tsView file
498patternName = generic_password severity = medium line = 498 matchedText = password...rd}'
Medium
Secret Pattern

Hardcoded password in src/commands/studio.ts

src/commands/studio.tsView on unpkg · L498
529patternName = generic_password severity = medium line = 529 matchedText = password...rd}'
Medium
Secret Pattern

Hardcoded password in src/commands/studio.ts

src/commands/studio.tsView on unpkg · L529

Findings

7 Medium5 Low
MediumSecret Patterndist/commands/studio.js
MediumDynamic Requiredist/studio-ui-src/main.ts
MediumNetwork
MediumEnvironment Vars
MediumSecret Patterndist/commands/studio.js
MediumSecret Patternsrc/commands/studio.ts
MediumSecret Patternsrc/commands/studio.ts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License