registry  /  @webton/ados  /  0.6.0

@webton/ados@0.6.0

Webton ADOS CLI — Agent Delivery OS command interface

AI Security Review

scanned 3h ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. No concrete malicious attack surface was found. The package is an AI workflow CLI that can write first-party ADOS workflow assets under .agent only after explicit user commands.

Static reason
No blocking static signals were detected.
Trigger
User runs ados init, ados bootstrap --apply, ados auto-create, ados update, or ados doctor.
Impact
Can create or overwrite ADOS workflow files in the current repo when requested; update command can run npm install -g @webton/ados@version.
Mechanism
user-invoked first-party agent workflow setup and CLI diagnostics
Rationale
Source inspection shows a package-aligned ADOS CLI with user-invoked .agent workflow setup and npm registry update checks, but no unconsented lifecycle behavior or malicious chain. Because it mutates an agent control surface only through explicit first-party commands, warn rather than block.
Evidence
package.jsonbin/adosdist/index.jsdist/chunk-VSIA7DDD.jsdist/chunk-JQLKT6VX.jsdist/chunk-SKBWXB2B.jsdist/chunk-GU66S46A.jsdist/chunk-JMVYL342.jsdist/chunk-Z7NMULN7.jsassets/workflows/prime.md.agent/workflows/*.md.agent/loops/*.mddocs/branding/webton-ados-ascii-art.txt.agent/proposed-skills/*/SKILL.md.agent/proposed-workflows/*.md.agent/reports/proposed-skill-log.md
Network endpoints2
registry.npmjs.org/@webton%2Fados/latestregistry.npmjs.org/@webton%2Fados

Decision evidence

public snapshot
AI called this Suspicious at 88.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • dist/chunk-VSIA7DDD.js copies bundled assets into .agent/workflows via user-invoked ados init.
  • dist/chunk-JQLKT6VX.js can sync/overwrite .agent workflows with ados bootstrap --apply --force.
  • dist/chunk-SKBWXB2B.js can draft .agent/proposed-skills or .agent/proposed-workflows from user input.
Evidence against
  • package.json has no preinstall/install/postinstall hooks; only prepublishOnly build.
  • bin/ados only imports dist/index.js; side effects are CLI-command driven.
  • dist/chunk-GU66S46A.js network use is limited to npm registry update checks for @webton/ados.
  • No credential harvesting, exfiltration endpoint, eval/vm/Function, native binary, or remote payload loader found.
  • workflows install is dry-run-only and refuses write mode in dist/chunk-JMVYL342.js.
  • doctor uses fixed git/gh diagnostic commands, not package-supplied shell strings.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
Manifest
CopyleftLicense
scanned 24 file(s), 92.3 KB of source, external domains: registry.npmjs.org

Source & flagged code

1 flagged · loading source
dist/chunk-JQLKT6VX.jsView file
50function resolveAdosHome(override) { L51: return override ?? process.env.ADOS_HOME ?? path.join(os.homedir(), ".webton-ados"); L52: }
Low
Weak Crypto

Package source references weak cryptographic algorithms.

dist/chunk-JQLKT6VX.jsView on unpkg · L50

Findings

2 Medium7 Low
MediumNetwork
MediumEnvironment Vars
LowNon Install Lifecycle Scripts
LowScripts Present
LowWeak Cryptodist/chunk-JQLKT6VX.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowCopyleft License