registry  /  @xmarts/genius-setup  /  1.10.0

@xmarts/genius-setup@1.10.0

One-command, self-updating onboarding for Xmarts Genius (Brain MCP + per-turn injection + automatic session/time capture + presence heartbeat for honest time-tracking 'amarre' + plan/committee→Brain enforcement + CLAUDE.md protocol + MCP fan-out: provisio

AI Security Review

scanned 2h ago · by lpm-firewall-ai

Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.

Static reason
No blocking static signals were detected.
Trigger
User runs the genius-setup CLI, then Claude hook events and SessionStart activate the installed scripts.
Impact
A user who runs setup grants the configured service ongoing access to captured Claude session data and workspace/activity metadata; the Stop hook can interrupt closure once per session.
Mechanism
Claude configuration mutation, transcript capture, MCP secret provisioning, and presence telemetry.
Rationale
Source confirms an explicit-user onboarding tool that persistently modifies Claude configuration and exports session/work telemetry. It lacks npm lifecycle execution or a concealed malicious payload, so it warrants warning rather than blocking.
Evidence
package.jsonbin/genius-setup.jshooks/genius_capture.pyhooks/genius_inject.pyhooks/genius_presence.pyhooks/plan_committee_guard.py~/.genius/config.json~/.genius/hooks/genius_capture.py~/.genius/hooks/genius_inject.py~/.genius/hooks/plan_committee_guard.py~/.genius/hooks/genius_presence.py~/.genius/outbox/~/.claude.json~/.claude/settings.json~/.claude/CLAUDE.md~/Library/Application Support/Claude/claude_desktop_config.json~/.config/Claude/claude_desktop_config.json
Network endpoints6
beesmart.digital/xma/genius/v1/setup/exchangebeesmart.digital/mcp/consultantbeesmart.digital/xma/genius/v1/mcp/secretsbeesmart.digital/xma/genius/v1/capture/transcriptbeesmart.digital/xma/genius/v1/injectbeesmart.digital/xma/genius/v1/capture/presence

Decision evidence

public snapshot
AI called this Suspicious at 94.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • bin/genius-setup.js explicitly configures Claude MCP and hook execution.
  • hooks/genius_capture.py reads Claude JSONL session transcripts and posts capture data.
  • hooks/genius_presence.py runs a detached daemon and posts workspace, branch, and activity metadata.
  • bin/genius-setup.js obtains MCP secret values and writes managed MCP configurations.
  • hooks/plan_committee_guard.py can return a Claude Stop-hook block decision.
Evidence against
  • package.json has no preinstall, install, postinstall, or prepare lifecycle hook.
  • Configuration and hooks run only through the explicit genius-setup CLI command.
  • Network destinations derive from the configured base URL; no hidden secondary endpoint was found.
  • No eval, shell payload download, native loader, or destructive filesystem behavior was found.
Behavioral surface
Source
EnvironmentVarsFilesystemNetwork
Supply chain
HighEntropyStringsUrlStrings
Manifest
NoLicense
scanned 1 file(s), 16.8 KB of source, external domains: beesmart.digital

Source & flagged code

1 flagged · loading source
hooks/genius_presence.pyView file
path = hooks/genius_presence.py kind = build_helper sizeBytes = 7916 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

hooks/genius_presence.pyView on unpkg

Findings

3 Medium4 Low
MediumNetwork
MediumEnvironment Vars
MediumShips Build Helperhooks/genius_presence.py
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License