registry  /  aetherml  /  1.6.0

aetherml@1.6.0

AI-Native Language for SEO

AI Security Review

scanned 1h ago · by lpm-firewall-ai

No confirmed malicious attack surface is established. Explicit CLI commands write project-local configuration or generated app files, and the `dev` command installs the generated app's fixed dependencies before starting Next.js.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs `aetherml init`, `generate`, `build`, `eject`, or `dev`.
Impact
Can create local `.env`, configuration, cache, and generated project files; `dev` invokes npm in `dist_app`.
Mechanism
User-invoked AI DSL generation and Next.js scaffold workflow.
Rationale
The flagged primitives are explicit CLI features aligned with an AI-powered project generator, not install-time or covert behavior. Source inspection found no credential harvesting, foreign agent-control mutation, remote payload execution, or exfiltration chain.
Evidence
package.jsonbin/aetherml.jssrc/core/provider-adapter.jssrc/core/enterprise-generator.jslist_models.jsaetherml.config.json.envtemp.aetherdist_app/package.jsondist_app/node_modules.aether_cacheextracted_app
Network endpoints3
integrate.api.nvidia.com/v1generativelanguage.googleapis.com/v1beta/modelsplaceholder.supabase.co

Decision evidence

public snapshot
AI called this Clean at 90.0% confidence as Benign with low false-positive risk.
Evidence for block
  • bin/aetherml.js: explicit `dev` runs `npm install` with `shell: true` in generated `dist_app`.
  • bin/aetherml.js: explicit interactive `init` writes a supplied provider key to local `.env`.
  • src/core/provider-adapter.js: `generate` sends user prompts to the selected AI provider using configured credentials.
Evidence against
  • package.json has no preinstall, install, postinstall, or prepare lifecycle hook.
  • bin/aetherml.js only executes after the user invokes its CLI; no-argument use shows help.
  • src/core/enterprise-generator.js fixes generated dependencies to Next/React and optional declared integrations.
  • No source reads broad credential stores, agent configuration directories, SSH files, or npm config.
  • No eval, VM, dynamic code loading, binary payload, persistence, or destructive filesystem behavior found.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
Manifest
NoLicense
scanned 21 file(s), 72.1 KB of source, external domains: api.groq.com, generativelanguage.googleapis.com, integrate.api.nvidia.com, placeholder.supabase.co, schema.org

Source & flagged code

5 flagged · loading source
bin/aetherml.jsView file
matchType = previous_version_dangerous_delta matchedPackage = aetherml@1.5.0 matchedIdentity = npm:YWV0aGVybWw:1.5.0 similarity = 0.889 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

bin/aetherml.jsView on unpkg
4import path from 'path'; L5: import { spawn } from 'child_process'; L6: import crypto from 'crypto';
High
Child Process

Package source references child process execution.

bin/aetherml.jsView on unpkg · L4
269console.log(chalk.cyan('\n🚀 Starting Next.js development server...\n')); L270: const devProc = spawn(npmCmd, ['run', 'dev'], { cwd: outputDir, stdio: 'inherit', shell: true }); L271: devProc.on('error', (err) => {
High
Shell

Package source references shell execution.

bin/aetherml.jsView on unpkg · L269
267if (currentHash === previousHash && fs.existsSync(nodeModulesPath)) { L268: console.log(chalk.green('✔ Dependencies unchanged. Skipping npm install (Incremental Cache hit).')); L269: console.log(chalk.cyan('\n🚀 Starting Next.js development server...\n')); L270: const devProc = spawn(npmCmd, ['run', 'dev'], { cwd: outputDir, stdio: 'inherit', shell: true }); L271: devProc.on('error', (err) => {
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

bin/aetherml.jsView on unpkg · L267
4import path from 'path'; L5: import { spawn } from 'child_process'; L6: import crypto from 'crypto'; ... L14: L15: const __dirname = path.dirname(fileURLToPath(import.meta.url)); L16: const pkg = JSON.parse(fs.readFileSync(path.join(__dirname, '..', 'package.json'), 'utf-8')); L17: const CLI_VERSION = pkg.version; ... L264: const nodeModulesPath = path.join(outputDir, 'node_modules'); L265: const npmCmd = process.platform === 'win32' ? 'npm.cmd' : 'npm'; L266:
Low
Weak Crypto

Package source references weak cryptographic algorithms.

bin/aetherml.jsView on unpkg · L4

Findings

1 Critical3 High3 Medium6 Low
CriticalPrevious Version Dangerous Deltabin/aetherml.js
HighChild Processbin/aetherml.js
HighShellbin/aetherml.js
HighRuntime Package Installbin/aetherml.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowWeak Cryptobin/aetherml.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License