registry  /  agent-baba-d  /  1.2.0

agent-baba-d@1.2.0

Flexible AI inference CLI tool supporting local models and cloud APIs

AI Security Review

scanned 2d ago · by lpm-firewall-ai

No confirmed malicious attack surface. This is a user-invoked inference CLI: prompts or explicitly selected edit-file contents may be sent to the configured model provider.

Static reason
One or more suspicious static signals were detected.
Trigger
User runs chat, edit, models, or local-inference CLI commands.
Impact
User-directed cloud inference can disclose supplied prompts or chosen file contents to the selected provider; edit may overwrite only its explicit target file.
Mechanism
Configured AI inference, optional local runner execution, and explicit file editing.
Rationale
Source inspection shows expected, explicitly invoked AI CLI behavior with provider-specific endpoints and no install-time execution or concrete malicious chain. Scanner signals arise from legitimate API-key handling, network inference, and redacted README examples.
Evidence
package.jsondist/index.jsdist/config/manager.jsdist/utils/env.jsdist/cli/edit.jsdist/inference/local-adapter.jsdist/inference/gemini-adapter.jsdist/inference/nim-adapter.jsdist/inference/openrouter-adapter.js.env~/.buff/.env~/.buff/buffconfig.json~/.buff/cache.db<user-specified edit file>
Network endpoints4
generativelanguage.googleapis.com/v1beta/modelsopenrouter.ai/api/v1integrate.api.nvidia.com/v1localhost:11434

Decision evidence

public snapshot
AI called this Clean at 96.0% confidence as Benign with high false-positive risk.
Evidence for block
  • `dist/utils/env.js` reads `.env` and process environment.
  • `dist/cli/edit.js` sends a user-selected file's content to the selected inference provider and can overwrite that file.
  • `dist/inference/local-adapter.js` launches `python3` or `llama-cli` only for explicit local-inference modes.
Evidence against
  • `package.json` has no preinstall, install, or postinstall lifecycle hook.
  • `dist/index.js` only parses CLI arguments; importing/executing it performs no hidden setup.
  • Cloud requests in `dist/inference/*-adapter.js` are provider-aligned and require explicit chat/edit/models commands plus configured credentials.
  • Environment values are only assigned to the three documented provider API-key fields in `dist/config/manager.js`.
  • No source writes AI-agent control files, harvests credentials for transmission, evaluates remote code, or creates stealth persistence.
  • README key strings are redacted examples, not embedded credentials.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 22 file(s), 71.6 KB of source, external domains: generativelanguage.googleapis.com, github.com, huggingface.co, integrate.api.nvidia.com, openrouter.ai, python.org

Source & flagged code

2 flagged · loading source
README.mdView file
148patternName = google_api_key severity = high line = 148 matchedText = GEMINI_A...xxxx
High
High Secret

Package contains a high-severity secret pattern.

README.mdView on unpkg · L148
148patternName = google_api_key severity = high line = 148 matchedText = GEMINI_A...xxxx
High
Secret Pattern

Google API key in README.md

README.mdView on unpkg · L148

Findings

2 High2 Medium4 Low
HighHigh SecretREADME.md
HighSecret PatternREADME.md
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings