registry  /  agentic-kdd  /  3.11.7

agentic-kdd@3.11.7

Autonomous development pipeline — aa: · ag: · audit: · AST graph · Harness · Specs · Impact analysis · Decision trail · Metrics · MCP server. Works with Cursor and Claude Code.

AI Security Review

scanned 2h ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. Explicit `akdd init` downloads the repository's moving `main` archive, copies agent/configuration files into the current project, installs a dependency, and configures package-owned tooling. This creates a real remote-bootstrap and AI-agent extension lifecycle risk, but not install-time malware behavior.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs `akdd init` (or explicitly invokes `akdd mcp` / collaboration commands).
Impact
A compromised upstream `main` archive could alter the target project and its configured package-owned agent tooling; collaboration actions contact the provisioner endpoint.
Mechanism
Remote bootstrap plus project/MCP/git-hook configuration writes.
Rationale
No concrete credential theft, destructive action, stealth persistence, or unconsented npm install-time foreign AI-agent mutation was established. The explicit setup flow nevertheless performs remote code bootstrap and agent-extension configuration, so a warning is appropriate.
Evidence
package.jsonsrc/init.jssrc/mcp-setup.js.agentic/grafo/install-hooks.cjs.agentic/grafo/collab-manager.cjsdashboard.cjs.agentic/grafo/git-hooks/post-commit
Network endpoints2
github.com/Adrianlpz211/AGENTIX-KDD/archive/refs/heads/main.tar.gzagentic-collab.adrianlpz-game.workers.dev

Decision evidence

public snapshot
AI called this Suspicious at 87.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `src/init.js` fetches an unpinned GitHub `main` tarball and copies it into the invoked project.
  • `src/init.js` runs `npm install better-sqlite3 --save` in the invoked project.
  • `src/init.js` automatically invokes MCP setup after explicit `akdd init`.
  • `src/mcp-setup.js` writes project MCP config and can register `claude mcp add`; `--global` writes Cursor global config.
  • `.agentic/grafo/install-hooks.cjs` installs a package-owned post-commit hook during init.
  • `.agentic/grafo/collab-manager.cjs` has explicit collaboration calls to `agentic-collab.adrianlpz-game.workers.dev`.
Evidence against
  • `package.json` has no preinstall/install/postinstall hook; `prepare` only chmods `bin/akdd.js`.
  • Network/bootstrap and filesystem mutations require explicit CLI commands, principally `akdd init` or `akdd mcp`.
  • No source evidence of credential-file harvesting, environment secret collection, or covert data exfiltration was found.
  • Git hook installer avoids replacing hooks lacking its own marker.
  • Dashboard binds locally to `127.0.0.1`; CDN URLs are browser visualization assets.
  • `rif.pdf` is a valid one-page PDF, not an executable payload.
Behavioral surface
Source
ChildProcessDynamicRequireEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 11 file(s), 476 KB of source, external domains: cdnjs.cloudflare.com, github.com, unpkg.com, visualstudio.microsoft.com

Source & flagged code

6 flagged · loading source
bin/akdd.jsView file
13const fs = require('fs'); L14: const { execSync } = require('child_process'); L15:
High
Child Process

Package source references child process execution.

bin/akdd.jsView on unpkg · L13
3L4: const { init } = require('../src/init'); L5: const { update } = require('../src/update');
Medium
Dynamic Require

Package source references dynamic require/import behavior.

bin/akdd.jsView on unpkg · L3
src/init.jsView file
216try { L217: require('child_process').execSync('npm install better-sqlite3 --save', { L218: stdio: 'pipe', cwd: projectPath
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

src/init.jsView on unpkg · L216
install.shView file
path = install.sh kind = build_helper sizeBytes = 2899 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

install.shView on unpkg
rif.pdfView file
path = rif.pdf kind = high_entropy_blob sizeBytes = 106279 magicHex = [redacted]
High
Ships High Entropy Blob

Package ships high-entropy non-source blobs.

rif.pdfView on unpkg
dashboard.cjsView file
matchType = previous_version_dangerous_delta matchedPackage = agentic-kdd@3.11.6 matchedIdentity = npm:YWdlbnRpYy1rZGQ:3.11.6 similarity = 0.727 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dashboard.cjsView on unpkg

Findings

1 Critical4 High5 Medium5 Low
CriticalPrevious Version Dangerous Deltadashboard.cjs
HighChild Processbin/akdd.js
HighShell
HighRuntime Package Installsrc/init.js
HighShips High Entropy Blobrif.pdf
MediumDynamic Requirebin/akdd.js
MediumNetwork
MediumEnvironment Vars
MediumShips Build Helperinstall.sh
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings