registry  /  agentic-kdd  /  3.15.0

agentic-kdd@3.15.0

Autonomous development pipeline — aa: · ag: · audit: · AST graph · Harness · Specs · Impact analysis · Decision trail · Metrics · MCP server. Works with Cursor and Claude Code.

AI Security Review

scanned 3h ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. Explicit setup/update commands download mutable code from the repository main branch and write Agentic KDD files into the current project. Explicit MCP setup registers a package-owned server with supported AI tools. No install-time attack behavior is confirmed.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs `akdd init`, `akdd update`, `akdd mcp`, or a CLI command that executes project-local `.agentic` modules.
Impact
A user-invoked update can replace project agent files with remotely fetched content; MCP setup can alter project or optional global AI-tool configuration.
Mechanism
Explicit remote bootstrap, project configuration writes, and shell delegation.
Rationale
No concrete malicious install-time or covert attack chain was found. The package nevertheless exposes a real user-invoked remote bootstrap and agent-configuration mutation surface, so warning is appropriate.
Evidence
package.jsonsrc/init.jssrc/update.jssrc/mcp-setup.jsbin/akdd.jsdashboard.cjs.agentic.cursor/mcp.jsonCLAUDE.md.cursorrules
Network endpoints5
github.com/Adrianlpz211/AGENTIX-KDD/archive/refs/heads/main.tar.gzcdnjs.cloudflare.com/ajax/libs/d3/7.8.5/d3.min.jsunpkg.com/3d-force-graph@1.80.0/dist/3d-force-graph.min.jsunpkg.com/three@0.160.0/build/three.min.jsunpkg.com/three-spritetext@1.10.0/dist/three-spritetext.min.js

Decision evidence

public snapshot
AI called this Suspicious at 90.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `src/init.js` downloads a GitHub main-branch tarball and copies `.agentic`, `.cursor`, `CLAUDE.md`, and dashboard files into the current project.
  • `src/update.js` repeats remote tarball download and overwrites project agent/configuration files.
  • `src/mcp-setup.js` writes Cursor MCP config and, when explicitly invoked, runs `claude mcp add/remove`.
  • `bin/akdd.js` shells out to project-local `.agentic/grafo` modules selected from the working directory.
Evidence against
  • `package.json` has no `preinstall`, `install`, or `postinstall`; `prepare` only chmods `bin/akdd.js`.
  • Remote download, project writes, MCP setup, and shell execution require explicit `akdd init`, `akdd update`, or `akdd mcp` commands.
  • No credential harvesting, environment-secret collection, or outbound exfiltration was found in inspected executable sources.
  • `dashboard.cjs` binds its HTTP server to `127.0.0.1`; its browser-open command targets that local URL.
Behavioral surface
Source
ChildProcessDynamicRequireEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 12 file(s), 525 KB of source, external domains: cdnjs.cloudflare.com, github.com, unpkg.com, visualstudio.microsoft.com

Source & flagged code

6 flagged · loading source
bin/akdd.jsView file
13const fs = require('fs'); L14: const { execSync } = require('child_process'); L15:
High
Child Process

Package source references child process execution.

bin/akdd.jsView on unpkg · L13
3L4: const { init } = require('../src/init'); L5: const { update } = require('../src/update');
Medium
Dynamic Require

Package source references dynamic require/import behavior.

bin/akdd.jsView on unpkg · L3
dashboard.cjsView file
matchType = previous_version_dangerous_delta matchedPackage = agentic-kdd@3.11.8 matchedIdentity = npm:YWdlbnRpYy1rZGQ:3.11.8 similarity = 0.667 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dashboard.cjsView on unpkg
5const path = require('path'); L6: const http = require('http'); L7: const { execSync } = require('child_process'); L8: L9: const PORT = parseInt(process.env.AKDD_DASH_PORT, 10) || 3847; // override: AKDD_DASH_PORT (permite correr dos versiones lado a lado) L10: const projectPath = process.cwd();
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

dashboard.cjsView on unpkg · L5
src/update.jsView file
114try { L115: execSync('npm install playwright-core --save-dev', { stdio: 'pipe', cwd: projectPath }); L116: } catch (e2) { /* Browser Gate queda sin usar hasta instalar a mano */ }
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

src/update.jsView on unpkg · L114
install.shView file
path = install.sh kind = build_helper sizeBytes = 2899 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

install.shView on unpkg

Findings

1 Critical4 High5 Medium5 Low
CriticalPrevious Version Dangerous Deltadashboard.cjs
HighChild Processbin/akdd.js
HighShell
HighSame File Env Network Executiondashboard.cjs
HighRuntime Package Installsrc/update.js
MediumDynamic Requirebin/akdd.js
MediumNetwork
MediumEnvironment Vars
MediumShips Build Helperinstall.sh
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings