registry  /  agentic-kdd  /  3.9.0

agentic-kdd@3.9.0

Autonomous development pipeline — aa: · ag: · audit: · AST graph · Harness · Specs · Impact analysis · Decision trail · Metrics · MCP server. Works with Cursor and Claude Code.

AI Security Review

scanned 3d ago · by lpm-firewall-ai

No confirmed malicious attack surface. The package is an AI-agent project scaffolding CLI with broad user-invoked capabilities: downloads updates, writes agent/MCP config, runs local project graph modules, and has optional remote collaboration/telemetry paths.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs akdd init, akdd update, akdd mcp, dashboard, or AKDD_COLLAB_ENABLED=1 collab commands.
Impact
Could modify project AI-agent config and sync project memory when explicitly invoked; no stealth install/import-time payload confirmed.
Mechanism
User-invoked scaffolding, shell delegation, project file writes, optional remote sync
Rationale
Static inspection finds risky but transparent functionality aligned with an agentic development CLI; activation is user-invoked and not hidden in npm install/import paths. The optional collab sync and AI-agent config writes warrant attention but do not establish malicious behavior in this package version.
Evidence
package.jsonbin/akdd.jssrc/init.jssrc/update.jssrc/mcp-setup.jsinstall.shinstall.ps1.agentic/grafo/collab-manager.cjs.agentic/grafo/mcp-server.cjsCLAUDE.md.cursor/rules/agentic.mdc.claude/settings.local.json
Network endpoints5
github.com/Adrianlpz211/AGENTIX-KDD/archive/refs/heads/main.tar.gzagentic-collab.adrianlpz-game.workers.devapi.anthropic.com/v1/messagesapi.voyageai.com/v1/embeddingscdnjs.cloudflare.com/ajax/libs/d3/7.8.5/d3.min.js

Decision evidence

public snapshot
AI called this Clean at 82.0% confidence as Benign with medium false-positive risk.
Evidence for block
  • Collab feature can upload local knowledge graph rows to a remote Turso DB via https://agentic-collab.adrianlpz-game.workers.dev when AKDD_COLLAB_ENABLED=1 and user runs collab commands.
  • init/update fetch and execute/copy code from GitHub main rather than pinned npm contents, then write AI-agent control files (CLAUDE.md/.cursor).
Evidence against
  • No install-time malicious action: package.json prepare only chmods bin/akdd.js; prepublishOnly is publisher-side.
  • Main CLI import path only parses modules and dispatches commands; no import-time exfiltration seen.
  • Network calls are visible, package-aligned features: GitHub update/install, optional collab sync, optional Claude/Voyage/telemetry integrations.
  • No credential harvesting loop, broad env dump, hidden binary, obfuscation, or destructive persistence found.
  • AI-agent instruction files are explicit product artifacts copied on akdd init/update, not unconsented npm lifecycle mutation.
Behavioral surface
Source
ChildProcessDynamicRequireEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 11 file(s), 404 KB of source, external domains: cdnjs.cloudflare.com, github.com, visualstudio.microsoft.com

Source & flagged code

5 flagged · loading source
bin/akdd.jsView file
matchType = previous_version_dangerous_delta matchedPackage = agentic-kdd@3.8.2 matchedIdentity = npm:YWdlbnRpYy1rZGQ:3.8.2 similarity = 0.909 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version.

bin/akdd.jsView on unpkg
13const fs = require('fs'); L14: const { execSync } = require('child_process'); L15:
High
Child Process

Package source references child process execution.

bin/akdd.jsView on unpkg · L13
3L4: const { init } = require('../src/init'); L5: const { update } = require('../src/update');
Medium
Dynamic Require

Package source references dynamic require/import behavior.

bin/akdd.jsView on unpkg · L3
src/init.jsView file
216try { L217: require('child_process').execSync('npm install better-sqlite3 --save', { L218: stdio: 'pipe', cwd: projectPath
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

src/init.jsView on unpkg · L216
install.shView file
path = install.sh kind = build_helper sizeBytes = 2899 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

install.shView on unpkg

Findings

1 Critical3 High5 Medium5 Low
CriticalPrevious Version Dangerous Deltabin/akdd.js
HighChild Processbin/akdd.js
HighShell
HighRuntime Package Installsrc/init.js
MediumDynamic Requirebin/akdd.js
MediumNetwork
MediumEnvironment Vars
MediumShips Build Helperinstall.sh
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings