registry  /  ai-knowledge-center  /  0.1.18

ai-knowledge-center@0.1.18

Local AI workflow control center for project-provided knowledge, gates, and dashboards.

AI Security Review

scanned 8h ago · by lpm-firewall-ai

Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
global npm install with existing AIKC pid file, or explicit `aikc autostart install` / `aikc upgrade --write`
Impact
Can restart its own background server and, by explicit commands, create login autostart or write project AI workflow files.
Mechanism
package-owned local dashboard, autostart setup, and AI workflow file generation
Rationale
This is a package-owned AI workflow/dashboard tool with explicit setup commands and a narrow global postinstall restart path, so the scanner's malicious label overstates the observed source behavior. Because it can write AI-agent workflow files and install autostart when invoked, warn rather than block.
Evidence
package.jsondist/cli/postinstall.jsdist/cli/aikc.jsdist/cli/autostart.jsdist/cli/project-upgrader.jsdist/server/index.jsdist/server/command-runner.jsdist/cli/mcp-server.js~/.ai-knowledge-center/server.pid.json~/Library/LaunchAgents/com.ai-knowledge-center.dashboard.plistAGENTS.mdai-workflow.yamlai-knowledge/**
Network endpoints1
registry.npmjs.org

Decision evidence

public snapshot
AI called this Suspicious at 82.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • package.json defines global-only postinstall importing dist/cli/postinstall.js
  • dist/cli/postinstall.js kills/restarts an existing AIKC background server from ~/.ai-knowledge-center/server.pid.json
  • dist/cli/autostart.js can create Windows schtasks or macOS LaunchAgent on explicit `aikc autostart install`
  • dist/cli/project-upgrader.js writes AGENTS.md and ai-knowledge workflow files on explicit `aikc upgrade --write`
  • dist/cli/project-upgrader.js generated ensure script references https://registry.npmjs.org
Evidence against
  • postinstall is gated to global npm install and only acts if an existing own AIKC pid file exists
  • No credential harvesting or external exfiltration endpoints found in inspected server/CLI files
  • dist/server/index.js binds to 127.0.0.1 by default and exposes local dashboard/API
  • dist/server/command-runner.js runs project manifest commands only through user/API/MCP action, with dangerous confirmation gate
  • Agent/workflow file writes are package-aligned and user-invoked via upgrade command, not silent install-time foreign control mutation
  • High-entropy files are font assets under dist/client/assets
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsMinifiedObfuscatedUrlStrings
Manifest
NoLicense
scanned 18 file(s), 824 KB of source, external domains: 127.0.0.1, github.com, react.dev, registry.npmjs.org, www.apple.com, www.w3.org

Source & flagged code

5 flagged · loading source
package.jsonView file
scripts.postinstall = node -e "if (process.env.npm[redacted] === 'true' || process.env.npm[redacted] === 'global') import('./dist/cli/postinstall.js').catch(() => undefined)"
Critical
Red Install Lifecycle Script

Install-time lifecycle script matches a deterministic static-gate block pattern.

package.jsonView on unpkg
scripts.postinstall = node -e "if (process.env.npm[redacted] === 'true' || process.env.npm[redacted] === 'global') import('./dist/cli/postinstall.js').catch(() => undefined)"
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
dist/cli/autostart.jsView file
3import path from 'node:path'; L4: import { execFile } from 'node:child_process'; L5: import { promisify } from 'node:util'; ... L15: function macLaunchAgentPath() { L16: return path.join(os.homedir(), 'Library', 'LaunchAgents', `${macLaunchAgentLabel}.plist`); L17: } ... L52: async function installWindows(options) { L53: await execFileAsync('schtasks', [ L54: '/Create', ... L105: export async function runAutostart(options) { L106: if (process.platform === 'win32') { L107: if (options.action === 'install') {
Medium
Install Persistence

Source writes installer persistence such as shell profile or service configuration.

dist/cli/autostart.jsView on unpkg · L3
dist/cli/project-upgrader.jsView file
6function userRegistryPath() { L7: const stateRoot = path.resolve(process.env['AIKC_HOME'] ?? path.join(os.homedir(), '.ai-knowledge-center')); L8: return path.join(stateRoot, 'config', 'projects.json'); ... L317: '', L318: 'Use `ai-knowledge/core/script-automation-policy.md` when the Agent repeats an operation or sees a repeated workflow emerging. AI workflow scripts belong in `ai-knowledge/scripts`,... L319: '', ... L556: '- Remote target OS, when applicable: Windows, macOS, Linux, container, CI, or unknown.', L557: '- Transport: local shell, SSH, PowerShell remoting, Docker, API, MCP, or CI runner.', L558: '- Stable inputs and outputs.', ... L944: function aiWorkflowStartScript() { L945: return "#!/usr/bin/env node\n\nconst fs = require('node:fs');\nconst path = require('node:path');\nconst { spawnSync } = require('node:child_process');\n\nconst root = path.resolve... L946: }
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

dist/cli/project-upgrader.jsView on unpkg · L6
dist/client/assets/GeistMono-Variable-Dispecij.woff2View file
path = dist/client/assets/GeistMono-Variable-Dispecij.woff2 kind = high_entropy_blob sizeBytes = 71368 magicHex = [redacted]
High
Ships High Entropy Blob

Package ships high-entropy non-source blobs.

dist/client/assets/GeistMono-Variable-Dispecij.woff2View on unpkg

Findings

1 Critical3 High4 Medium6 Low
CriticalRed Install Lifecycle Scriptpackage.json
HighInstall Time Lifecycle Scriptspackage.json
HighSandbox Evasion Gated Capabilitydist/cli/project-upgrader.js
HighShips High Entropy Blobdist/client/assets/GeistMono-Variable-Dispecij.woff2
MediumNetwork
MediumEnvironment Vars
MediumInstall Persistencedist/cli/autostart.js
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings
LowNo License