AI Security Review
scanned 4d ago · by lpm-firewall-aiUser-invoked CLI can download scanner binaries and run local audit tools; MCP server exposes the same scan capability over stdio. Agent and git hook config writes are explicit commands, not install-time behavior.
Static reason
No blocking static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs auditx, auditx install, auditx hook install, auditx init-agent, or auditx-mcp
Impact
No confirmed malicious attack surface; effects are package-aligned and user-invoked.
Mechanism
security scanner CLI with optional AI summary, scanner downloads, git hooks, and agent instruction templates
Rationale
The risky primitives are consistent with an audit tool: explicit commands install known scanner tools, scan files, write reports/baselines/SBOMs, and optionally write first-party agent or git hook config. There is no lifecycle execution, stealth persistence, credential harvesting beyond user-provided AI keys for selected providers, or unconsented mutation of broad AI-agent control surfaces.
Evidence
package.jsondist/auditx.jsdist/mcp-server.jsdist/chunk-F65ZON42.jsdist/scan-STHHVX2A.jsdist/install-C5GVDS4N.jsdist/agent-init-LLOLZMAP.jsdist/hook-XMKHTGQD.js~/.auditx/bin~/.auditx/config.jsonaudit-report.mdsbom.json.auditxignoreauditx.ymlAGENTS.md.cursor/rules/auditx.mdc.cursorrules.github/copilot-instructions.md.claude/skills/auditx/SKILL.md.git/hooks/pre-commit.git/hooks/pre-push
Network endpoints5
github.com/gitleaks/gitleaks/releases/download/github.com/aquasecurity/trivy/releases/download/github.com/trufflesecurity/trufflehog/releases/download/github.com/google/osv-scanner/releases/download/github.com/koalaman/shellcheck/releases/download/
Decision evidence
public snapshotAI called this Clean at 93.0% confidence as Benign with low false-positive risk.
Evidence for block
- User-invoked `auditx install` downloads scanner binaries and installs scanner packages.
- `auditx init-agent` writes AGENTS/Cursor/Copilot/Claude audit instructions when explicitly run.
- `auditx hook install` writes git hooks that run auditx scans when explicitly run.
- Optional `--ai` sends generated audit summary prompts to selected AI provider using env/config API keys.
Evidence against
- package.json has no preinstall/install/postinstall lifecycle hooks.
- Bin entrypoint only dispatches commands after user execution.
- MCP server exposes a stdio `audit_codebase` scan tool; it does not auto-run on install/import.
- Network URLs are package-aligned scanner releases or AI SDK calls, not hidden exfil endpoints.
- No evidence of credential/file harvesting, destructive behavior, stealth persistence, or remote payload execution.
Behavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsUrlStrings
Source & flagged code
2 flagged · loading sourcedist/chunk-MF3P6HJM.jsView file
•matchType = previous_version_dangerous_delta
matchedPackage = auditx@0.1.30
matchedIdentity = npm:YXVkaXR4:0.1.30
similarity = 0.400
summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta
This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/chunk-MF3P6HJM.jsView on unpkg8import { join } from "path";
L9: import { execSync } from "child_process";
L10: var MAX_DEPTH = 4;
...
L12: var TARGET_FILES = /* @__PURE__ */ new Set([
L13: "package.json",
L14: "package-lock.json",
...
L73: try {
L74: const pkg = JSON.parse(readFileSync(pkgPath, "utf-8"));
L75: if (pkg.dependencies) Object.keys(pkg.dependencies).forEach((d) => allDeps.add(d));
...
L207: }
L208: const { stdout } = await execFileAsync(
L209: bin,
Low
Weak Crypto
Package source references weak cryptographic algorithms.
dist/chunk-MF3P6HJM.jsView on unpkg · L8Findings
1 High2 Medium5 Low
HighPrevious Version Dangerous Deltadist/chunk-MF3P6HJM.js
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowWeak Cryptodist/chunk-MF3P6HJM.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings