AI Security Review
scanned 8d ago · by lpm-firewall-aiNo confirmed malicious attack surface. The package has broad scanner-style execution, downloads, hook installation, and optional AI API calls, but these are user-invoked and documented for a security audit CLI.
Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs `auditx`, `auditx install`, `auditx hook install`, or `auditx --ai`.
Impact
Runs local security tools against the chosen project and writes audit reports; no install-time execution or covert data theft found.
Mechanism
security scanner orchestration with optional tool installation, git hooks, and AI summary
Rationale
Static inspection shows a security-auditing CLI with expected child_process, network download, report-writing, and optional hook/AI features, but no lifecycle execution, covert credential harvesting, persistence, destructive behavior, or unconsented AI-agent control-surface mutation. Scanner hints are explained by package-aligned runtime behavior.
Evidence
package.jsondist/auditx.jsdist/hook-W4INEOTH.jsREADME.mdsrc/rules/ai-patterns.yml~/.auditx/bin~/.auditx/config.jsonaudit-report.mdaudit-report.json.git/hooks/pre-commit.git/hooks/pre-push.git/hooks/post-merge.git/hooks/post-checkout.husky/pre-commit.husky/pre-push
Network endpoints6
github.com/gitleaks/gitleaks/releases/download/github.com/aquasecurity/trivy/releases/download/github.com/semgrep/semgrep/releases/download/OpenAI API via openai SDK when --ai provider is openaiAnthropic API via @anthropic-ai/sdk when --ai provider is claudeGoogle Gemini API via @google/genai when --ai provider is gemini
Decision evidence
public snapshotAI called this Clean at 88.0% confidence as Benign with medium false-positive risk.
Evidence for block
Evidence against
- package.json has no preinstall/install/postinstall lifecycle hooks; bin is dist/auditx.js only.
- dist/auditx.js is a user-invoked security scanner CLI orchestrating Semgrep, Trivy, Gitleaks, npm audit, eslint, knip, and related tools.
- Network use is package-aligned: downloads scanner releases from GitHub and optionally calls configured AI providers only with --ai.
- Git hook writes are only reached via explicit `auditx hook install/install-all`; hooks run auditx and include bypass/uninstall support.
- Credential reads are limited to OPENAI_API_KEY/GEMINI_API_KEY/ANTHROPIC_API_KEY or ~/.auditx/config.json for optional AI summaries; no exfiltration path outside selected provider APIs.
- Report writes target audit-report.md/json or user-specified output; temp files are scanner reports under tmp and removed.
Behavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsUrlStrings
Source & flagged code
5 flagged · loading sourcedist/auditx.jsView file
•matchType = previous_version_dangerous_delta
matchedPackage = auditx@0.1.2
matchedIdentity = npm:YXVkaXR4:0.1.2
similarity = 0.500
summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta
This package version adds a dangerous source file absent from the previous stored version.
dist/auditx.jsView on unpkg8import { resolve } from "path";
L9: import { execSync } from "child_process";
L10:
High
724import { randomUUID as randomUUID2 } from "crypto";
L725: var execAsync = promisify7(exec);
L726: async function runJscpd(targetPath, stagedFiles) {
High
732const targets = stagedFiles && stagedFiles.length > 0 ? stagedFiles.map((f) => `"${f}"`).join(" ") : `"${targetPath}"`;
L733: await execAsync(`npx --yes jscpd ${targets} --reporters json --output "${tmpDir}" --silent`, { maxBuffer: 10 * 1024 * 1024 });
L734: } catch (e) {
High
Runtime Package Install
Package source invokes a package manager install command at runtime.
dist/auditx.jsView on unpkg · L7328import { resolve } from "path";
L9: import { execSync } from "child_process";
L10:
...
L17: return {
L18: hasNodeJs: has("package.json") || has("package-lock.json") || has("yarn.lock") || has("pnpm-lock.yaml"),
L19: hasPython: has("requirements.txt") || has("Pipfile") || has("pyproject.toml") || has("setup.py") || has("setup.cfg"),
...
L50: import { existsSync as existsSync2, mkdirSync, createWriteStream, rmSync } from "fs";
L51: import https from "https";
L52: import * as tar from "tar";
...
L60: async function getBinaryPath(tool) {
L61: const binDir = join2(homedir(), ".auditx", "bin");
L62: if (!existsSync2(binDir)) {
Low
Findings
1 Critical3 High3 Medium5 Low
CriticalPrevious Version Dangerous Deltadist/auditx.js
HighChild Processdist/auditx.js
HighShelldist/auditx.js
HighRuntime Package Installdist/auditx.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowWeak Cryptodist/auditx.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings