registry  /  autodev-ai  /  0.1.39

autodev-ai@0.1.39

AutoDev — Autonomous Engineering Team. DevTeam in a Box. Runs on pi.

AI Security Review

scanned 12d ago · by lpm-firewall-ai

No confirmed malicious attack surface was established. The package is a powerful user-invoked AI agent CLI that installs/configures tooling, stores user-provided credentials locally, validates them against provider APIs, and can update/uninstall itself.

Static reason
High-risk behavior combination matched malicious policy.; previous stored version diff introduced dangerous source
Trigger
Explicit user actions: install.sh, autodev doctor/config/init/docs/update/uninstall/onboard
Impact
Can modify local AutoDev/pi config, shell rc, docs corpus, and global package installation when commands are run; no hidden install-time or import-time attack found.
Mechanism
user-invoked CLI automation and agent extension registration
Rationale
Static inspection found high-risk primitives, but they are exposed through explicit CLI installer/config/update/docs/uninstall workflows for an autonomous agent tool and there is no lifecycle hook, import-time payload, hidden credential harvesting, or unaligned exfiltration. Scanner findings are explained by package-aligned setup, key validation, docs indexing, and tests.
Evidence
package.jsonbin/autodev.jsinstall.shscripts/cli.tsextensions/autodev/index.tsextensions/autodev/installer/config-module.tsextensions/autodev/installer/key-validator.tsextensions/autodev/installer/tools.tsextensions/autodev/installer/uninstall-module.tsextensions/autodev/docs/seeding.tsextensions/autodev/embeddings.tsextensions/autodev/debug/__tests__/debug.test.ts~/.AutoDev/agent/.env~/.AutoDev/agent/models.json~/.pi/agent/auth.json~/.bashrc~/.zshrc~/.profile~/.config/fish/config.fish~/.bun/install/cache<projectRoot>/.autodev/install-state.json<agentDir>/../docs-corpus
Network endpoints9
bun.sh/installraw.githubusercontent.com/Homebrew/install/HEAD/install.shollama.com/api/tagsapi.openai.com/v1/modelsapi.anthropic.com/v1/modelsgenerativelanguage.googleapis.com/v1beta/modelsapi.voyageai.com/v1/embeddingsdiscord.com/api/v10/users/@megithub.com/JsonDaRula69/AutoDev.ai.git

Decision evidence

public snapshot
AI called this Clean at 82.0% confidence as Benign with medium false-positive risk.
Evidence for block
  • scripts/cli.ts user-invoked update runs npm view, bun install -g autodev-ai, clears ~/.bun cache
  • install.sh bootstraps Bun via curl and globally installs autodev-ai when user runs installer
  • extensions/autodev/installer/config-module.ts writes user-supplied API tokens to agent .env/auth/models config
  • extensions/autodev/docs/seeding.ts can fetch docs or git sparse-clone configured sources into docs corpus
  • extensions/autodev/installer/uninstall-module.ts removes ~/.AutoDev, ~/.pi, ~/.autodev during explicit uninstall
Evidence against
  • package.json has no preinstall/postinstall/prepare lifecycle hooks
  • bin/autodev.js only imports scripts/cli.ts; cli main runs only when invoked as bin
  • network calls are aligned with setup/update/docs features: npm, provider key validation, Discord, docs seeding
  • credential use is interactive/local config or provider validation, not hidden harvesting/exfiltration
  • debug.test.ts contains test dummy secret strings for redaction tests, not active credentials
  • no obfuscated payloads or import-time destructive behavior found in inspected entrypoints
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 90 file(s), 644 KB of source, external domains: api.anthropic.com, api.context7.com, api.openai.com, api.voyageai.com, bun.sh, cli.github.com, deb.nodesource.com, discord.com, generativelanguage.googleapis.com, github.com, grep.app, ollama.com, raw.githubusercontent.com

Source & flagged code

11 flagged · loading source
extensions/autodev/debug/__tests__/debug.test.tsView file
247patternName = github_pat severity = critical line = 247 matchedText = github: ...34",
Critical
Critical Secret

Package contains a critical-looking secret pattern.

extensions/autodev/debug/__tests__/debug.test.tsView on unpkg · L247
247patternName = github_pat severity = critical line = 247 matchedText = github: ...34",
Critical
Secret Pattern

GitHub personal access token in extensions/autodev/debug/__tests__/debug.test.ts

extensions/autodev/debug/__tests__/debug.test.tsView on unpkg · L247
246patternName = google_api_key severity = high line = 246 matchedText = google: ...PQ",
High
Secret Pattern

Google API key in extensions/autodev/debug/__tests__/debug.test.ts

extensions/autodev/debug/__tests__/debug.test.tsView on unpkg · L246
extensions/autodev/background/manager.tsView file
150L151: spawn(config: SpawnConfig): string { L152: const id = this.nextId();
High
Child Process

Package source references child process execution.

extensions/autodev/background/manager.tsView on unpkg · L150
extensions/autodev/docs/seeding.tsView file
194const mdUrls: string[] = []; L195: let match: RegExpExecArray | null; L196: while ((match = linkRegex.exec(indexText)) !== null) {
High
Shell

Package source references shell execution.

extensions/autodev/docs/seeding.tsView on unpkg · L194
extensions/autodev/installer/uninstall-module.tsView file
181try { L182: const { execSync } = await import("node:child_process"); L183: const cmd = `npx @earendil-works/pi-coding-agent uninstall ${source}`; L184: execSync(cmd, { stdio: "pipe", timeout: 60_000, cwd: process.cwd() });
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

extensions/autodev/installer/uninstall-module.tsView on unpkg · L181
23const SHELL_RC_CANDIDATES = [ L24: ".bashrc", L25: ".zshrc", ... L55: const { notify } = deps; L56: const home = process.env.HOME ?? "~"; L57: const targets = [ ... L181: try { L182: const { execSync } = await import("node:child_process"); L183: const cmd = `npx @earendil-works/pi-coding-agent uninstall ${source}`; L184: execSync(cmd, { stdio: "pipe", timeout: 60_000, cwd: process.cwd() }); L185: notify(`Uninstalled ${source}`, "info");
Medium
Install Persistence

Source writes installer persistence such as shell profile or service configuration.

extensions/autodev/installer/uninstall-module.tsView on unpkg · L23
extensions/autodev/embeddings.tsView file
37): Promise<Float32Array[]> { L38: const apiKey = process.env.VOYAGE_API_KEY; L39: if (!apiKey) throw new Error("VOYAGE_API_KEY not set"); ... L42: const batch = texts.slice(i, i + VOYAGE_BATCH_SIZE); L43: const res = await fetch("https://api.voyageai.com/v1/embeddings", { L44: method: "POST", ... L48: }, L49: body: JSON.stringify({ L50: model: "voyage-3", ... L55: if (!res.ok) { L56: throw new Error(`VoyageAI embeddings failed: ${res.status} ${await res.text()}`); L57: }
High
Credential Exfiltration

Source combines credential-like environment material and outbound requests; review data flow before blocking.

extensions/autodev/embeddings.tsView on unpkg · L37
extensions/autodev/installer/tools.tsView file
1import { execSync, type ExecSyncOptions } from "node:child_process"; L2: import { platform } from "node:os"; ... L59: function isNonInteractive(): boolean { L60: if (process.env.CI === "true" || process.env.CI === "1") return true; L61: if (process.stdout != null && process.stdout.isTTY === false) return true; L62: if (process.argv.includes("--yes") || process.argv.includes("-y")) return true; ... L65: L66: const HOMEBREW_BOOTSTRAP_URL = "https://raw.githubusercontent.[redacted].sh"; L67: ... L108: notify(`Installing Homebrew from ${HOMEBREW_BOOTSTRAP_URL}...`, "info"); L109: exec(`bash -c 'NONINTERACTIVE=1 /bin/bash -c "$(curl -fsSL ${HOMEBREW_BOOTSTRAP_URL})"`, { L110: stdio: "inherit",
Critical
Download Execute

Source downloads or fetches remote code and executes it.

extensions/autodev/installer/tools.tsView on unpkg · L1
install.shView file
path = install.sh kind = build_helper sizeBytes = 2692 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

install.shView on unpkg
extensions/autodev/installer/config-module.tsView file
matchType = previous_version_dangerous_delta matchedPackage = autodev-ai@0.1.38 matchedIdentity = npm:YXV0b2Rldi1haQ:0.1.38 similarity = 0.943 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version.

extensions/autodev/installer/config-module.tsView on unpkg

Findings

4 Critical5 High5 Medium4 Low
CriticalCritical Secretextensions/autodev/debug/__tests__/debug.test.ts
CriticalDownload Executeextensions/autodev/installer/tools.ts
CriticalPrevious Version Dangerous Deltaextensions/autodev/installer/config-module.ts
CriticalSecret Patternextensions/autodev/debug/__tests__/debug.test.ts
HighChild Processextensions/autodev/background/manager.ts
HighShellextensions/autodev/docs/seeding.ts
HighCredential Exfiltrationextensions/autodev/embeddings.ts
HighRuntime Package Installextensions/autodev/installer/uninstall-module.ts
HighSecret Patternextensions/autodev/debug/__tests__/debug.test.ts
MediumNetwork
MediumEnvironment Vars
MediumInstall Persistenceextensions/autodev/installer/uninstall-module.ts
MediumShips Build Helperinstall.sh
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings