registry  /  autodev-ai  /  0.4.0

autodev-ai@0.4.0

AutoDev — Autonomous Engineering Team. DevTeam in a Box. Runs on pi.

AI Security Review

scanned 11d ago · by lpm-firewall-ai

No confirmed malicious attack surface was established by source inspection. The package is a CLI/extension for an AI development agent and contains powerful user-invoked setup, update, docs, and integration commands.

Static reason
High-risk behavior combination matched malicious policy.; previous stored version diff introduced dangerous source
Trigger
User runs autodev subcommands or enables the extension.
Impact
Potentially broad local project mutation when explicitly initialized or configured, but no evidence of unconsented execution or exfiltration.
Mechanism
documented agent tooling with provider API calls and local project/config writes
Rationale
Static inspection found high-risk primitives, but they are consistent with the package's documented AI-agent CLI and are activated by explicit user commands rather than lifecycle/import-time execution. I found no concrete credential harvesting, covert exfiltration, staged payload, or unconsented AI-agent control-surface mutation.
Evidence
package.jsonscripts/cli.tsextensions/autodev/installer/tools.tsextensions/autodev/installer/init-module.tsextensions/autodev/installer/config-module.tsextensions/autodev/embeddings.tsextensions/autodev/discord/client.tsextensions/autodev/debug/__tests__/debug.test.ts

Decision evidence

public snapshot
AI called this Clean at 82.0% confidence as Benign with medium false-positive risk.
Evidence for block
  • scripts/cli.ts has user-invoked update path running npm view/bun install and rm -rf on Bun cache.
  • extensions/autodev/installer/tools.ts can install Homebrew/GitHub CLI/Node via curl/apt commands during setup.
  • extensions/autodev/installer/init-module.ts writes project .autodev files, .github templates, AGENTS.md/CONTEXT.md on autodev init.
  • extensions/autodev/embeddings.ts sends document/query text to VoyageAI only when VOYAGE_API_KEY is configured.
Evidence against
  • package.json has no install/preinstall/postinstall lifecycle hooks; bin is explicit autodev CLI only.
  • Risky exec/fetch/write behavior is tied to documented subcommands: doctor/config/init/update/docs/uninstall.
  • Credential handling in config-module.ts writes keys locally to agent .env/auth config and validates them against provider APIs; no unrelated exfiltration found.
  • debug test secret strings are test fixtures for redaction, not live credentials.
  • Discord/GitHub/Voyage/OpenAI/Anthropic endpoints are package-aligned integrations for an autonomous dev tool.
  • No import-time destructive behavior, persistence, native binary loading, or hidden payload carrier found.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 92 file(s), 663 KB of source, external domains: api.anthropic.com, api.context7.com, api.openai.com, api.voyageai.com, bun.sh, cli.github.com, deb.nodesource.com, discord.com, generativelanguage.googleapis.com, github.com, grep.app, ollama.com, raw.githubusercontent.com

Source & flagged code

11 flagged · loading source
extensions/autodev/debug/__tests__/debug.test.tsView file
247patternName = github_pat severity = critical line = 247 matchedText = github: ...34",
Critical
Critical Secret

Package contains a critical-looking secret pattern.

extensions/autodev/debug/__tests__/debug.test.tsView on unpkg · L247
247patternName = github_pat severity = critical line = 247 matchedText = github: ...34",
Critical
Secret Pattern

GitHub personal access token in extensions/autodev/debug/__tests__/debug.test.ts

extensions/autodev/debug/__tests__/debug.test.tsView on unpkg · L247
246patternName = google_api_key severity = high line = 246 matchedText = google: ...PQ",
High
Secret Pattern

Google API key in extensions/autodev/debug/__tests__/debug.test.ts

extensions/autodev/debug/__tests__/debug.test.tsView on unpkg · L246
extensions/autodev/background/manager.tsView file
150L151: spawn(config: SpawnConfig): string { L152: const id = this.nextId();
High
Child Process

Package source references child process execution.

extensions/autodev/background/manager.tsView on unpkg · L150
extensions/autodev/docs/seeding.tsView file
194const mdUrls: string[] = []; L195: let match: RegExpExecArray | null; L196: while ((match = linkRegex.exec(indexText)) !== null) {
High
Shell

Package source references shell execution.

extensions/autodev/docs/seeding.tsView on unpkg · L194
extensions/autodev/installer/uninstall-module.tsView file
181try { L182: const { execSync } = await import("node:child_process"); L183: const cmd = `npx @earendil-works/pi-coding-agent uninstall ${source}`; L184: execSync(cmd, { stdio: "pipe", timeout: 60_000, cwd: process.cwd() });
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

extensions/autodev/installer/uninstall-module.tsView on unpkg · L181
23const SHELL_RC_CANDIDATES = [ L24: ".bashrc", L25: ".zshrc", ... L55: const { notify } = deps; L56: const home = process.env.HOME ?? "~"; L57: const targets = [ ... L181: try { L182: const { execSync } = await import("node:child_process"); L183: const cmd = `npx @earendil-works/pi-coding-agent uninstall ${source}`; L184: execSync(cmd, { stdio: "pipe", timeout: 60_000, cwd: process.cwd() }); L185: notify(`Uninstalled ${source}`, "info");
Medium
Install Persistence

Source writes installer persistence such as shell profile or service configuration.

extensions/autodev/installer/uninstall-module.tsView on unpkg · L23
extensions/autodev/embeddings.tsView file
37): Promise<Float32Array[]> { L38: const apiKey = process.env.VOYAGE_API_KEY; L39: if (!apiKey) throw new Error("VOYAGE_API_KEY not set"); ... L42: const batch = texts.slice(i, i + VOYAGE_BATCH_SIZE); L43: const res = await fetch("https://api.voyageai.com/v1/embeddings", { L44: method: "POST", ... L48: }, L49: body: JSON.stringify({ L50: model: "voyage-3", ... L55: if (!res.ok) { L56: throw new Error(`VoyageAI embeddings failed: ${res.status} ${await res.text()}`); L57: }
High
Credential Exfiltration

Source combines credential-like environment material and outbound requests; review data flow before blocking.

extensions/autodev/embeddings.tsView on unpkg · L37
extensions/autodev/installer/tools.tsView file
1import { execSync, type ExecSyncOptions } from "node:child_process"; L2: import { platform } from "node:os"; ... L59: function isNonInteractive(): boolean { L60: if (process.env.CI === "true" || process.env.CI === "1") return true; L61: if (process.stdout != null && process.stdout.isTTY === false) return true; L62: if (process.argv.includes("--yes") || process.argv.includes("-y")) return true; ... L65: L66: const HOMEBREW_BOOTSTRAP_URL = "https://raw.githubusercontent.[redacted].sh"; L67: ... L108: notify(`Installing Homebrew from ${HOMEBREW_BOOTSTRAP_URL}...`, "info"); L109: exec(`bash -c 'NONINTERACTIVE=1 /bin/bash -c "$(curl -fsSL ${HOMEBREW_BOOTSTRAP_URL})"`, { L110: stdio: "inherit",
Critical
Download Execute

Source downloads or fetches remote code and executes it.

extensions/autodev/installer/tools.tsView on unpkg · L1
install.shView file
path = install.sh kind = build_helper sizeBytes = 2692 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

install.shView on unpkg
scripts/cli.tsView file
matchType = previous_version_dangerous_delta matchedPackage = autodev-ai@0.2.0 matchedIdentity = npm:YXV0b2Rldi1haQ:0.2.0 similarity = 0.978 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version.

scripts/cli.tsView on unpkg

Findings

4 Critical5 High5 Medium4 Low
CriticalCritical Secretextensions/autodev/debug/__tests__/debug.test.ts
CriticalDownload Executeextensions/autodev/installer/tools.ts
CriticalPrevious Version Dangerous Deltascripts/cli.ts
CriticalSecret Patternextensions/autodev/debug/__tests__/debug.test.ts
HighChild Processextensions/autodev/background/manager.ts
HighShellextensions/autodev/docs/seeding.ts
HighCredential Exfiltrationextensions/autodev/embeddings.ts
HighRuntime Package Installextensions/autodev/installer/uninstall-module.ts
HighSecret Patternextensions/autodev/debug/__tests__/debug.test.ts
MediumNetwork
MediumEnvironment Vars
MediumInstall Persistenceextensions/autodev/installer/uninstall-module.ts
MediumShips Build Helperinstall.sh
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings