registry  /  benjamin-docs  /  0.10.0

benjamin-docs@0.10.0

Persistent project memory for AI coding agents. Session hooks load it into Claude Code, Codex, and Cursor automatically; drift detection flags docs that fell behind the code.

AI Security Review

scanned 3h ago · by lpm-firewall-ai

No confirmed malicious attack surface. Risky primitives are aligned with a local project-memory CLI and are activated by explicit CLI use or agent hooks installed by that CLI, not npm install.

Static reason
No blocking static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs benjamin-docs CLI commands such as init --hooks, hooks install, install-skill, upgrade, session-start, or export.
Impact
Writes Benjamin Docs project metadata/docs and optional first-party agent hook/skill entries; no credential harvesting, remote payload execution, or exfiltration found.
Mechanism
project memory generation, agent hook/skill setup, git status checks, and npm version update check
Rationale
Static inspection shows a developer CLI for maintaining project documentation and optional first-party agent integrations, with no lifecycle execution and no concrete malicious chain. Network, child_process, and agent config writes are narrow, package-aligned, and user-invoked or installed hook-invoked.
Evidence
package.jsondist/src/cli.jsdist/src/hooks.jsdist/src/install-skill.jsdist/src/update-check.jsdist/src/fsx.jsdist/src/git.jsdist/src/upgrade.jsAGENTS.md.benjamin-docs/config.json.benjamin-docs/update-check.json.claude/settings.json.codex/hooks.json.cursor/hooks.json.agents/skills/benjamin-docs/SKILL.md.codex/skills/benjamin-docs/SKILL.md.claude/skills/benjamin-docs/SKILL.md.cursor/skills/benjamin-docs/SKILL.mdexports/**
Network endpoints1
registry.npmjs.org/benjamin-docs/latest

Decision evidence

public snapshot
AI called this Clean at 90.0% confidence as Benign with medium false-positive risk.
Evidence for block
  • User-invoked commands can write AI-agent hook/skill files: dist/src/hooks.js, dist/src/install-skill.js.
  • Session-start may spawn detached node for update-cache: dist/src/update-check.js.
Evidence against
  • package.json has no preinstall/install/postinstall lifecycle scripts.
  • bin entry dist/src/cli.js dispatches explicit CLI commands; no import-time mutation found.
  • dist/src/hooks.js installs only benjamin-docs session-start/session-stop commands and preserves/removes marked entries.
  • dist/src/fsx.js constrains generated project paths under the project root and rejects symlinks.
  • dist/src/update-check.js only fetches npm latest metadata and caches version JSON under .benjamin-docs/update-check.json.
  • dist/src/git.js child_process usage is limited to fixed git commands for drift/export status.
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 32 file(s), 253 KB of source, external domains: registry.npmjs.org

Source & flagged code

3 flagged · loading source
dist/src/export.jsView file
1import { execFileSync } from "node:child_process"; L2: import { existsSync, readFileSync, rmSync } from "node:fs";
High
Child Process

Package source references child process execution.

dist/src/export.jsView on unpkg · L1
dist/src/update-check.jsView file
1import { spawn } from "node:child_process"; L2: import { mkdirSync, readFileSync, writeFileSync } from "node:fs"; ... L7: const FETCH_TIMEOUT_MS = 3000; L8: const DEFAULT_REGISTRY_URL = "https://registry.npmjs.org/benjamin-docs/latest"; L9: export function updateChecksEnabled() { L10: return process.env.BENJAMIN_DOCS_NO_UPDATE_CHECK !== "1"; L11: }
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

dist/src/update-check.jsView on unpkg · L1
matchType = previous_version_dangerous_delta matchedPackage = benjamin-docs@0.9.3 matchedIdentity = npm:YmVuamFtaW4tZG9jcw:0.9.3 similarity = 0.680 summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/src/update-check.jsView on unpkg

Findings

4 High2 Medium4 Low
HighChild Processdist/src/export.js
HighShell
HighSame File Env Network Executiondist/src/update-check.js
HighPrevious Version Dangerous Deltadist/src/update-check.js
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings