registry  /  benjamin-docs  /  0.11.1

benjamin-docs@0.11.1

Persistent project memory for AI coding agents. Session hooks load it into Claude Code, Codex, and Cursor automatically; drift detection flags docs that fell behind the code.

AI Security Review

scanned 2h ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. The package is an AI-agent project-memory CLI with explicit commands that install first-party hooks, MCP registrations, and skills. This is package-aligned but touches AI-agent control surfaces, so it is lifecycle-risk rather than malicious.

Static reason
No blocking static signals were detected.
Trigger
User runs benjamin-docs hooks install, mcp install, install-skill, init --hooks, or consents during interactive init/upgrade.
Impact
Local agents may load Benjamin Docs context and run benjamin-docs session commands for the project; no exfiltration or remote code execution chain was found.
Mechanism
explicit first-party AI-agent hook/MCP/skill setup
Rationale
No install-time execution, credential harvesting, exfiltration, destructive behavior, or remote payload execution was found. The remaining risk is explicit, first-party agent hook/MCP/skill setup that modifies agent control surfaces only when invoked or consented to.
Evidence
package.jsondist/src/cli.jsdist/src/hooks.jsdist/src/mcp-install.jsdist/src/install-skill.jsdist/src/update-check.jsdist/src/fsx.jsdist/src/session.js.claude/settings.json.codex/hooks.json.cursor/hooks.json.mcp.json.cursor/mcp.json.codex/config.toml~/.agents/skills/benjamin-docs/SKILL.md~/.codex/skills/benjamin-docs/SKILL.md~/.claude/skills/benjamin-docs/SKILL.md~/.cursor/skills/benjamin-docs/SKILL.md~/.benjamin-docs/update-check.json~/.benjamin-docs/session-hooks/*.json
Network endpoints1
registry.npmjs.org/benjamin-docs/latest

Decision evidence

public snapshot
AI called this Suspicious at 88.0% confidence as Benign with medium false-positive risk.
Evidence for warning
  • dist/src/hooks.js installs Benjamin-owned session-start/session-stop commands into .claude, .codex, and .cursor hook files.
  • dist/src/mcp-install.js can register a local benjamin-docs MCP server in Claude Code, Cursor, and Codex configs.
  • dist/src/install-skill.js writes bundled skill text into agent skill directories under the user's home directory.
Evidence against
  • package.json has no preinstall/install/postinstall lifecycle hooks.
  • Agent config mutation is explicit CLI behavior: hooks install, mcp install, install-skill, init --hooks, or prompted init/upgrade.
  • Hook and MCP entries run local benjamin-docs commands, not remote payloads or shell snippets.
  • dist/src/fsx.js and project-config.js enforce relative in-root paths and reject symlinks for generated project files.
  • dist/src/update-check.js only fetches package latest metadata from npm and caches version data; no credential/file exfiltration found.
  • child_process use is limited to git status/diff helpers and detached self-spawn for update-cache.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 36 file(s), 287 KB of source, external domains: registry.npmjs.org

Source & flagged code

2 flagged · loading source
dist/src/export.jsView file
1import { execFileSync } from "node:child_process"; L2: import { existsSync, readFileSync, rmSync } from "node:fs";
High
Child Process

Package source references child process execution.

dist/src/export.jsView on unpkg · L1
dist/src/update-check.jsView file
1import { spawn } from "node:child_process"; L2: import { mkdirSync, readFileSync, writeFileSync } from "node:fs"; ... L7: const FETCH_TIMEOUT_MS = 3000; L8: const DEFAULT_REGISTRY_URL = "https://registry.npmjs.org/benjamin-docs/latest"; L9: export function updateChecksEnabled() { L10: return process.env.BENJAMIN_DOCS_NO_UPDATE_CHECK !== "1"; L11: }
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

dist/src/update-check.jsView on unpkg · L1

Findings

3 High2 Medium4 Low
HighChild Processdist/src/export.js
HighShell
HighSame File Env Network Executiondist/src/update-check.js
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings