registry  /  berserqir  /  0.4.0

berserqir@0.4.0

Berserqir — the agent legion harness. SDD + hierarchical memory + agentic loop + behavioral evals, portable across GitHub Copilot, Claude Code and Cursor.

AI Security Review

scanned 2d ago · by lpm-firewall-ai

Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.

Static reason
No blocking static signals were detected.
Trigger
User runs npx berserqir install/update or installed agent hooks run during supported IDE/agent events.
Impact
Installs guardrail and memory hooks into .claude, .cursor, .github, and .berserqir; update hook may query npm for package version.
Mechanism
explicit user-command agent config mutation with package-owned hooks
Rationale
Source inspection shows agent control-surface writes, but they occur only through the explicit CLI installer/update flow and are package-aligned guardrails rather than stealth install-time hijacking. Per policy this is a warning-level agent capability/lifecycle risk, not a publish block.
Evidence
package.jsonbin/berserqir.jsadapters/claude-code/compile.mjsadapters/cursor/compile.mjsadapters/copilot/compile.mjsadapters/claude-code/hook-adapter.mjsadapters/cursor/hook-adapter.mjsadapters/copilot/hook-adapter.mjscore/hooks/update-check/update-check.mjs.berserqir/manifest.json.berserqir/hooks/*.claude/settings.json.cursor/hooks.json.github/hooks/berserqir.json.github/copilot-instructions.mdCLAUDE.mdAGENTS.md
Network endpoints1
npm view berserqir version

Decision evidence

public snapshot
AI called this Suspicious at 84.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • bin/berserqir.js explicit install/update command compiles and writes agent harness files into target repo.
  • adapters/claude-code/compile.mjs writes .claude/settings.json hooks invoking .berserqir/hooks/claude-adapter.mjs.
  • adapters/cursor/compile.mjs writes .cursor/hooks.json; adapters/copilot/compile.mjs writes .github/hooks/berserqir.json.
  • core/hooks/update-check/update-check.mjs can run npm view berserqir version as a detached update check from installed hooks.
Evidence against
  • package.json has no preinstall/install/postinstall lifecycle scripts; install mutation is user-invoked via bin.
  • bin/berserqir.js plans conflicts, prompts unless --yes/non-TTY, supports --dry-run, and preserves modified files unless --force.
  • Hook behavior is package-aligned guardrails: git-safety, config-protection, memory validation, journaling, and update nudges.
  • No credential harvesting, arbitrary remote payload download, eval/vm/Function, or non-package exfiltration endpoints found.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemShell
Supply chain
HighEntropyStrings
ManifestNo manifest risk signals triggered.
scanned 14 file(s), 106 KB of source

Source & flagged code

4 flagged · loading source
bin/berserqir.jsView file
Published source reference
Medium
Ai Review Evidence

bin/berserqir.js explicit install/update command compiles and writes agent harness files into target repo.

bin/berserqir.jsView on unpkg
adapters/claude-code/compile.mjsView file
Published source reference
Medium
Ai Review Evidence

adapters/claude-code/compile.mjs writes .claude/settings.json hooks invoking .berserqir/hooks/claude-adapter.mjs.

adapters/claude-code/compile.mjsView on unpkg
adapters/cursor/compile.mjsView file
Published source reference
Medium
Ai Review Evidence

adapters/cursor/compile.mjs writes .cursor/hooks.json; adapters/copilot/compile.mjs writes .github/hooks/berserqir.json.

adapters/cursor/compile.mjsView on unpkg
core/hooks/update-check/update-check.mjsView file
Published source reference
Medium
Ai Review Evidence

core/hooks/update-check/update-check.mjs can run npm view berserqir version as a detached update check from installed hooks.

core/hooks/update-check/update-check.mjsView on unpkg

Findings

5 Medium3 Low
MediumEnvironment Vars
MediumAi Review Evidencebin/berserqir.js
MediumAi Review Evidenceadapters/claude-code/compile.mjs
MediumAi Review Evidenceadapters/cursor/compile.mjs
MediumAi Review Evidencecore/hooks/update-check/update-check.mjs
LowScripts Present
LowFilesystem
LowHigh Entropy Strings