registry  /  byteplan-code-cli  /  1.0.12

byteplan-code-cli@1.0.12

BytePlan Code CLI - Command line tool for BytePlan authentication and user management

AI Security Review

scanned 4h ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. No confirmed malware chain was found. The notable risk is an explicit user-command feature that installs first-party bundled AI-agent skills into Claude Code's skill directory.

Static reason
No blocking static signals were detected.
Trigger
User runs `bp-code skill install` or authenticated BytePlan CLI commands such as `login`.
Impact
User-approved Claude skill installation and local credential persistence; no unconsented install-time mutation or exfiltration found.
Mechanism
Explicit CLI file copy/removal and product API calls
Rationale
Static source inspection shows a legitimate BytePlan CLI with explicit product API operations and documented local credential storage. Because it can install bundled first-party skills into a Claude Code control surface by user command, warn for agent extension lifecycle risk rather than block.
Evidence
package.jsonsrc/cli.jssrc/commands/skill.jsskills/bp-install/SKILL.mdsrc/api/auth.jssrc/api/core.jssrc/api/logs.jssrc/archive.js~/.claude/skills/<skill>~/.byteplan/.env~/.byteplan/.env.<env>~/.byteplan/envs.json~/.byteplan/pages/<pageId>/<tagId>
Network endpoints3
dev.byteplan.comuatapp.byteplan.comgrafana.ops.byteplan.com

Decision evidence

public snapshot
AI called this Suspicious at 86.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • src/commands/skill.js implements explicit `bp-code skill install/remove` copying/removing bundled skills under default `~/.claude/skills`.
  • skills/bp-install/SKILL.md documents installing package-provided skills into Claude Code skill directory.
  • src/api/auth.js stores BP credentials and tokens in `~/.byteplan/.env.<env>` after user-invoked login.
  • src/api/core.js hardcodes BytePlan endpoints `https://dev.byteplan.com` and `https://uatapp.byteplan.com`; src/api/logs.js uses `https://grafana.ops.byteplan.com`.
  • src/archive.js uses `spawnSync` for local mkdir/cp during explicit page archive operations.
Evidence against
  • package.json has no preinstall/install/postinstall lifecycle hooks.
  • CLI entrypoint only registers commander commands; no install-time or import-time payload execution found.
  • Network calls are BytePlan/Grafana product APIs used by authenticated CLI commands, not arbitrary exfiltration endpoints.
  • Credential reads/writes are documented login/config behavior under `~/.byteplan`, not hidden harvesting.
  • No eval/vm/Function, native binary loading, obfuscation, or remote code download observed.
  • Agent skill writes require explicit `bp-code skill install` command and copy bundled first-party skill files.
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsMinifiedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 46 file(s), 366 KB of source, external domains: custom.example.com, dev.byteplan.com, grafana.ops.byteplan.com, test.example.com, uatapp.byteplan.com

Source & flagged code

5 flagged · loading source
src/commands/skill.jsView file
Published source reference
Medium
Ai Review Evidence

src/commands/skill.js implements explicit `bp-code skill install/remove` copying/removing bundled skills under default `~/.claude/skills`.

src/commands/skill.jsView on unpkg
skills/bp-install/SKILL.mdView file
Published source reference
Medium
Ai Review Evidence

skills/bp-install/SKILL.md documents installing package-provided skills into Claude Code skill directory.

skills/bp-install/SKILL.mdView on unpkg
src/api/auth.jsView file
Published source reference
Medium
Ai Review Evidence

src/api/auth.js stores BP credentials and tokens in `~/.byteplan/.env.<env>` after user-invoked login.

src/api/auth.jsView on unpkg
src/api/core.jsView file
Published source reference
Medium
Ai Review Evidence

src/api/core.js hardcodes BytePlan endpoints `https://dev.byteplan.com` and `https://uatapp.byteplan.com`; src/api/logs.js uses `https://grafana.ops.byteplan.com`.

src/api/core.jsView on unpkg
src/archive.jsView file
Published source reference
Medium
Ai Review Evidence

src/archive.js uses `spawnSync` for local mkdir/cp during explicit page archive operations.

src/archive.jsView on unpkg

Findings

7 Medium4 Low
MediumNetwork
MediumEnvironment Vars
MediumAi Review Evidencesrc/commands/skill.js
MediumAi Review Evidenceskills/bp-install/SKILL.md
MediumAi Review Evidencesrc/api/auth.js
MediumAi Review Evidencesrc/api/core.js
MediumAi Review Evidencesrc/archive.js
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings