registry  /  byteplan-code-cli  /  1.0.4

byteplan-code-cli@1.0.4

BytePlan Code CLI - Command line tool for BytePlan authentication and user management

AI Security Review

scanned 4h ago · by lpm-firewall-ai

Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.

Static reason
No blocking static signals were detected.
Trigger
User runs bp-code skill install/remove or bp-code login/API subcommands.
Impact
Can add/remove bundled agent skills under the configured Claude skills directory; login saves BytePlan credentials locally and sends them to BytePlan endpoints.
Mechanism
User-invoked Claude skills installation and BytePlan API client operations.
Rationale
Static inspection found no unconsented install-time mutation, exfiltration, destructive payload, or remote code execution. Because the package includes explicit user-command mutation of Claude skills, it should warn rather than block.
Evidence
package.jsonsrc/cli.jssrc/commands/skill.jssrc/api/auth.jssrc/api/core.jssrc/archive.jsskills/web-api-capture/scripts/capture.py~/.claude/skills~/.byteplan/.env~/.byteplan/pages/<pageId>/<tagId>
Network endpoints4
dev.byteplan.comuatapp.byteplan.combyteplan.51fubei.comgrafana.ops.byteplan.com

Decision evidence

public snapshot
AI called this Suspicious at 86.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • src/commands/skill.js explicitly installs bundled skills into default ~/.claude/skills via symlinkSync/cpSync on user command.
  • src/commands/skill.js remove can rmSync entries under the selected skills target.
  • src/api/auth.js stores BP_USER/BP_PASSWORD/access tokens in ~/.byteplan/.env after login.
Evidence against
  • package.json has no preinstall/install/postinstall lifecycle hooks.
  • src/cli.js only registers commander subcommands; no install-time execution.
  • Network calls are to BytePlan/Grafana service endpoints used by CLI commands, not hidden exfil endpoints.
  • No obfuscated payload, eval/Function, dynamic remote code loading, or credential harvesting beyond user-invoked BytePlan login.
  • skills/web-api-capture/scripts/capture.py is a documented helper run via browser-use, not invoked automatically.
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 35 file(s), 268 KB of source, external domains: byteplan.51fubei.com, dev.byteplan.com, grafana.ops.byteplan.com, uatapp.byteplan.com

Source & flagged code

1 flagged · loading source
skills/web-api-capture/scripts/capture.pyView file
path = skills/web-api-capture/scripts/capture.py kind = build_helper sizeBytes = 4463 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

skills/web-api-capture/scripts/capture.pyView on unpkg

Findings

4 Medium4 Low
MediumNetwork
MediumEnvironment Vars
MediumShips Build Helperskills/web-api-capture/scripts/capture.py
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings