registry  /  byteplan-code-cli  /  1.0.5

byteplan-code-cli@1.0.5

BytePlan Code CLI - Command line tool for BytePlan authentication and user management

AI Security Review

scanned 4h ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. No confirmed malicious attack surface. The notable risk is explicit user-command installation/removal of bundled Claude skills and user-command credential storage for BytePlan/Grafana workflows.

Static reason
No blocking static signals were detected.
Trigger
User runs CLI commands such as `bp-code skill install`, `bp-code login`, or `bp-code logs`.
Impact
Can write local BytePlan config/tokens and install package-owned skills into Claude's skills directory when requested by the user.
Mechanism
user-invoked BytePlan CLI and bundled skill installer
Rationale
The package is not malicious by source inspection, but explicit Claude skill installation/removal is an AI-agent extension control-surface mutation that merits a warn rather than a publish block. No unconsented install-time action or unrelated exfiltration path was found.
Evidence
package.jsonsrc/cli.jssrc/api/core.jssrc/api/auth.jssrc/commands/auth.jssrc/commands/skill.jssrc/api/logs.jssrc/commands/logs.jssrc/archive.jsskills/web-api-capture/scripts/capture.py~/.byteplan/.env~/.byteplan/pages/<pageId>/<tagId>~/.claude/skills/<skillName>CAPTURE_OUT/manifest.jsonCAPTURE_OUT/*.json
Network endpoints4
dev.byteplan.comuatapp.byteplan.combyteplan.51fubei.comgrafana.ops.byteplan.com

Decision evidence

public snapshot
AI called this Suspicious at 86.0% confidence as Benign with medium false-positive risk.
Evidence for warning
  • src/commands/skill.js provides explicit `bp-code skill install/remove` commands that write/remove bundled skills under `~/.claude/skills` by default.
  • src/commands/auth.js and src/api/auth.js save BytePlan credentials/tokens to `~/.byteplan/.env` after user-invoked login.
  • skills/web-api-capture/scripts/capture.py can capture browser XHR/Fetch bodies to CAPTURE_OUT, but is a bundled helper run explicitly by users.
Evidence against
  • package.json has no preinstall/install/postinstall lifecycle scripts.
  • src/cli.js only registers commander subcommands; no install-time execution.
  • Network calls are to BytePlan/Grafana product endpoints in src/api/*.js and require user CLI commands.
  • No evidence of credential exfiltration to unrelated hosts, remote payload loading, persistence, or destructive install-time behavior.
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 37 file(s), 298 KB of source, external domains: byteplan.51fubei.com, dev.byteplan.com, grafana.ops.byteplan.com, uatapp.byteplan.com

Source & flagged code

1 flagged · loading source
skills/web-api-capture/scripts/capture.pyView file
path = skills/web-api-capture/scripts/capture.py kind = build_helper sizeBytes = 4463 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

skills/web-api-capture/scripts/capture.pyView on unpkg

Findings

4 Medium4 Low
MediumNetwork
MediumEnvironment Vars
MediumShips Build Helperskills/web-api-capture/scripts/capture.py
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings