AI Security Review
scanned 12d ago · by lpm-firewall-aiNo confirmed malicious attack surface was found. The package is a CLI that, when invoked by the user, authenticates to Catalyst, uploads a selected project directory for remote builds, and downloads build artifacts.
Static reason
No blocking static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs catalyst CLI commands such as login, check, upload, build, pull, or run.
Impact
Expected Catalyst project upload/build behavior; no install-time execution, credential harvesting, persistence, or unaligned exfiltration found.
Mechanism
User-invoked authenticated build/upload CLI
Rationale
Static inspection shows suspicious primitives are package-aligned and user-invoked for a build service CLI. There is no lifecycle execution, hidden payload, unconsented credential/file harvesting, or AI-agent control-surface mutation.
Evidence
package.jsonbin/catalyst.jssrc/index.jsREADME.md~/.catalyst/config.json$CATALYST_CONFIG_DIR/config.jsonuser-supplied project directoryuser-specified artifact output path
Network endpoints11
dev.bcat.website/catalyst/apiwww.bcat.website/auth/user//auth/api-keys/{token_id}/revoke//ci/preflight//ci/projects/{projectId}/upload-files//ci/projects/upload-local//ci/projects/{projectId}/build-actions//ci/projects/{projectId}/build-local//ci/builds/{buildId}/result/artifact.download_url
Decision evidence
public snapshotAI called this Clean at 90.0% confidence as Benign with low false-positive risk.
Evidence for block
- package.json declares dependency on catalyst-cli@^0.1.0, an odd self-dependency but not executed by lifecycle hooks.
Evidence against
- package.json has no install/preinstall/postinstall scripts; bin only maps catalyst to bin/catalyst.js.
- bin/catalyst.js only imports src/index.js and runs main() when CLI is invoked.
- src/index.js network calls are user-command aligned: login/whoami/logout/check/upload/build/pull against Catalyst API or returned artifact URL.
- src/index.js stores only Catalyst session config at ~/.catalyst/config.json or CATALYST_CONFIG_DIR with chmod 0600 best effort.
- Project file reading/zipping occurs only for user-supplied check/upload/run directories and skips common dependency/build/cache dirs.
- child_process.spawn is limited to user-invoked browser opener and npm install --dry-run --ignore-scripts for --deep preflight.
Behavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemNetwork
HighEntropyStringsUrlStrings
Source & flagged code
1 flagged · loading sourcesrc/index.jsView file
•matchType = previous_version_dangerous_delta
matchedPackage = catalyst-cli@0.2.1
matchedIdentity = npm:Y2F0YWx5c3QtY2xp:0.2.1
similarity = 0.500
summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta
This package version adds a dangerous source file absent from the previous stored version.
src/index.jsView on unpkgFindings
1 Critical2 Medium3 Low
CriticalPrevious Version Dangerous Deltasrc/index.js
MediumNetwork
MediumEnvironment Vars
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings