registry  /  codeably  /  1.3.2

codeably@1.3.2

Autonomous coding agent. Bring your own API key. Zero cost forever.

AI Security Review

scanned 2h ago · by lpm-firewall-ai

This is an explicit autonomous coding-agent CLI with broad project file, shell, git, and web-fetch capabilities delegated to a configured LLM. The risk is real dual-use capability, but source inspection did not find install-time compromise, hidden exfiltration, persistence, or unconsented AI-agent control-surface mutation.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs `codeably`, `cb`, `create-codeably`, `codeably update`, chat `/save`, or shortcut installer scripts.
Impact
Can modify or delete project files, run shell commands, fetch URLs, commit changes, write local config/history/chat logs, and alter shell profile aliases when explicitly invoked.
Mechanism
User-invoked LLM agent tools for file mutation, shell execution, network fetch, git operations, config/history writes, and optional global install/shortcut setup.
Rationale
Source shows a high-capability autonomous coding agent whose risky primitives are explicit product functionality and mostly user-invoked, with no confirmed malicious install-time or covert behavior. Warn is appropriate for dangerous dual-use agent capability rather than publish-blocking as malware.
Evidence
package.jsoncodeably.jsbin/create-codeably.jsruntime/agent.jsruntime/client.jstools/index.jsconfig/setup.jsconfig/store.jsconfig/providers.jsruntime/memory.jsui/chat.jsinstall-shortcut.shuser project files under cwd~/.codeably/config.json~/.codeably/history.jsoncodeably-chat-*.txt$HOME/.zshrc$HOME/.bash_profile$HOME/.bashrc$HOME/.config/fish/config.fish$PROFILE.CurrentUserCurrentHost/tmp/codeably_script_*.sh
Network endpoints8
api.anthropic.com/v1api.openai.com/v1api.groq.com/openai/v1generativelanguage.googleapis.com/v1beta/openaiapi.mistral.ai/v1openrouter.ai/api/v1localhost:11434/v1registry.npmjs.org/${pkg}/latest

Decision evidence

public snapshot
AI called this Suspicious at 86.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • tools/index.js exposes LLM-invoked write/patch/delete, shell command/script, git commit, arbitrary url_fetch, and npm registry lookup tools.
  • runtime/agent.js gives the selected model those tools during `codeably "task"` sessions and includes cwd context.
  • bin/create-codeably.js can run `npm install -g codeably` or `sudo npm install -g codeably`, but only after an interactive prompt.
  • install-shortcut.sh and install-shortcut.ps1 append a `cb` shortcut to shell profiles when explicitly run.
Evidence against
  • package.json has no preinstall/install/postinstall/prepare lifecycle hook.
  • Network endpoints are configured LLM providers, localhost Ollama, arbitrary user/model-requested url_fetch, and npm registry lookup; no hidden exfil endpoint found.
  • config/setup.js stores user API keys locally in ~/.codeably/config.json; runtime/client.js sends them only as API credentials to configured baseURL.
  • Destructive delete_file/delete_files_bulk require confirm_delete approval in runtime/agent.js/tools/index.js.
  • No eval/vm/native binary/obfuscated payload found in package files.
Behavioral surface
Source
ChildProcessCryptoFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 13 file(s), 104 KB of source, external domains: aistudio.google.com, api.anthropic.com, api.groq.com, api.mistral.ai, api.openai.com, console.anthropic.com, console.groq.com, console.mistral.ai, generativelanguage.googleapis.com, github.com, openrouter.ai, platform.openai.com, registry.npmjs.org

Source & flagged code

4 flagged · loading source
tools/index.jsView file
matchType = previous_version_dangerous_delta matchedPackage = codeably@1.3.1 matchedIdentity = npm:Y29kZWFibHk:1.3.1 similarity = 0.846 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

tools/index.jsView on unpkg
9import path from "path"; L10: import { execSync } from "child_process"; L11: import { createHash } from "crypto";
High
Child Process

Package source references child process execution.

tools/index.jsView on unpkg · L9
bin/create-codeably.jsView file
4* L5: * npx codeably — zero-install quickstart. L6: * Run from any terminal: npx codeably "your task" ... L14: L15: import { execSync, spawn } from "child_process"; L16: import { createInterface } from "readline";
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

bin/create-codeably.jsView on unpkg · L4
install-shortcut.shView file
path = install-shortcut.sh kind = build_helper sizeBytes = 3524 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

install-shortcut.shView on unpkg

Findings

1 Critical3 High3 Medium4 Low
CriticalPrevious Version Dangerous Deltatools/index.js
HighChild Processtools/index.js
HighShell
HighRuntime Package Installbin/create-codeably.js
MediumNetwork
MediumShips Build Helperinstall-shortcut.sh
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings