registry  /  codemini-cli  /  0.8.0

codemini-cli@0.8.0

An extremely restrained coding + tasks CLI. Every platform. Every terminal. Minimal by design.

AI Security Review

scanned 6h ago · by lpm-firewall-ai

No unconsented install-time or import-time attack surface is established. This is an explicitly invoked coding-agent CLI whose project command and file operations are runtime features.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
User runs `codemini` or starts `codemini web` and submits an agent task.
Impact
Can affect the user-selected project only when the CLI/web runtime is used; no covert persistence, credential harvesting, or malicious payload chain was found.
Mechanism
User-triggered local coding-agent tools, subprocess execution, and configured LLM API requests.
Rationale
The package implements expected user-invoked AI coding functionality, including commands, file edits, and configured model requests. Direct inspection found no lifecycle execution, covert exfiltration, destructive trigger, or foreign AI-agent control-surface mutation.
Evidence
package.jsonbin/coder.jssrc/core/process-run.jssrc/core/agent-loop.jssrc/core/provider/openai-compatible.jscodemini-web/server.jssrc/cli.jssrc/commands/web.jssrc/core/tools.jssrc/core/paths.jscodemini-web/lib/embed-resolver.jscodemini-web/dist/assets/MarkdownEditor-kQWDzhOR.js
Network endpoints1
127.0.0.1:8000/v1

Decision evidence

public snapshot
AI called this Clean at 92.0% confidence as Benign with low false-positive risk.
Evidence for block
  • `src/core/process-run.js` runs subprocesses for the coding-agent workflow.
  • `src/core/tools.js` exposes project file and command tools, activated through chat/runtime requests.
  • `codemini-web/server.js` starts a local web UI and can auto-open a browser only after `codemini web`.
Evidence against
  • `package.json` has no `preinstall`, `install`, `postinstall`, or `prepare` lifecycle hook.
  • `bin/coder.js` only dispatches after the user invokes the CLI.
  • Provider requests use configured gateway credentials in `src/core/provider/openai-compatible.js`; no hidden exfiltration endpoint was found.
  • Authored JS outside bundled web assets contains no bidi-control characters; the flagged Markdown asset is a third-party minified editor bundle.
  • `src/core/agent-loop.js` applies command-policy and approval handling before agent command execution.
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNativeBindingsNetworkShell
Supply chain
HighEntropyStringsMinifiedObfuscatedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 731 file(s), 22.3 MB of source, external domains: 127.0.0.1, api.exa.ai, api.github.com, api.tavily.com, cdn.jsdelivr.net, cn.bing.com, codemini.local, example.com, github.com, html.spec.whatwg.org, img.youtube.com, radix-ui.com, react.dev, unpkg.com, www.google.com, www.markdownguide.org, www.reddit.com, www.w3.org, www.youtube.com

Source & flagged code

5 flagged · loading source
codemini-web/dist/assets/vue-vine-Di7Vc_-0.jsView file
1import{t as e}from"./javascript-uC_ymh2K.js";import{t}from"./css-BBfbkQ4Z.js";import{t as n}from"./scss-6l0uLbp8.js";import r from"./postcss-BXeXVLqQ.js";import i from"./less-DVTAw...
Medium
Dynamic Require

Package source references dynamic require/import behavior.

codemini-web/dist/assets/vue-vine-Di7Vc_-0.jsView on unpkg · L1
codemini-web/dist/assets/MarkdownEditor-kQWDzhOR.jsView file
11contains invisible/control Unicode U+200E (left-to-right mark) `&&F()}function K(){for(;Ho[N];)F()}function q(e){e===void 0&&(e=!1),K();for(var t=[be(e)];P(`,`);)F(),K(),t.push(be(e));return{type:`Selector`,rules:t}}function me(){B(`[`),K();var e;if(P(`|`)){L(y,`Namespaces are not enabled.`),F();var t=
Critical
Trojan Source Unicode

Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.

codemini-web/dist/assets/MarkdownEditor-kQWDzhOR.jsView on unpkg · L11
codemini-web/dist/animations/home/general/loader-cat-dark.lottieView file
path = codemini-[redacted]-cat-dark.lottie kind = compressed_blob sizeBytes = 4034 magicHex = [redacted]
Medium
Ships Compressed Blob

Package ships compressed or archive-like blobs.

codemini-web/dist/animations/home/general/loader-cat-dark.lottieView on unpkg
path = codemini-[redacted]-cat-dark.lottie kind = nested_archive_needs_inspection sizeBytes = 4034 magicHex = [redacted]
Low
Nested Archive Needs Inspection

Package ships a nested archive or MCP bundle that was inventoried but not recursively analyzed.

codemini-web/dist/animations/home/general/loader-cat-dark.lottieView on unpkg
codemini-web/dist/assets/GeistMono-Variable-Dispecij.woff2View file
path = codemini-web/dist/assets/GeistMono-Variable-Dispecij.woff2 kind = high_entropy_blob sizeBytes = 71368 magicHex = [redacted]
High
Ships High Entropy Blob

Package ships high-entropy non-source blobs.

codemini-web/dist/assets/GeistMono-Variable-Dispecij.woff2View on unpkg

Findings

1 Critical1 High5 Medium6 Low
CriticalTrojan Source Unicodecodemini-web/dist/assets/MarkdownEditor-kQWDzhOR.js
HighShips High Entropy Blobcodemini-web/dist/assets/GeistMono-Variable-Dispecij.woff2
MediumDynamic Requirecodemini-web/dist/assets/vue-vine-Di7Vc_-0.js
MediumNetwork
MediumEnvironment Vars
MediumShips Compressed Blobcodemini-web/dist/animations/home/general/loader-cat-dark.lottie
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings
LowNested Archive Needs Inspectioncodemini-web/dist/animations/home/general/loader-cat-dark.lottie