registry  /  contentrain  /  0.7.1

contentrain@0.7.1

CLI for Contentrain — AI content governance infrastructure

AI Security Review

scanned 2h ago · by lpm-firewall-ai

Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.

Static reason
No blocking static signals were detected.
Trigger
User runs `contentrain setup`, `contentrain skills`, or an init flow that elects IDE integration.
Impact
Future IDE-agent sessions may load Contentrain rules/skills and invoke its MCP server in that project.
Mechanism
Project-local AI-agent configuration and first-party MCP extension setup.
Rationale
No malicious install-time execution or exfiltration was found. The explicit agent-configuration capability warrants a warning under the firewall policy.
Evidence
package.jsondist/index.mjsdist/setup-ZnQXTEP-.mjsdist/skills-DeliTaHV.mjsdist/ide-DPDVYiaq.mjsdist/client-CJsHr9Db.mjs.mcp.json.cursor/mcp.json.windsurf/mcp.json.vscode/mcp.json.claude/rules/contentrain-essentials.md.claude/skills/CLAUDE.md.github/copilot-instructions.md.agents/skills/~/.contentrain/credentials.json
Network endpoints1
studio.contentrain.io

Decision evidence

public snapshot
AI called this Suspicious at 86.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `dist/setup-ZnQXTEP-.mjs` explicitly configures IDE agents.
  • `dist/ide-DPDVYiaq.mjs` writes MCP configs invoking `npx contentrain serve --stdio`.
  • `dist/ide-DPDVYiaq.mjs` installs always-applied rules/skills and can commit them to the project.
  • `dist/client-CJsHr9Db.mjs` sends authenticated Studio API requests to `https://studio.contentrain.io`.
Evidence against
  • `package.json` contains no preinstall/install/postinstall lifecycle hook.
  • CLI entrypoint `dist/index.mjs` only dispatches named user commands.
  • Agent configuration is limited to project-local IDE paths and requires `setup`, `skills`, or init flow.
  • No credential harvesting, unrelated exfiltration, remote payload execution, or stealth persistence was found.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkWebSocket
Supply chain
HighEntropyStringsMinifiedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 92 file(s), 759 KB of source, external domains: 127.0.0.1, ai.contentrain.io, github.com, studio.contentrain.io, vuejs.org, www.w3.org

Source & flagged code

4 flagged · loading source
dist/setup-ZnQXTEP-.mjsView file
Published source reference
Medium
Ai Review Evidence

`dist/setup-ZnQXTEP-.mjs` explicitly configures IDE agents.

dist/setup-ZnQXTEP-.mjsView on unpkg
dist/ide-DPDVYiaq.mjsView file
Published source reference
Medium
Ai Review Evidence

`dist/ide-DPDVYiaq.mjs` writes MCP configs invoking `npx contentrain serve --stdio`.

dist/ide-DPDVYiaq.mjsView on unpkg
Published source reference
Medium
Ai Review Evidence

`dist/ide-DPDVYiaq.mjs` installs always-applied rules/skills and can commit them to the project.

dist/ide-DPDVYiaq.mjsView on unpkg
dist/client-CJsHr9Db.mjsView file
Published source reference
Medium
Ai Review Evidence

`dist/client-CJsHr9Db.mjs` sends authenticated Studio API requests to `https://studio.contentrain.io`.

dist/client-CJsHr9Db.mjsView on unpkg

Findings

6 Medium4 Low
MediumNetwork
MediumEnvironment Vars
MediumAi Review Evidencedist/setup-ZnQXTEP-.mjs
MediumAi Review Evidencedist/ide-DPDVYiaq.mjs
MediumAi Review Evidencedist/ide-DPDVYiaq.mjs
MediumAi Review Evidencedist/client-CJsHr9Db.mjs
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings