registry  /  cookiebite  /  0.3.0

cookiebite@0.3.0

Typed TSX authoring for cookiebite single-file HTML reports

AI Security Review

scanned 2h ago · by lpm-firewall-ai

Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.

Static reason
No blocking static signals were detected.
Trigger
User runs `cookiebite new <report.tsx>`.
Impact
A later compatible AI agent may load project instructions and an MCP server command from the generated files.
Mechanism
Explicit AI-agent configuration scaffolding.
Rationale
The package is not malicious by the inspected source, but explicit user-command mutation of an AI-agent control surface warrants a warning under the stated policy. No unconsented lifecycle hook or concrete malicious behavior was found.
Evidence
package.jsonbin/cookiebite.mjslib/new.mjslib/render.mjslib/verify.mjsverifier/runner.mjstemplates/starter.tsx<reportDir>/.mcp.json<reportDir>/CLAUDE.md<reportDir>/components.json<reportDir>/tsconfig.json

Decision evidence

public snapshot
AI called this Suspicious at 93.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • `lib/new.mjs` writes `.mcp.json` with a `shadcn` MCP server.
  • `lib/new.mjs` creates `CLAUDE.md` containing agent instructions and `npx shadcn@latest` commands.
  • These AI-agent control files are created by explicit `cookiebite new` usage, not at install time.
Evidence against
  • `package.json` defines no preinstall, install, postinstall, or prepare hook.
  • `bin/cookiebite.mjs` only dispatches explicit CLI subcommands.
  • No credential harvesting, network client, or exfiltration code was found.
  • `verifier/runner.mjs` runs local report verification through an explicit `verify` command.
Behavioral surface
Source
ChildProcessDynamicRequireEnvironmentVarsFilesystemShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 56 file(s), 175 KB of source, external domains: ui.shadcn.com

Source & flagged code

2 flagged · loading source
lib/typecheck.mjsView file
6L7: const require = createRequire(import.meta.url); L8: const ts = require('typescript');
Medium
Dynamic Require

Package source references dynamic require/import behavior.

lib/typecheck.mjsView on unpkg · L6
assets/PretendardVariable.subset.woff2View file
path = assets/PretendardVariable.subset.woff2 kind = high_entropy_blob sizeBytes = 1747264 magicHex = [redacted]
High
Ships High Entropy Blob

Package ships high-entropy non-source blobs.

assets/PretendardVariable.subset.woff2View on unpkg

Findings

1 High3 Medium4 Low
HighShips High Entropy Blobassets/PretendardVariable.subset.woff2
MediumDynamic Requirelib/typecheck.mjs
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings