AI Security Review
scanned 2h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Static reason
No blocking static signals were detected.
Trigger
User runs `cookiebite new <report.tsx>`.
Impact
A later compatible AI agent may load project instructions and an MCP server command from the generated files.
Mechanism
Explicit AI-agent configuration scaffolding.
Rationale
The package is not malicious by the inspected source, but explicit user-command mutation of an AI-agent control surface warrants a warning under the stated policy. No unconsented lifecycle hook or concrete malicious behavior was found.
Evidence
package.jsonbin/cookiebite.mjslib/new.mjslib/render.mjslib/verify.mjsverifier/runner.mjstemplates/starter.tsx<reportDir>/.mcp.json<reportDir>/CLAUDE.md<reportDir>/components.json<reportDir>/tsconfig.json
Decision evidence
public snapshotAI called this Suspicious at 93.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
- `lib/new.mjs` writes `.mcp.json` with a `shadcn` MCP server.
- `lib/new.mjs` creates `CLAUDE.md` containing agent instructions and `npx shadcn@latest` commands.
- These AI-agent control files are created by explicit `cookiebite new` usage, not at install time.
Evidence against
- `package.json` defines no preinstall, install, postinstall, or prepare hook.
- `bin/cookiebite.mjs` only dispatches explicit CLI subcommands.
- No credential harvesting, network client, or exfiltration code was found.
- `verifier/runner.mjs` runs local report verification through an explicit `verify` command.
Behavioral surface
ChildProcessDynamicRequireEnvironmentVarsFilesystemShell
HighEntropyStringsUrlStrings
Source & flagged code
2 flagged · loading sourcelib/typecheck.mjsView file
6L7: const require = createRequire(import.meta.url);
L8: const ts = require('typescript');
Medium
Dynamic Require
Package source references dynamic require/import behavior.
lib/typecheck.mjsView on unpkg · L6assets/PretendardVariable.subset.woff2View file
•path = assets/PretendardVariable.subset.woff2
kind = high_entropy_blob
sizeBytes = 1747264
magicHex = [redacted]
High
Ships High Entropy Blob
Package ships high-entropy non-source blobs.
assets/PretendardVariable.subset.woff2View on unpkgFindings
1 High3 Medium4 Low
HighShips High Entropy Blobassets/PretendardVariable.subset.woff2
MediumDynamic Requirelib/typecheck.mjs
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings