registry  /  create-ai-boilerplate  /  0.1.4

create-ai-boilerplate@0.1.4

Scaffold a new project from the Boilerplate: an operating system and guide for building software with AI, from idea to shipped product.

AI Security Review

scanned 6h ago · by lpm-firewall-ai

Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.

Static reason
One or more suspicious static signals were detected.
Trigger
User runs `create-ai-boilerplate`, `bash start.sh`, or `bash scripts/install-harness.sh`.
Impact
The generated project can grant broad preconfigured Claude Code command permissions if the user subsequently runs that agent there.
Mechanism
Explicit project scaffolding plus AI-agent configuration deployment.
Rationale
No concrete malware behavior was found, but the package intentionally deploys a broad AI-agent permission configuration into generated projects. Per policy, explicit user-command AI-agent config mutation warrants a warning rather than a block.
Evidence
package.jsonindex.jstemplate/.claude/settings.jsontemplate/start.shtemplate/scripts/install-harness.shtemplate/docs/prompts/project-setup.md

Decision evidence

public snapshot
AI called this Suspicious at 91.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • `index.js` copies the complete bundled template into a user-selected project directory.
  • Bundled `template/.claude/settings.json` grants Claude Code allowlisted Bash, GitHub CLI, package-manager, Supabase, Vercel, and WebSearch capabilities.
  • `template/start.sh` detects local AI CLIs and, after explicit selection, executes the chosen CLI with `docs/prompts/project-setup.md`.
  • `template/scripts/install-harness.sh` explicitly copies `.claude` agent/settings files into a supplied target project.
Evidence against
  • `package.json` has no preinstall, install, or postinstall hook; `prepublishOnly` is publish-time only.
  • `index.js` has no network client, secret harvesting, eval, dynamic loading, or hidden payload execution.
  • The CLI's only `spawnSync` call runs `bash start.sh` after `--run` or an interactive confirmation.
  • `start.sh` uses a fixed local agent registry and local prompt file; no network endpoint or exfiltration path was found.
  • `.claude/settings.json` disables automatic project MCP server enablement and includes destructive-command denies.
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemShell
Supply chain
UrlStrings
ManifestNo manifest risk signals triggered.
scanned 8 file(s), 33.5 KB of source, external domains: schema.org

Source & flagged code

3 flagged · loading source
template/skills/environment-and-secrets.skill.mdView file
54patternName = stripe_test_secret severity = high line = 54 matchedText = STRIPE_S...xxxx
High
High Secret

Package contains a high-severity secret pattern.

template/skills/environment-and-secrets.skill.mdView on unpkg · L54
54patternName = stripe_test_secret severity = high line = 54 matchedText = STRIPE_S...xxxx
High
Secret Pattern

Stripe test secret key in template/skills/environment-and-secrets.skill.md

template/skills/environment-and-secrets.skill.mdView on unpkg · L54
template/scripts/install-harness.shView file
path = template/scripts/install-harness.sh kind = build_helper sizeBytes = 1666 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

template/scripts/install-harness.shView on unpkg

Findings

2 High2 Medium4 Low
HighHigh Secrettemplate/skills/environment-and-secrets.skill.md
HighSecret Patterntemplate/skills/environment-and-secrets.skill.md
MediumEnvironment Vars
MediumShips Build Helpertemplate/scripts/install-harness.sh
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowUrl Strings