registry  /  create-ai-pdlc-factory  /  1.14.0

create-ai-pdlc-factory@1.14.0

AI-PDLC Factory — generic-by-default, project-specific by emergence. Scaffolds a new project with the AI-PDLC harness root and walks the Builder through envisioning, stack selection, architecture, build, and review.

AI Security Review

scanned 2h ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. The explicit scaffold command can configure a project-local Claude Code PostToolUse hook and Git pre-push hook. These are package-owned development-control surfaces, not install-time mutations.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
User runs `create-ai-pdlc-factory` with Claude selected or auto-detected, then Claude edits files or Git pushes.
Impact
The created project runs the harness validator after Claude Write/Edit actions and a gate on Git push.
Mechanism
Scaffolds validator hooks and registers project-local AI-agent/Git integration.
Rationale
This package creates AI-agent and Git hooks only through an explicit scaffolding command, so it does not meet the threshold for malicious install-time control-surface hijacking. Its project-local hook setup warrants a warning because it changes agent behavior and executes project validator modules.
Evidence
package.jsondist/commands/init.jsdist/hosts/claude.jsdist/scaffold/files.jsdist/validate/chain.jstemplates/harness/hooks/post-edit-validate.mjstemplates/harness/hooks/pre-push-gate.mjs.claude/settings.jsonCLAUDE.md.claude/skills/lets-begin/SKILL.md.harness/hooks/post-edit-validate.mjs.harness/hooks/pre-push-gate.mjs.harness/hooks/git/pre-push.git/config

Decision evidence

public snapshot
AI called this Suspicious at 93.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • Explicit scaffold config writes `.claude/settings.json` with a Claude PostToolUse command hook.
  • `runInit` configures `git core.hooksPath` and ships executable pre-push tooling.
  • Project validator modules under `.harness/validators` are dynamically imported during validation.
Evidence against
  • `package.json` has no preinstall, install, or postinstall lifecycle hook.
  • All writes occur after the user invokes the scaffold CLI; no import-time execution found.
  • Claude settings invoke the package-owned `.harness/hooks/post-edit-validate.mjs` validator.
  • Child-process use is bounded to git, npm pack, tar, and harness commands; no shell payload or eval found.
  • Unicode-control scan found no Trojan Source controls in `dist/lint/chunk-lint.js`.
  • No credential harvesting, exfiltration, destructive behavior, or hard-coded network endpoint found.
Behavioral surface
Source
ChildProcessDynamicRequireEnvironmentVarsFilesystemShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 50 file(s), 356 KB of source, external domains: ai-pdlc-factory.dev, cursor.sh, docs.anthropic.com, docs.openai.com, github.com

Source & flagged code

3 flagged · loading source
dist/validate/chain.jsView file
184try { L185: moduleExports = await import(__rewriteRelativeImportExtension(pathToFileURL(absPath).href)); L186: }
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/validate/chain.jsView on unpkg · L184
dist/lint/chunk-lint.jsView file
45contains invisible/control Unicode U+FEFF (zero width no-break space) const FRONTMATTER_RE = /^(?:<U+FEFF>)?---\r?\n([\s\S]*?)\r?\n---/;
Critical
Trojan Source Unicode

Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.

dist/lint/chunk-lint.jsView on unpkg · L45
Trigger-reachable chain: manifest.bin -> dist/harness-cli.js -> dist/commands/lint.js -> dist/lint/chunk-lint.js Reachable file contains a blocking source-risk pattern.
Critical
Trigger Reachable Dangerous Capability

A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.

dist/lint/chunk-lint.jsView on unpkg

Findings

2 Critical3 Medium4 Low
CriticalTrojan Source Unicodedist/lint/chunk-lint.js
CriticalTrigger Reachable Dangerous Capabilitydist/lint/chunk-lint.js
MediumDynamic Requiredist/validate/chain.js
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings