registry  /  create-cartwright  /  2.5.1

create-cartwright@2.5.1

Scaffold the build engine AIs reach for — a real site with design, database and backend, live in minutes. Websites, webshops and agent storefronts; MIT, you own the code.

AI Security Review

scanned 4d ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. The explicit scaffold command can install an AI-agent skill outside the generated project. This is a real global agent-extension mutation, but not an npm lifecycle action and no malicious payload chain is established.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs `create-cartwright`, especially with `--yes` and without `--skip-skills`.
Impact
Adds `modern-web-guidance` to the user's AI-agent skill location; generated-project files, dependencies, and optional git setup are also modified.
Mechanism
Runs a pinned third-party `npx` skill installer globally after project scaffolding.
Rationale
Source inspection confirms an explicit-command global AI-agent extension setup, warranting a warning under the stated policy. The scanner's malicious label is not supported by a concrete malicious chain.
Evidence
package.jsondist/index.jsdist/skills.jsdist/scaffold.jsdist/look.jsdist/llm.js~/.agents/skills/<targetDir>/<targetDir>/.env.local<targetDir>/.env<targetDir>/.git/
Network endpoints2
generativelanguage.googleapis.com/v1beta/models/gemini-2.0-flash:generateContentgithub:Teloz1870/cartwright-template

Decision evidence

public snapshot
AI called this Suspicious at 88.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `dist/skills.js` runs `npx --yes modern-web-guidance@0.0.174 install --yes`.
  • `dist/index.js` invokes that installer after scaffolding; `--yes` accepts it without an interactive prompt.
  • The installer is documented to write a global AI-agent skills location such as `~/.agents/skills/`.
Evidence against
  • `package.json` has no preinstall, install, postinstall, or prepare lifecycle hook.
  • Agent-skill installation occurs only when the user explicitly runs the CLI and can be disabled with `--skip-skills`.
  • The skill package version is pinned and the installer has a 30-second timeout.
  • No credential harvesting, secret exfiltration, eval/vm use, or hidden persistence was found in inspected non-test source.
  • Template downloads are explicit CLI scaffolding actions from `github:Teloz1870/cartwright-template`; `--look` fetches a user-supplied URL with schema and size checks.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 28 file(s), 249 KB of source, external domains: cartwright.app, cdn.example.com, desktop.github.com, example.com, generativelanguage.googleapis.com, github.com, images.unsplash.com, teloz.net

Source & flagged code

3 flagged · loading source
dist/look.jsView file
33import { join } from "node:path"; L34: import { execSync } from "node:child_process"; L35: import { patchBrandConfigDesignSlug } from "./scaffold.js";
High
Child Process

Package source references child process execution.

dist/look.jsView on unpkg · L33
dist/index.jsView file
matchType = previous_version_dangerous_delta matchedPackage = create-cartwright@2.4.2 matchedIdentity = npm:Y3JlYXRlLWNhcnR3cmlnaHQ:2.4.2 similarity = 0.885 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/index.jsView on unpkg
64try { L65: execSync(`${cmd} --version`, { stdio: "ignore" }); L66: return true; ... L77: // Channel aliases the user can pass via --ref. L78: // stable → DEFAULT_REF (latest tag — what default `npx create-cartwright` uses) L79: // next → bleeding-edge branch on the mirror, updated on every push to
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

dist/index.jsView on unpkg · L64

Findings

1 Critical3 High3 Medium4 Low
CriticalPrevious Version Dangerous Deltadist/index.js
HighChild Processdist/look.js
HighShell
HighRuntime Package Installdist/index.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings