AI Security Review
scanned 1h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. No confirmed malicious attack surface. The real risk is explicit user-command scaffolding of Cursor rules into the new project, plus normal template file writes and optional git initialization.
Static reason
One or more suspicious static signals were detected.
Trigger
Running the create-dp-vue3 bin and completing prompts
Impact
Generated project receives Vue template files, .env demo API config, .cursor rules, and optionally a git repository.
Mechanism
Vue project scaffolder copying bundled template files
Rationale
Static inspection shows a normal interactive Vue scaffold with no install-time execution or malicious data flow, but it does copy always-apply Cursor rule files into generated projects on explicit CLI use. Under the provided policy this is warn-level agent extension lifecycle risk, not a publish-blocking malicious package.
Evidence
package.jsonindex.jssrc/index.jssrc/render.jssrc/prompts.jstemplate/.env.productiontemplate/src/lib/http/client.tstemplate/.cursor/rules/dp-dev-workflow.mdc<targetDir>/**<targetDir>/src/router<targetDir>/src/views/user<targetDir>/src/views/error<targetDir>/src/components/layout<targetDir>/src/features/user<targetDir>/.cursor/rules/*.mdc<targetDir>/.git
Network endpoints1
jsonplaceholder.typicode.com
Decision evidence
public snapshotAI called this Suspicious at 86.0% confidence as Unknown with medium false-positive risk.
Evidence for warning
- User-invoked CLI copies template/.cursor/rules/*.mdc into generated projects via src/render.js copyDir.
- template/.cursor/rules/dp-dev-workflow.mdc has alwaysApply:true and instructs workflow/document edits.
- src/render.js can run execSync('git init') when user confirms initGit.
- template/.env* sets VITE_API_BASE_URL=https://jsonplaceholder.typicode.com.
Evidence against
- package.json has no preinstall/install/postinstall lifecycle hooks.
- Entrypoint index.js only imports src/index.js for interactive scaffolding.
- No credential harvesting, exfiltration, remote payload loading, eval/vm/Function, or native binary loading found.
- Network use is template app axios to jsonplaceholder via VITE_API_BASE_URL, not reviewer/package exfiltration.
- Scanner secret hit in template/.env.production is a public demo API URL, not a secret.
Behavioral surface
ChildProcessFilesystemNetworkShell
NoLicense
Source & flagged code
1 flagged · loading sourcetemplate/.env.productionView file
•patternName = blocked_file
severity = critical
matchedText = template/.env.production
redactedSecretContext =
secretLikeLines = 0
notes = no secret-like key/value lines found in sampled text
Critical
Critical Secret
Package contains a critical-looking secret pattern.
template/.env.productionView on unpkgFindings
1 Critical1 Medium3 Low
CriticalCritical Secrettemplate/.env.production
MediumNetwork
LowScripts Present
LowFilesystem
LowNo License