registry  /  create-erii-bot  /  1.3.16

create-erii-bot@1.3.16

Bootstrap an Erii project — one command to get started

AI Security Review

scanned 4h ago · by lpm-firewall-ai

The CLI has a shell-injection vulnerability in its optional `--registry` handling. No evidence establishes intentional malware behavior or install-time execution.

Static reason
One or more suspicious static signals were detected.
Trigger
User runs `create-erii-bot` with a crafted `--registry` argument.
Impact
Arbitrary shell commands can run with the invoking user's permissions.
Mechanism
Unquoted CLI input concatenated into `execSync`.
Rationale
Source inspection confirms a concrete command-injection flaw, while the remaining behavior aligns with a visible project-scaffolding CLI. Treat it as a warning-level critical vulnerability rather than malware.
Evidence
init.jspackage.jsonREADME.md<projectDir>/package.json

Decision evidence

public snapshot
AI called this Suspicious at 91.0% confidence as Critical Vulnerability with low false-positive risk.
Evidence for warning
  • `init.js` passes user-supplied `--registry` text into an unquoted `execSync` shell command.
  • A crafted explicit CLI argument can append shell operators and execute arbitrary commands.
  • The command runs from the newly created project directory, so injected commands execute in the caller's workspace context.
Evidence against
  • `package.json` has no install lifecycle hooks; the code runs only through the declared CLI.
  • `init.js` is a small project bootstrapper that writes a local `package.json` then installs its declared Erii dependency.
  • No credential harvesting, environment collection, exfiltration, persistence, AI-agent config changes, or hidden payloads were found.
  • No package-controlled network endpoint is present in the inspected source.
Behavioral surface
Source
ChildProcessFilesystemShell
Supply chainNo supply-chain packaging signals triggered.
ManifestNo manifest risk signals triggered.
scanned 1 file(s), 1.63 KB of source

Source & flagged code

2 flagged · loading source
init.jsView file
1#!/usr/bin/env node L2: const { execSync } = require('child_process'); L3: const fs = require('fs');
High
Child Process

Package source references child process execution.

init.jsView on unpkg · L1
45console.log('Installing ' + pkg + '...'); L46: execSync('npm install ' + pkg + registryArg, {cwd: projectDir, stdio: 'inherit'}); L47:
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

init.jsView on unpkg · L45

Findings

3 High1 Low
HighChild Processinit.js
HighShell
HighRuntime Package Installinit.js
LowFilesystem