AI Security Review
scanned 4h ago · by lpm-firewall-aiThe CLI has a shell-injection vulnerability in its optional `--registry` handling. No evidence establishes intentional malware behavior or install-time execution.
Static reason
One or more suspicious static signals were detected.
Trigger
User runs `create-erii-bot` with a crafted `--registry` argument.
Impact
Arbitrary shell commands can run with the invoking user's permissions.
Mechanism
Unquoted CLI input concatenated into `execSync`.
Rationale
Source inspection confirms a concrete command-injection flaw, while the remaining behavior aligns with a visible project-scaffolding CLI. Treat it as a warning-level critical vulnerability rather than malware.
Evidence
init.jspackage.jsonREADME.md<projectDir>/package.json
Decision evidence
public snapshotAI called this Suspicious at 91.0% confidence as Critical Vulnerability with low false-positive risk.
Evidence for warning
- `init.js` passes user-supplied `--registry` text into an unquoted `execSync` shell command.
- A crafted explicit CLI argument can append shell operators and execute arbitrary commands.
- The command runs from the newly created project directory, so injected commands execute in the caller's workspace context.
Evidence against
- `package.json` has no install lifecycle hooks; the code runs only through the declared CLI.
- `init.js` is a small project bootstrapper that writes a local `package.json` then installs its declared Erii dependency.
- No credential harvesting, environment collection, exfiltration, persistence, AI-agent config changes, or hidden payloads were found.
- No package-controlled network endpoint is present in the inspected source.
Behavioral surface
ChildProcessFilesystemShell
Source & flagged code
2 flagged · loading sourceinit.jsView file
1#!/usr/bin/env node
L2: const { execSync } = require('child_process');
L3: const fs = require('fs');
High
45console.log('Installing ' + pkg + '...');
L46: execSync('npm install ' + pkg + registryArg, {cwd: projectDir, stdio: 'inherit'});
L47:
High
Runtime Package Install
Package source invokes a package manager install command at runtime.
init.jsView on unpkg · L45Findings
3 High1 Low
HighChild Processinit.js
HighShell
HighRuntime Package Installinit.js
LowFilesystem