registry  /  create-gkframe  /  0.11.0

create-gkframe@0.11.0

Instalador CLI do GK Framework — cria a pasta .gkframe/ completa em qualquer projeto, de forma não-destrutiva.

AI Security Review

scanned 2h ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. No install-time execution or network exfiltration is established. Running the CLI scaffolds `.gkframe` and `CLAUDE.md`; explicit Claude setup adds local Claude and Git hook wiring.

Static reason
No blocking static signals were detected.
Trigger
User runs `create-gkframe`; Claude/Git integration requires `--claude` or an affirmative prompt.
Impact
A user-approved setup can cause Claude Stop events and Git commits to run shipped local framework scripts; the Stop hook writes `.gkframe/project/.gk-metrics.jsonl`.
Mechanism
Project-local AI-agent instruction and hook scaffolding.
Rationale
No concrete malicious chain is present, but explicit user-command setup mutates AI-agent and Git control surfaces and establishes local hook execution. Per policy, this is a warn-level first-party agent-extension lifecycle risk rather than a block.
Evidence
package.jsonindex.jstemplate/.gkframe/12-automation/hooks/on-stop.jstemplate/.gkframe/12-automation/hooks/pre-commit.jstemplate/.gkframe/12-automation/checks/gk-verify.jstemplate/.gkframe/project/PROFILE.jsontemplate-claude/agents/gk-security-auditor.mdtemplate-cursor/rules/gk-framework.mdc

Decision evidence

public snapshot
AI called this Suspicious at 90.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `index.js` always creates/appends `CLAUDE.md` when its CLI is run.
  • `index.js` opt-in `--claude` writes `.claude/settings.json` Stop hook and `.git/hooks/pre-commit`.
  • `template/.gkframe/12-automation/hooks/on-stop.js` runs local git status and appends project metrics.
  • `template/.gkframe/12-automation/checks/gk-verify.js` can load project-local `.gkframe/project/invariants.js` when manually executed.
Evidence against
  • `package.json` has no preinstall/install/postinstall lifecycle scripts.
  • `index.js` is a user-invoked CLI with interactive confirmation before fresh writes.
  • Claude, Cursor, and CI integrations require explicit flags or prompt confirmation.
  • Inspected hooks/tools use local filesystem/git only; no network clients or exfiltration endpoints found.
  • All shipped artifacts inspected are text scripts/templates; no archive or native payload found.
  • Default `PROFILE.json` has no path-triggered commands or validation hooks.
Behavioral surface
Source
Filesystem
Supply chain
HighEntropyStrings
ManifestNo manifest risk signals triggered.
scanned 1 file(s), 21.9 KB of source

Source & flagged code

2 flagged · loading source
template/.gkframe/tests/test_validate_framework.pyView file
path = template/.gkframe/tests/test_validate_framework.py kind = payload_in_excluded_dir sizeBytes = 1310 magicHex = [redacted]
High
Payload In Excluded Dir

Package hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.

template/.gkframe/tests/test_validate_framework.pyView on unpkg
path = template/.gkframe/tests/test_validate_framework.py kind = build_helper sizeBytes = 1310 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

template/.gkframe/tests/test_validate_framework.pyView on unpkg

Findings

1 High2 Medium3 Low
HighPayload In Excluded Dirtemplate/.gkframe/tests/test_validate_framework.py
MediumShips Build Helpertemplate/.gkframe/tests/test_validate_framework.py
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings