AI Security Review
scanned 1h ago · by lpm-firewall-aiNo confirmed malicious attack surface. The package is a create-app CLI that downloads starter files, writes them into a new project directory, edits index.js, and installs selected OpenKeystone dependencies after user invocation.
Static reason
One or more suspicious static signals were detected.
Trigger
Explicit execution of bin/cli.js via npm init/yarn create/create-app flow
Impact
Creates and configures a local OpenKeystone starter app; no evidence of exfiltration or unauthorized persistence
Mechanism
GitHub template download plus project scaffolding and package-manager install
Rationale
The suspicious primitives are expected for a project generator: runtime network fetch, project file writes, and package installation are user-invoked and scoped to the generated app. Static inspection found no install-time execution, exfiltration, stealth persistence, destructive behavior, or AI-agent control-surface mutation.
Evidence
package.jsonbin/cli.jslib/github-api.jslib/copy-example-project.jslib/install-project-dependencies.jslib/update-project-dependencies.jslib/replace-keystone-magic-comments.jslib/get-adapter-choice.js<projectDir>/<projectDir>/index.js<projectDir>/package.json
Network endpoints2
api.github.com/repos/open-condo-software/open-keystoneraw.githubusercontent.com/open-condo-software/open-keystone
Decision evidence
public snapshotAI called this Clean at 91.0% confidence as Benign with low false-positive risk.
Evidence for block
- lib/github-api.js fetches starter templates from GitHub at runtime
- lib/install-project-dependencies.js runs yarn then npm install in the generated project
- lib/update-project-dependencies.js runs yarn/npm add/remove for adapter packages
- lib/replace-keystone-magic-comments.js writes generated adapter config into project index.js
Evidence against
- package.json has no preinstall/install/postinstall lifecycle hooks
- bin/cli.js only runs after explicit create-app CLI invocation
- Network endpoints are package-aligned open-condo-software/open-keystone GitHub URLs
- Adapter dependencies are fixed @open-keystone packages from lib/get-adapter-choice.js
- No credential harvesting, broad filesystem scanning, AI-agent config mutation, eval/vm, or hidden payloads found
- File writes are scoped to a new empty user-selected project directory
Behavioral surface
ChildProcessFilesystemNetworkShell
UrlStrings
Source & flagged code
3 flagged · loading sourcelib/update-project-dependencies.jsView file
28if (yarnRemove && yarnRemove.length) {
L29: const result = await exec(`yarn remove ${removeDependencies.join(' ')}`);
L30: if (result.failed) {
High
Child Process
Package source references child process execution.
lib/update-project-dependencies.jsView on unpkg · L2838if (yarnAdd && yarnAdd.length) {
L39: const result = await exec(`yarn add ${dependencies.join(' ')}`);
L40: if (result.failed) {
High
Runtime Package Install
Package source invokes a package manager install command at runtime.
lib/update-project-dependencies.jsView on unpkg · L38lib/util.jsView file
1const execa = require('execa');
L2: const slugify = require('@sindresorhus/slugify');
High
Findings
3 High1 Medium2 Low
HighChild Processlib/update-project-dependencies.js
HighShelllib/util.js
HighRuntime Package Installlib/update-project-dependencies.js
MediumNetwork
LowFilesystem
LowUrl Strings