AI Security Review
scanned 8h ago · by lpm-firewall-aiNo confirmed malicious attack surface. The package is a user-invoked OpenKeystone project scaffold that downloads templates from the upstream GitHub repo, writes project files, and installs selected adapter dependencies.
Static reason
One or more suspicious static signals were detected.
Trigger
User runs the create-open-keystone-app CLI, e.g. npm init/yarn create/npx.
Impact
Creates and modifies the target project directory; no install-time or covert host mutation found.
Mechanism
CLI scaffolding with GitHub template download and package manager install in generated project
Rationale
The suspicious primitives are aligned with a create-app CLI: user-triggered scaffolding, GitHub template fetches, and dependency installation in the generated project. Source inspection found no lifecycle execution, exfiltration, stealth persistence, foreign control-surface mutation, or remote payload execution beyond fetching declared starter files.
Evidence
package.jsonbin/cli.jslib/github-api.jslib/copy-example-project.jslib/install-project-dependencies.jslib/update-project-dependencies.jslib/util.jslib/replace-keystone-magic-comments.js<projectDir>/<projectDir>/index.js<projectDir>/package.json
Network endpoints2
api.github.com/repos/open-condo-software/open-keystoneraw.githubusercontent.com/open-condo-software/open-keystone
Decision evidence
public snapshotAI called this Clean at 93.0% confidence as Benign with low false-positive risk.
Evidence for block
- bin/cli.js runs only as declared CLI, not via npm lifecycle.
- lib/util.js wraps execa.commandSync for yarn/npm commands in the new project directory.
- lib/github-api.js downloads starter files from open-condo-software/open-keystone on GitHub.
- lib/replace-keystone-magic-comments.js writes generated adapter config into the scaffolded project's index.js.
Evidence against
- package.json defines no preinstall/install/postinstall scripts.
- Network use is limited to GitHub API/raw URLs for the package's OpenKeystone starter templates.
- Runtime package installs are expected create-app behavior after user invokes the CLI.
- No credential harvesting, exfiltration endpoints, obfuscated payloads, eval/vm, persistence, or AI-agent control-surface writes found.
- Shell commands use fixed yarn/npm install/remove commands with package-owned adapter dependency names.
Behavioral surface
ChildProcessFilesystemNetworkShell
UrlStrings
Source & flagged code
3 flagged · loading sourcelib/update-project-dependencies.jsView file
28if (yarnRemove && yarnRemove.length) {
L29: const result = await exec(`yarn remove ${removeDependencies.join(' ')}`);
L30: if (result.failed) {
High
Child Process
Package source references child process execution.
lib/update-project-dependencies.jsView on unpkg · L2838if (yarnAdd && yarnAdd.length) {
L39: const result = await exec(`yarn add ${dependencies.join(' ')}`);
L40: if (result.failed) {
High
Runtime Package Install
Package source invokes a package manager install command at runtime.
lib/update-project-dependencies.jsView on unpkg · L38lib/util.jsView file
1const execa = require('execa');
L2: const slugify = require('@sindresorhus/slugify');
High
Findings
3 High1 Medium2 Low
HighChild Processlib/update-project-dependencies.js
HighShelllib/util.js
HighRuntime Package Installlib/update-project-dependencies.js
MediumNetwork
LowFilesystem
LowUrl Strings