AI Security Review
scanned 3h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Static reason
No blocking static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs `create-thally-docs <dir>` or invokes scaffold.
Impact
A generated project receives `AGENTS.md` guidance and template files; this is a policy-relevant agent-config mutation but not a confirmed malicious chain.
Mechanism
User-invoked project scaffolding with generated agent instructions.
Rationale
The package is not malicious by source evidence, but its automatic creation of `AGENTS.md` during an explicit scaffold command fits the firewall's warn-level agent-config mutation policy.
Evidence
package.jsondist/index.jsdist/chunk-KN6QUPKR.jsdist/chunk-QGRDDS5V.jsREADME.mdAGENTS.mddocs.jsonsrc/contentsrc/data/site.ts.env.local
Network endpoints2
codeload.github.com/thallylabs/docs/tar.gz/maingithub.com/<owner>/<repo>.git
Decision evidence
public snapshotAI called this Suspicious at 90.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
- `dist/chunk-KN6QUPKR.js` writes `AGENTS.md` during the scaffold command.
- `dist/chunk-KN6QUPKR.js` downloads and extracts a remote template into the selected project.
- `dist/chunk-QGRDDS5V.js` uses shell `git clone` for the user-invoked migrate command.
Evidence against
- `package.json` has no preinstall, install, or postinstall lifecycle hook.
- The executable runs only through the declared `create-thally-docs` bin/import entrypoint.
- Network use is command-scoped: GitHub template/repository retrieval and explicit Anthropic translation/conversion.
- No credential harvesting, stealth persistence, eval/Function use, or foreign agent-config writes were found.
Behavioral surface
ChildProcessEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsUrlStrings
Source & flagged code
1 flagged · loading sourcedist/index.jsView file
•matchType = previous_version_dangerous_delta
matchedPackage = create-thally-docs@0.7.0
matchedIdentity = npm:Y3JlYXRlLXRoYWxseS1kb2Nz:0.7.0
similarity = 0.600
summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta
This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/index.jsView on unpkgFindings
1 High2 Medium5 Low
HighPrevious Version Dangerous Deltadist/index.js
MediumNetwork
MediumEnvironment Vars
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings