AI Security Review
scanned 2h ago · by lpm-firewall-aiThe user-invoked CLI can execute arbitrary shell syntax through a crafted `--example` URL because it builds a shell command with unsanitized interpolation. It also creates a first-party `.claude/settings.json` in a newly scaffolded project.
Decision evidence
public snapshot- `dist/cli.js` interpolates user-controlled `--example` URLs into `execSync("git clone ...")`, enabling shell injection.
- `dist/cli.js` scaffolds `templates/default/dot-claude` into the generated project's `.claude` directory.
- Generated `.claude/settings.json` pre-allows several `Bash(...)` command patterns.
- `package.json` has no preinstall, install, or postinstall hook.
- CLI actions occur only when the user runs `create-theokit`; no import-time execution was found.
- No package credential harvesting, data exfiltration, remote payload download, or hidden binary was found.
- The generated Claude settings deny `.env` reads and destructive privileged shell patterns.
Source & flagged code
3 flagged · loading sourceThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/cli.jsView on unpkgPackage source invokes a package manager install command at runtime.
dist/cli.jsView on unpkg · L827