AI Security Review
scanned 2h ago · by lpm-firewall-aiThe explicit --example URL path constructs a git clone command through execSync using unquoted user input. This creates a command-injection risk for users passing attacker-controlled example strings; no install-time attack was found.
Static reason
One or more suspicious static signals were detected.
Trigger
User invokes create-theokit with --example=<attacker-controlled URL>.
Impact
Arbitrary commands may execute with the invoking user's privileges.
Mechanism
Shell command injection via interpolated git clone command.
Rationale
No concrete malicious install-time behavior is present, but an explicit CLI option exposes a material remote-code-execution vulnerability through shell interpolation. This warrants a warning rather than a publication block.
Evidence
package.jsondist/cli.jstemplates/default/dot-claude/settings.json
Decision evidence
public snapshotAI called this Suspicious at 94.0% confidence as Critical Vulnerability with low false-positive risk.
Evidence for warning
- dist/cli.js uses execSync with interpolated --example URL in git clone.
- A crafted --example value can reach a shell command without quoting.
- dist/cli.js runs package-manager install after explicit CLI scaffolding.
Evidence against
- package.json has no preinstall, install, postinstall, or prepare hook.
- CLI behavior requires explicit create-theokit invocation.
- No credential harvesting, exfiltration endpoint, or hidden payload found.
- Generated .claude/settings.json denies .env reads and destructive shell patterns.
Behavioral surface
ChildProcessEnvironmentVarsFilesystemShell
UrlStrings
Source & flagged code
2 flagged · loading sourcedist/cli.jsView file
3// src/cli.ts
L4: import { execSync } from "child_process";
L5: import {
High
829try {
L830: execSync(`npx --yes degit usetheodev/theokit-examples/${example} ${targetDir}`, {
L831: stdio: "inherit"
High
Runtime Package Install
Package source invokes a package manager install command at runtime.
dist/cli.jsView on unpkg · L829Findings
3 High1 Medium3 Low
HighChild Processdist/cli.js
HighShell
HighRuntime Package Installdist/cli.js
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowUrl Strings