AI Security Review
scanned 8h ago · by lpm-firewall-aiNo confirmed malicious attack surface is established. The package is a create-app style CLI that writes a Zenith CMS starter project when explicitly invoked.
Static reason
One or more suspicious static signals were detected.
Trigger
User runs the create-zenithcms-app bin CLI.
Impact
Creates a CMS starter app and documentation in the requested target directory.
Mechanism
project scaffolding with local file generation
Rationale
Static inspection shows user-invoked scaffolding behavior with no install-time execution, exfiltration, persistence, destructive actions, or foreign AI-agent surface mutation. Scanner secret/env hits are generated sample docs and local random scaffold secrets, so they are noisy rather than malicious.
Evidence
package.jsondist/index.jsLICENSE<target>/package.json<target>/src/server.ts<target>/src/collections/Users.ts<target>/src/zenith.config.ts<target>/tsconfig.json<target>/.env<target>/.gitignore<target>/tests/config.test.ts<target>/docker-compose.yml<target>/README.md<target>/docs/API.md<target>/docs/ARCHITECTURE.md<target>/docs/FEATURES.md<target>/docs/DEPLOYMENT.md<target>/docs/PLUGINS.md
Decision evidence
public snapshotAI called this Clean at 96.0% confidence as Benign with low false-positive risk.
Evidence for block
Evidence against
- package.json has no preinstall/install/postinstall lifecycle hooks; only a bin CLI points to dist/index.js.
- dist/index.js runs only as user-invoked create CLI and scaffolds a new project directory.
- File writes are package-aligned scaffold outputs under projectPath: package.json, src files, .env, docs, tests, docker-compose.yml.
- Generated .env secrets are fresh local random values from crypto.randomBytes, not embedded real credentials or harvested data.
- No child_process, eval, dynamic import/require, native/binary loading, destructive deletion, persistence, or AI-agent control-surface writes found.
- Network URLs/endpoints appear in generated documentation or local scaffold config, not as package runtime exfiltration code.
Behavioral surface
CryptoEnvironmentVarsFilesystem
HighEntropyStringsUrlStrings
NoLicense
Source & flagged code
5 flagged · loading sourcedist/index.jsView file
628patternName = aws_access_key
severity = critical
line = 628
matchedText = AWS_ACCE...MPLE
Critical
628patternName = aws_access_key
severity = critical
line = 628
matchedText = AWS_ACCE...MPLE
Critical
629patternName = aws_secret_key
severity = critical
line = 629
matchedText = AWS_SECR...EKEY
Critical
847patternName = stripe_live_secret
severity = critical
line = 847
matchedText = STRIPE_S...xxxx
Critical
848patternName = stripe_webhook_secret
severity = high
line = 848
matchedText = STRIPE_W...xxxx
High
Findings
4 Critical1 High1 Medium5 Low
CriticalCritical Secretdist/index.js
CriticalSecret Patterndist/index.js
CriticalSecret Patterndist/index.js
CriticalSecret Patterndist/index.js
HighSecret Patterndist/index.js
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License