AI Security Review
scanned 8h ago · by lpm-firewall-aiNo confirmed malicious attack surface was found. The package is a create-* scaffold CLI that generates Zenith CMS project files and documentation under a user-selected directory.
Static reason
One or more suspicious static signals were detected.
Trigger
User runs the create-zenithcms-app bin command.
Impact
Creates application boilerplate, docs, docker-compose.yml, .env, and tests in the target project directory; no install-time execution or exfiltration observed.
Mechanism
Project scaffolding via fs.mkdirSync and fs.writeFileSync
Rationale
The scanner's secret and environment-variable findings are explained by generated documentation/example placeholders and scaffolded app configuration, not package-level credential theft or network behavior. With no lifecycle hook, exfiltration, persistence, or agent control-surface mutation, this should be marked clean.
Evidence
package.jsondist/index.js<target>/package.json<target>/src/server.ts<target>/src/collections/Users.ts<target>/src/zenith.config.ts<target>/tsconfig.json<target>/.env<target>/.gitignore<target>/tests/config.test.ts<target>/docker-compose.yml<target>/README.md<target>/docs/API.md<target>/docs/ARCHITECTURE.md<target>/docs/FEATURES.md<target>/docs/DEPLOYMENT.md<target>/docs/PLUGINS.md
Decision evidence
public snapshotAI called this Clean at 94.0% confidence as Benign with low false-positive risk.
Evidence for block
- dist/index.js contains example placeholder secrets in generated plugin documentation, including AWS example keys and API key placeholders.
- dist/index.js user-invoked CLI writes a scaffolded project tree and .env with random local JWT/cookie secrets.
Evidence against
- package.json has no npm lifecycle hooks; only a bin entry for ./dist/index.js.
- dist/index.js has no child_process, eval, dynamic code loading, native binary loading, or network request execution found by source search.
- Environment variable references are emitted into generated app/docs, not harvested from the invoking user's environment by this package.
- Writes are limited to the requested target project path after a direct CLI invocation.
- No AI-agent control-surface files such as .mcp.json, CLAUDE.md, Codex/Cursor settings, or home-directory agent config are written.
- No exfiltration endpoint or credential upload behavior is present in inspected source.
Behavioral surface
CryptoEnvironmentVarsFilesystem
HighEntropyStringsUrlStrings
NoLicense
Source & flagged code
9 flagged · loading sourcedist/index.jsView file
628patternName = aws_access_key
severity = critical
line = 628
matchedText = AWS_ACCE...MPLE
Critical
628patternName = aws_access_key
severity = critical
line = 628
matchedText = AWS_ACCE...MPLE
Critical
629patternName = aws_secret_key
severity = critical
line = 629
matchedText = AWS_SECR...EKEY
Critical
847patternName = stripe_live_secret
severity = critical
line = 847
matchedText = STRIPE_S...xxxx
Critical
1343patternName = aws_access_key
severity = critical
line = 1343
matchedText = AWS_ACCE...MPLE
Critical
1344patternName = aws_secret_key
severity = critical
line = 1344
matchedText = AWS_SECR...EKEY
Critical
1562patternName = stripe_live_secret
severity = critical
line = 1562
matchedText = STRIPE_S...xxxx
Critical
848patternName = stripe_webhook_secret
severity = high
line = 848
matchedText = STRIPE_W...xxxx
High
1563patternName = stripe_webhook_secret
severity = high
line = 1563
matchedText = STRIPE_W...xxxx
High
Findings
7 Critical2 High1 Medium5 Low
CriticalCritical Secretdist/index.js
CriticalSecret Patterndist/index.js
CriticalSecret Patterndist/index.js
CriticalSecret Patterndist/index.js
CriticalSecret Patterndist/index.js
CriticalSecret Patterndist/index.js
CriticalSecret Patterndist/index.js
HighSecret Patterndist/index.js
HighSecret Patterndist/index.js
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License