registry  /  create-zudo-doc  /  3.3.0

create-zudo-doc@3.3.0

Create a new zudo-doc documentation site

AI Security Review

scanned 3h ago · by lpm-firewall-ai

Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.

Static reason
No blocking static signals were detected.
Trigger
User selects the `skillSymlinker` feature and runs a generated `setup:doc-skill*` command.
Impact
A project-controlled documentation skill can become discoverable by Claude Code or Codex through user-home skill directories.
Mechanism
Explicit global AI-agent skill symlink setup.
Rationale
The package is not malicious by source evidence, but it ships an opt-in explicit command that changes global AI-agent skill discovery. Per policy, that capability warrants a warn rather than a block.
Evidence
package.jsondist/constants.jsdist/scaffold.jstemplates/base/scripts/setup-doc-skill.shdist/utils.js~/.claude/skills/${SKILL_NAME}~/.codex/skills/${SKILL_NAME}

Decision evidence

public snapshot
AI called this Suspicious at 86.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • `templates/base/scripts/setup-doc-skill.sh` creates global Claude/Codex skill symlinks under user home.
  • `dist/scaffold.js` exposes the symlinker as generated `setup:doc-skill` commands.
  • The symlinker can replace existing skill paths before linking project documentation.
Evidence against
  • `package.json` has no preinstall, install, postinstall, or prepare hook.
  • `skillSymlinker` is default-false in `dist/constants.js` and only copied when selected.
  • The agent-path mutation requires an explicit command in the generated project.
  • `dist/utils.js` child-process usage is limited to requested dependency installation and git initialization.
  • No credential harvesting, external exfiltration, encoded payload, or remote payload loading was found.
Behavioral surface
Source
ChildProcessFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 36 file(s), 159 KB of source, external domains: github.com, ollama.com, zudo-doc.takazudomodular.com

Source & flagged code

1 flagged · loading source
templates/features/tauriDev/files/src-tauri-dev/test-launch.shView file
path = [redacted]-tauri-dev/test-launch.sh kind = build_helper sizeBytes = 2259 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

templates/features/tauriDev/files/src-tauri-dev/test-launch.shView on unpkg

Findings

3 Medium5 Low
MediumNetwork
MediumShips Build Helpertemplates/features/tauriDev/files/src-tauri-dev/test-launch.sh
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings