registry  /  darwinian  /  0.7.0

darwinian@0.7.0

Local Darwinian Minds CLI for managing AI agent skills, MCP servers, extensions, defaults, and project overlays.

AI Security Review

scanned 3h ago · by lpm-firewall-ai

Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.

Static reason
No blocking static signals were detected.
Trigger
User runs `drwn extensions setup beads` without `--dry-run`.
Impact
The invoked Beads tool may configure selected Codex, Claude, or Cursor integration targets; this package itself writes `.agents/drwn/config.json`.
Mechanism
Explicit external extension setup and project config mutation.
Rationale
No concrete malicious chain, install-time mutation, credential harvesting, or hidden exfiltration was found. The explicit AI-agent extension setup remains a meaningful capability risk under the firewall policy.
Evidence
package.jsoncli/index.tscli/commands/extensions/setup.tscli/core/extensions/beads.tscli/core/extensions/commands.tscli/core/project-writes.tscli/core/mind-store/client.ts<project>/.agents/drwn/config.json

Decision evidence

public snapshot
AI called this Suspicious at 86.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `cli/commands/extensions/setup.ts` explicitly runs Beads setup.
  • `cli/core/extensions/beads.ts` targets `codex`, `claude`, and `cursor`.
  • `cli/core/extensions/commands.ts` executes external commands via `Bun.spawn`.
  • `cli/core/project-writes.ts` writes project `.agents/drwn/config.json`.
Evidence against
  • `package.json` has no preinstall/install/postinstall/prepare hooks.
  • `cli/index.ts` only registers commands; no automatic setup path found.
  • Extension mutation requires explicit `drwn extensions setup` invocation.
  • Network clients are command-driven auth/worker functionality, not import-time exfiltration.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 263 file(s), 1.00 MB of source, external domains: 127.0.0.1, api.darwiniantools.com, astral.sh, auth.darwiniantools.com, docs.astral.sh, docs.parallel.ai, example.com, gastownhall.github.io, github.com, gitlab.com, minds.darwiniantools.com, parallel.ai, pypi.org, raw.githubusercontent.com, studio.darwiniantools.com

Source & flagged code

1 flagged · loading source
skills/shared/systematic-debugging/find-polluter.shView file
path = skills/shared/systematic-debugging/find-polluter.sh kind = build_helper sizeBytes = 1528 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

skills/shared/systematic-debugging/find-polluter.shView on unpkg

Findings

4 Medium4 Low
MediumNetwork
MediumEnvironment Vars
MediumShips Build Helperskills/shared/systematic-debugging/find-polluter.sh
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings