registry  /  decispher  /  0.2.0

decispher@0.2.0

Decispher CLI — turn every branch into a flight recorder for AI coding sessions. One command: npx decispher init.

AI Security Review

scanned 2h ago · by lpm-firewall-ai

Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.

Static reason
No blocking static signals were detected.
Trigger
User runs `decispher init`; later Claude Code, Cursor, git checkout, or statusline hooks execute.
Impact
Project prompts, commands, and edit-derived context may leave the machine after source redaction; setup mutates project AI-agent configuration.
Mechanism
User-invoked agent-hook installation and session-event telemetry upload.
Rationale
This is not malicious under the install-control policy because configuration mutation is explicit-user-command setup, not npm lifecycle behavior. It merits a warning because it installs broad AI-agent hooks/instructions and exports session telemetry.
Evidence
package.jsonbin/decispher.jsdist/commands/init.jsdist/lib/agent-shell-tools.jsdist/lib/claude-settings.jstemplates/decispher-hook.mjs.decispher/recorder.json.decispher/hooks/decispher-hook.mjs.decispher/.session/buffer.jsonl~/.decispher/credentials.json.git/hooks/post-checkout.claude/settings.json.cursor/hooks.json.cursor/rules/decispher.mdcCLAUDE.mdAGENTS.md.gitignore
Network endpoints1
api.decispher.com/api/sessions/events

Decision evidence

public snapshot
AI called this Suspicious at 91.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `decispher init` writes Claude/Cursor hooks and inserts blocks into `CLAUDE.md` and `AGENTS.md`.
  • Installed hook captures redacted prompts, terminal commands, edits, and session events, then POSTs them with an API key.
  • Hook persists unsent event batches under `.decispher/.session/buffer.jsonl`.
Evidence against
  • `package.json` has only `prepublishOnly`; npm install/import does not run setup.
  • All agent-control writes require explicit `decispher init` in a Git repository.
  • `templates/decispher-hook.mjs` excludes credential paths and redacts common secrets before buffering/transmission.
  • No shell-evaluated remote payload, `eval`, dynamic code loading, or destructive behavior found.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemShell
Supply chain
HighEntropyStringsUrlStrings
Manifest
NoLicense
scanned 18 file(s), 97.9 KB of source, external domains: api.decispher.com, decispher.com

Source & flagged code

1 flagged · loading source
templates/decispher-hook.mjsView file
21L22: import { spawnSync } from 'node:child_process'; L23: import { createHash } from 'node:crypto'; ... L46: const SECRET_PATTERNS = [ L47: { name: 'pem_block', regex: /-----BEGIN [A-Z ]*PRIVATE KEY-----[\s\S]*?-----END [A-Z ]*PRIVATE KEY-----/g }, L48: { name: 'aws_access_key', regex: /\b(?:AKIA|ASIA|ABIA|ACCA)[0-9A-Z]{16}\b/g }, ... L96: const res = spawnSync('git', args, { cwd, encoding: 'utf8', timeout: GIT_TIMEOUT_MS }); L97: if (res.status !== 0 || typeof res.stdout !== 'string') return null; L98: return res.stdout.trim() || null; ... L115: function loadApiKey(apiUrl) { L116: if (process.env.DECISPHER_API_KEY) return process.env.DECISPHER_API_KEY; L117: try {
Low
Weak Crypto

Package source references weak cryptographic algorithms.

templates/decispher-hook.mjsView on unpkg · L21

Findings

1 Medium7 Low
MediumEnvironment Vars
LowNon Install Lifecycle Scripts
LowScripts Present
LowWeak Cryptotemplates/decispher-hook.mjs
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License