registry  /  devbureau  /  3.31.0

devbureau@3.31.0

A multi-agent AI framework for building software with professional quality, across Antigravity, Claude Code, Cursor, Codex CLI, OpenCode, GitHub Copilot, Windsurf, Cline, Roo Code, and Zed.

AI Security Review

scanned 1h ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. No confirmed malicious behavior, but the package is an explicit agent-extension installer that writes project AI-agent config, .agent assets, and git hooks. This is package-aligned and user-invoked rather than npm lifecycle hijacking.

Static reason
No blocking static signals were detected.
Trigger
User runs npx devbureau init/update/uninstall or sync_ide.py.
Impact
Project gains DevBureau agent files, MCP config, generated IDE instructions, and optional git/Claude hooks.
Mechanism
first-party AI-agent kit setup and IDE hook/config generation
Rationale
Static inspection shows a user-invoked DevBureau CLI that installs its own agent kit, MCP config, git hook, and IDE/Claude integration files, with no npm lifecycle execution, exfiltration, or remote payload retrieval. Because it modifies AI-agent control surfaces by explicit setup command, warn rather than block.
Evidence
package.jsonbin/devbureau.js.mcp.json.agent/scripts/install_hooks.py.agent/scripts/sync_ide.py.agent/scripts/hooks/scan_injection.py.agent/.shared/ui-ux-pro-max/scripts/design_system.py.agent/./.mcp.json.devbureau-manifest.json.devbureau-version.git/hooks/pre-commit.git/hooks/pre-commit.py.claude/settings.jsonAGENTS.mdGEMINI.md.claude/CLAUDE.md.cursor/rules.github/copilot-instructions.md.windsurfrules.clinerules.roorules.rules
Network endpoints1
api.githubcopilot.com/mcp/

Decision evidence

public snapshot
AI called this Suspicious at 86.0% confidence as Benign with medium false-positive risk.
Evidence for warning
  • bin/devbureau.js init copies .agent/ and starter .mcp.json into cwd on user command.
  • bin/devbureau.js init runs .agent/scripts/install_hooks.py when .git/ exists.
  • .agent/scripts/install_hooks.py writes .git/hooks/pre-commit and pre-commit.py.
  • .agent/scripts/sync_ide.py can write AI IDE config files and merge .claude/settings.json hooks.
Evidence against
  • package.json has no npm preinstall/install/postinstall lifecycle hooks.
  • Agent/config mutation is activated by explicit devbureau CLI commands, not install-time execution.
  • .mcp.json contains GitHub MCP URL only and no token or secret.
  • No credential harvesting or exfiltration code found in inspected hot paths.
  • Uninstall removes generated files by manifest and avoids touching .mcp.json/.claude/settings.json automatically.
Behavioral surface
Source
ChildProcessCryptoFilesystem
Supply chain
HighEntropyStrings
ManifestNo manifest risk signals triggered.
scanned 1 file(s), 20.7 KB of source

Source & flagged code

2 flagged · loading source
.agent/.shared/ui-ux-pro-max/scripts/design_system.pyView file
path = .agent/.shared/ui-ux-pro-max/scripts/design_system.py kind = payload_in_excluded_dir sizeBytes = 44681 magicHex = [redacted]
High
Payload In Excluded Dir

Package hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.

.agent/.shared/ui-ux-pro-max/scripts/design_system.pyView on unpkg
path = .agent/.shared/ui-ux-pro-max/scripts/design_system.py kind = build_helper sizeBytes = 44681 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

.agent/.shared/ui-ux-pro-max/scripts/design_system.pyView on unpkg

Findings

1 High2 Medium3 Low
HighPayload In Excluded Dir.agent/.shared/ui-ux-pro-max/scripts/design_system.py
MediumShips Build Helper.agent/.shared/ui-ux-pro-max/scripts/design_system.py
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings