registry  /  dreamcontext  /  0.10.2

dreamcontext@0.10.2

dreamcontext — the persistent brain for your AI agents. Remembers what you built, knows how your project works.

AI Security Review

scanned 6d ago · by lpm-firewall-ai

No confirmed malicious attack surface was established by source inspection. Risky primitives are tied to an explicit CLI for installing AI-agent skills, local dashboard use, task sync, feedback filing, or desktop app installation.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
User runs dreamcontext CLI commands or explicitly executes install.sh.
Impact
Creates/updates dreamcontext project files and optional agent instructions; no unconsented install-time execution, harvesting, or exfiltration found.
Mechanism
User-invoked project scaffold, local dashboard, and optional integrations.
Rationale
The package contains a large CLI that intentionally manages AI-agent context files and optional remote integrations, but those behaviors are explicit user-invoked features rather than install-time or import-time compromise. Scanner findings map to bundled dependencies/assets, public Excalidraw config, local helper scripts, and documented network integrations without evidence of credential harvesting or covert exfiltration.
Evidence
package.jsoninstall.shdist/index.jsdist/dashboard/assets/percentages-BXMCSKIN-4Hgy5SgQ.jsskill-packs/excalidraw/examples/style_board.jsskill-packs/video-watching/scripts/transcribe.sh

Decision evidence

public snapshot
AI called this Clean at 88.0% confidence as Benign with medium false-positive risk.
Evidence for block
  • dist/index.js can write project AI-agent integration files under .claude, .agents, .codex and root CLAUDE.md/AGENTS.md when setup/install commands are run.
  • dist/index.js includes user-invoked network integrations for GitHub, ClickUp, desktop app releases, and local dashboard APIs.
  • install.sh installs dreamcontext@latest globally and may run dreamcontext setup when explicitly piped/executed.
Evidence against
  • package.json has no install/preinstall/postinstall hook; only prepublishOnly build runs for publisher workflow.
  • package.json bin points to dist/index.js CLI; no import-time exfiltration or lifecycle execution found.
  • dist/index.js stores GitHub/ClickUp tokens only via explicit config commands into _dream_context/state/.secrets.json after adding gitignore and mode 0600.
  • dist/index.js dashboard binds to 127.0.0.1 by default and blocks cross-site writes; network features are user-invoked/product-aligned.
  • dist/dashboard secret hit is Excalidraw bundled public Firebase config/public key, not credential theft evidence.
  • skill-packs and agents are documentation/skill content; dynamic require in excalidraw examples loads local vendored helpers.
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEvalFilesystemNetworkShell
Supply chain
HighEntropyStringsMinifiedObfuscatedProtestwareUrlStrings
ManifestNo manifest risk signals triggered.
scanned 135 file(s), 8.11 MB of source, external domains: app.excalidraw.com, chevrotain.io, cli.github.com, discord.gg, docs.excalidraw.com, en.wikipedia.org, esm.sh, excalidraw-room-persistence.firebaseio.com, github.com, jcgt.org, jquery.org, json.excalidraw.com, langium.org, libraries.excalidraw.com, mermaid.js.org, oss-ai.excalidraw.com, oss-collab.excalidraw.com, player.vimeo.com, plus.excalidraw.com, react.dev, tldrlegal.com, twitter.com, us-central1-excalidraw-room-persistence.cloudfunctions.net, www.figma.com, www.shadertoy.com, www.w3.org, www.youtube.com, x.com, youtube.com
Oversized source lightweight scan
dist/dashboard/assets/index-CwZ3YweD.js2.00 MB file, sampled 256 KB
NetworkChildProcessHighEntropyStringsMinifiedUrlStringsreact.dev
dist/index.js2.73 MB file, sampled 256 KB
FilesystemChildProcessShellHighEntropyStringsUrlStringscli.github.comgithub.com

Source & flagged code

10 flagged · loading source
dist/dashboard/assets/subset-shared.chunk-Hm_CkSQB.jsView file
22patternName = aws_access_key severity = critical line = 22 matchedText = `,X.push...;/**
Critical
Critical Secret

Package contains a critical-looking secret pattern.

dist/dashboard/assets/subset-shared.chunk-Hm_CkSQB.jsView on unpkg · L22
22patternName = aws_access_key severity = critical line = 22 matchedText = `,X.push...;/**
Critical
Secret Pattern

AWS access key ID in dist/dashboard/assets/subset-shared.chunk-Hm_CkSQB.js

dist/dashboard/assets/subset-shared.chunk-Hm_CkSQB.jsView on unpkg · L22
dist/skill-packs/excalidraw/examples/style_board.jsView file
2// Shows card/connector/sectionTitle + the dimension-aware lane() (captions hug images, .nextY stacks). L3: const path = require('path'); L4: const { buildExcalidraw, lane } = require(path.join(__dirname, '..', 'scripts', 'build_excalidraw.js'));
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/skill-packs/excalidraw/examples/style_board.jsView on unpkg · L2
dist/skill-packs/excalidraw/scripts/build_excalidraw.jsView file
8// - `%% ## Drawing ```json <scene> ``` %%` (uncompressed JSON; plugin reads it fine) L9: // Images need NO base64 — the fileId (sha1 of the file) + the Embedded Files wikilink is enough. L10: // ... L246: version: 2, L247: source: 'https://github.com/zsviczian/obsidian-excalidraw-plugin', L248: elements,
Low
Weak Crypto

Package source references weak cryptographic algorithms.

dist/skill-packs/excalidraw/scripts/build_excalidraw.jsView on unpkg · L8
dist/dashboard/assets/percentages-BXMCSKIN-4Hgy5SgQ.jsView file
108contains invisible/control Unicode U+202A (left-to-right embedding) */var Qg;function IF(){if(Qg)return vh;Qg=1;var e=S5(),t=MF();function n(d,l){return d===l&&(d!==0||1/d===1/l)||d!==d&&l!==l}var a=typeof Object.is=="function"?Object.is:n,i=t.useSyncExternalStore,r=e.useRef,s=e.useEffect,o=e.useMemo,c=e.u
Critical
Trojan Source Unicode

Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.

dist/dashboard/assets/percentages-BXMCSKIN-4Hgy5SgQ.jsView on unpkg · L108
2patternName = google_api_key severity = high line = 2 matchedText = import{a...AZZX
High
Secret Pattern

Google API key in dist/dashboard/assets/percentages-BXMCSKIN-4Hgy5SgQ.js

dist/dashboard/assets/percentages-BXMCSKIN-4Hgy5SgQ.jsView on unpkg · L2
dist/skill-packs/video-watching/scripts/transcribe.shView file
path = dist/skill-packs/video-watching/scripts/transcribe.sh kind = build_helper sizeBytes = 12857 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

dist/skill-packs/video-watching/scripts/transcribe.shView on unpkg
dist/dashboard/assets/Assistant-Bold-gm-uSS1B.woff2View file
path = dist/dashboard/assets/Assistant-Bold-gm-uSS1B.woff2 kind = high_entropy_blob sizeBytes = 20380 magicHex = [redacted]
High
Ships High Entropy Blob

Package ships high-entropy non-source blobs.

dist/dashboard/assets/Assistant-Bold-gm-uSS1B.woff2View on unpkg
dist/index.jsView file
path = dist/index.js kind = oversized_source_file sizeBytes = 2866380 magicHex = [redacted]
High
Oversized Source File

Package contains source files above the static scanner size ceiling.

dist/index.jsView on unpkg
path = dist/index.js kind = oversized_cli_entrypoint sizeBytes = 2866380 magicHex = [redacted]
Medium
Oversized Cli Entrypoint

Package contains an oversized executable-looking CLI entrypoint.

dist/index.jsView on unpkg

Findings

3 Critical3 High6 Medium8 Low
CriticalCritical Secretdist/dashboard/assets/subset-shared.chunk-Hm_CkSQB.js
CriticalTrojan Source Unicodedist/dashboard/assets/percentages-BXMCSKIN-4Hgy5SgQ.js
CriticalSecret Patterndist/dashboard/assets/subset-shared.chunk-Hm_CkSQB.js
HighShips High Entropy Blobdist/dashboard/assets/Assistant-Bold-gm-uSS1B.woff2
HighOversized Source Filedist/index.js
HighSecret Patterndist/dashboard/assets/percentages-BXMCSKIN-4Hgy5SgQ.js
MediumDynamic Requiredist/skill-packs/excalidraw/examples/style_board.js
MediumNetwork
MediumProtestware
MediumShips Build Helperdist/skill-packs/video-watching/scripts/transcribe.sh
MediumOversized Cli Entrypointdist/index.js
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowEval
LowWeak Cryptodist/skill-packs/excalidraw/scripts/build_excalidraw.js
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings