registry  /  dreamcontext  /  0.11.0

dreamcontext@0.11.0

dreamcontext — the persistent brain for your AI agents. Remembers what you built, knows how your project works.

AI Security Review

scanned 3h ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. No confirmed malicious attack surface. The package does provide explicit user-command setup that writes first-party AI agent skills, agents, and hooks into Claude/Codex config surfaces.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
User runs install.sh, dreamcontext setup, install-skill, install-instructions, or config commands
Impact
Warn-level lifecycle/control-surface risk if user enables hooks; no unconsented npm install mutation found
Mechanism
First-party agent extension setup and project memory/task CLI
Rationale
Source inspection supports a warning for explicit first-party AI-agent extension lifecycle setup, not a malicious block. Scanner hits for child_process, secrets, network, and blobs map mostly to bundled dependencies, local token management, dashboard assets, or package-aligned integrations.
Evidence
package.jsoninstall.shdist/index.jsdist/templates/AGENTS.mddist/templates/CLAUDE.mdskill/SKILL.md.claude/settings.json.codex/config.toml.claude/skills/*.agents/skills/*.claude/agents/*.codex/agents/*AGENTS.mdCLAUDE.md_dream_context/state/.config.json_dream_context/state/.secrets.json
Network endpoints4
api.github.comapi.clickup.com/api/v2graph.facebook.comapi.github.com/repos/${repo}/releases/latest

Decision evidence

public snapshot
AI called this Suspicious at 86.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • dist/index.js installs Claude/Codex hooks via explicit install/setup commands
  • dist/index.js writes .claude/settings.json and .codex/config.toml hook entries
  • dist/index.js installs package-owned skills/agents under .claude, .agents, and .codex
  • install.sh is user-invoked but runs npm install -g dreamcontext@latest then dreamcontext setup
Evidence against
  • package.json has no preinstall/install/postinstall; only prepublishOnly build
  • Agent control-surface writes are under explicit CLI commands, not automatic npm install
  • Remote APIs are package-aligned: GitHub, ClickUp, Meta, GitHub releases
  • ClickUp/GitHub tokens are stored locally in _dream_context/state/.secrets.json and masked in output
  • No source evidence of credential exfiltration, remote payload execution, destructive install behavior, or persistence outside declared hooks
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsEvalFilesystemNetworkShell
Supply chain
HighEntropyStringsMinifiedObfuscatedProtestwareUrlStrings
ManifestNo manifest risk signals triggered.
scanned 136 file(s), 8.12 MB of source, external domains: app.excalidraw.com, chevrotain.io, cli.github.com, discord.gg, docs.excalidraw.com, en.wikipedia.org, esm.sh, excalidraw-room-persistence.firebaseio.com, github.com, jcgt.org, jquery.org, json.excalidraw.com, langium.org, libraries.excalidraw.com, mermaid.js.org, oss-ai.excalidraw.com, oss-collab.excalidraw.com, player.vimeo.com, plus.excalidraw.com, react.dev, tldrlegal.com, twitter.com, us-central1-excalidraw-room-persistence.cloudfunctions.net, www.figma.com, www.npmjs.com, www.shadertoy.com, www.w3.org, www.youtube.com, x.com, youtube.com
Oversized source lightweight scan
dist/dashboard/assets/index-DKts-kEI.js2.04 MB file, sampled 256 KB
NetworkHighEntropyStringsMinifiedUrlStringsgithub.comreact.devwww.npmjs.com
dist/index.js2.97 MB file, sampled 256 KB
FilesystemChildProcessShellHighEntropyStringsUrlStringscli.github.comgithub.com

Source & flagged code

11 flagged · loading source
dist/dashboard/assets/subset-shared.chunk-B4Hz462f.jsView file
22patternName = aws_access_key severity = critical line = 22 matchedText = `,X.push...;/**
Critical
Critical Secret

Package contains a critical-looking secret pattern.

dist/dashboard/assets/subset-shared.chunk-B4Hz462f.jsView on unpkg · L22
22patternName = aws_access_key severity = critical line = 22 matchedText = `,X.push...;/**
Critical
Secret Pattern

AWS access key ID in dist/dashboard/assets/subset-shared.chunk-B4Hz462f.js

dist/dashboard/assets/subset-shared.chunk-B4Hz462f.jsView on unpkg · L22
1import{f as Vg}from"./percentages-BXMCSKIN-FEVpi1aK.js";import"./index-DKts-kEI.js";import"./extends-CF3RwP-h.js";var vC=(()=>{let F=new Uint8Array(128);for(let L=0;L<64;L++)F[L<26... L2: ${I.extraStackTrace()}`),hI(A)}function sI(A,g,C,Q){w(`Assertion failed: ${$(A)}, at: ${[g?$(g):"unknown filename",C,Q?$(Q):"unknown function"]}`)}function NI(A){return yA(A)}funct... L3: "use strict"; return body.apply(this, arguments);
Low
Eval

Package source references a known benign dynamic code generation pattern.

dist/dashboard/assets/subset-shared.chunk-B4Hz462f.jsView on unpkg · L1
dist/skill-packs/excalidraw/examples/style_board.jsView file
2// Shows card/connector/sectionTitle + the dimension-aware lane() (captions hug images, .nextY stacks). L3: const path = require('path'); L4: const { buildExcalidraw, lane } = require(path.join(__dirname, '..', 'scripts', 'build_excalidraw.js'));
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/skill-packs/excalidraw/examples/style_board.jsView on unpkg · L2
dist/skill-packs/excalidraw/scripts/build_excalidraw.jsView file
8// - `%% ## Drawing ```json <scene> ``` %%` (uncompressed JSON; plugin reads it fine) L9: // Images need NO base64 — the fileId (sha1 of the file) + the Embedded Files wikilink is enough. L10: // ... L285: version: 2, L286: source: 'https://github.com/zsviczian/obsidian-excalidraw-plugin', L287: elements,
Low
Weak Crypto

Package source references weak cryptographic algorithms.

dist/skill-packs/excalidraw/scripts/build_excalidraw.jsView on unpkg · L8
dist/dashboard/assets/percentages-BXMCSKIN-FEVpi1aK.jsView file
108contains invisible/control Unicode U+202A (left-to-right embedding) */var Qg;function IF(){if(Qg)return vh;Qg=1;var e=S5(),t=MF();function n(d,l){return d===l&&(d!==0||1/d===1/l)||d!==d&&l!==l}var a=typeof Object.is=="function"?Object.is:n,i=t.useSyncExternalStore,r=e.useRef,s=e.useEffect,o=e.useMemo,c=e.u
Critical
Trojan Source Unicode

Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.

dist/dashboard/assets/percentages-BXMCSKIN-FEVpi1aK.jsView on unpkg · L108
2patternName = google_api_key severity = high line = 2 matchedText = import{a...AZZX
High
Secret Pattern

Google API key in dist/dashboard/assets/percentages-BXMCSKIN-FEVpi1aK.js

dist/dashboard/assets/percentages-BXMCSKIN-FEVpi1aK.jsView on unpkg · L2
dist/skill-packs/video-watching/scripts/transcribe.shView file
path = dist/skill-packs/video-watching/scripts/transcribe.sh kind = build_helper sizeBytes = 12857 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

dist/skill-packs/video-watching/scripts/transcribe.shView on unpkg
dist/dashboard/assets/Assistant-Bold-gm-uSS1B.woff2View file
path = dist/dashboard/assets/Assistant-Bold-gm-uSS1B.woff2 kind = high_entropy_blob sizeBytes = 20380 magicHex = [redacted]
High
Ships High Entropy Blob

Package ships high-entropy non-source blobs.

dist/dashboard/assets/Assistant-Bold-gm-uSS1B.woff2View on unpkg
dist/index.jsView file
path = dist/index.js kind = oversized_source_file sizeBytes = 3110912 magicHex = [redacted]
High
Oversized Source File

Package contains source files above the static scanner size ceiling.

dist/index.jsView on unpkg
path = dist/index.js kind = oversized_cli_entrypoint sizeBytes = 3110912 magicHex = [redacted]
Medium
Oversized Cli Entrypoint

Package contains an oversized executable-looking CLI entrypoint.

dist/index.jsView on unpkg

Findings

3 Critical3 High7 Medium8 Low
CriticalCritical Secretdist/dashboard/assets/subset-shared.chunk-B4Hz462f.js
CriticalTrojan Source Unicodedist/dashboard/assets/percentages-BXMCSKIN-FEVpi1aK.js
CriticalSecret Patterndist/dashboard/assets/subset-shared.chunk-B4Hz462f.js
HighShips High Entropy Blobdist/dashboard/assets/Assistant-Bold-gm-uSS1B.woff2
HighOversized Source Filedist/index.js
HighSecret Patterndist/dashboard/assets/percentages-BXMCSKIN-FEVpi1aK.js
MediumDynamic Requiredist/skill-packs/excalidraw/examples/style_board.js
MediumNetwork
MediumEnvironment Vars
MediumProtestware
MediumShips Build Helperdist/skill-packs/video-watching/scripts/transcribe.sh
MediumOversized Cli Entrypointdist/index.js
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowEvaldist/dashboard/assets/subset-shared.chunk-B4Hz462f.js
LowWeak Cryptodist/skill-packs/excalidraw/scripts/build_excalidraw.js
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings