registry  /  forgeai-agentic-init  /  2.7.0

forgeai-agentic-init@2.7.0

AI project initialization kit for agentic coding workflows.

AI Security Review

scanned 2h ago · by lpm-firewall-ai

Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.

Static reason
No blocking static signals were detected.
Trigger
User runs `forgeai-init`, `--add-model`, or accepts the interactive update prompt.
Impact
Can influence future AI-agent workflow and execute a user-configured local CLI when the generated router is later run.
Mechanism
Project-local AI-agent template and adapter configuration writes.
Rationale
This is not malicious by source inspection, but it intentionally mutates AI-agent workflow files and introduces an update path through a user-invoked initializer. Per policy, explicit user-command agent configuration is warn-level rather than block-level.
Evidence
package.jsondist/forgeai-init.jsdist/lib/init.jsdist/lib/update-check.jsdist/lib/model-routing.jsdist/lib/utils.jstemplates/AGENTS.mdtemplates/.ai/router/run-model.tstemplates/CLAUDE.md.ai/AGENTS.mdCLAUDE.md

Decision evidence

public snapshot
AI called this Suspicious at 91.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `dist/lib/init.js` copies templates into the current project on explicit CLI invocation.
  • `templates/AGENTS.md` and `templates/CLAUDE.md` instruct future agents to run `npx forgeai-agentic-init@latest`.
  • `dist/lib/update-check.js` can invoke `npx forgeai-agentic-init@latest --upgrade` only after an interactive choice.
  • `templates/.ai/router/run-model.ts` runs user-configured model CLI adapters.
Evidence against
  • `package.json` has no preinstall, install, or postinstall hook.
  • The entrypoint runs only through the declared `forgeai-init` bin command.
  • Writes are bounded to the caller's current project and honor dry-run/overwrite controls.
  • No credential harvesting, HTTP client, encoded payload, binary loader, or silent exfiltration was found.
  • Update lookup uses `npm view`; upgrade requires an interactive user selection.
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemShell
Supply chain
UrlStrings
ManifestNo manifest risk signals triggered.
scanned 16 file(s), 89.1 KB of source, external domains: pypi.org, registry.npmjs.org, registry.yarnpkg.com, rubygems.org

Source & flagged code

4 flagged · loading source
dist/lib/init.jsView file
Published source reference
Medium
Ai Review Evidence

`dist/lib/init.js` copies templates into the current project on explicit CLI invocation.

dist/lib/init.jsView on unpkg
templates/AGENTS.mdView file
Published source reference
Medium
Ai Review Evidence

`templates/AGENTS.md` and `templates/CLAUDE.md` instruct future agents to run `npx forgeai-agentic-init@latest`.

templates/AGENTS.mdView on unpkg
dist/lib/update-check.jsView file
Published source reference
Medium
Ai Review Evidence

`dist/lib/update-check.js` can invoke `npx forgeai-agentic-init@latest --upgrade` only after an interactive choice.

dist/lib/update-check.jsView on unpkg
templates/.ai/router/run-model.tsView file
Published source reference
Medium
Ai Review Evidence

`templates/.ai/router/run-model.ts` runs user-configured model CLI adapters.

templates/.ai/router/run-model.tsView on unpkg

Findings

5 Medium4 Low
MediumEnvironment Vars
MediumAi Review Evidencedist/lib/init.js
MediumAi Review Evidencetemplates/AGENTS.md
MediumAi Review Evidencedist/lib/update-check.js
MediumAi Review Evidencetemplates/.ai/router/run-model.ts
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowUrl Strings