registry  /  giteai  /  2.2.0

giteai@2.2.0

AI Security Review

scanned 55m ago · by lpm-firewall-ai

A signed-in user running the CLI accepts automation definitions from the package service. Those definitions can execute arbitrary shell commands locally before commit generation.

Static reason
One or more suspicious static signals were detected.
Trigger
Run the default `gite` command or `gite compose` in a Git repository.
Impact
A compromised service response or account-controlled automation can run arbitrary commands with the invoking user's permissions.
Mechanism
Remote API-supplied command execution through `child_process.exec`.
Rationale
No install-time behavior or direct credential exfiltration was found, but the server-driven automation runner is an unresolved high-impact capability. Treat as warn rather than block because execution requires explicit CLI use and source supports a product-aligned automation feature.
Evidence
package.jsondist/index.js~/.config/giteai/config.json.giteai
Network endpoints1
giteai2.vercel.app/api/gt

Decision evidence

public snapshot
AI called this Suspicious at 90.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • `dist/index.js` fetches server-provided `automations` from `user/trait`.
  • `dist/index.js` passes each automation `command` to `child_process.exec` without a local allowlist or confirmation.
  • Automations run during normal `gite` and `compose` commands before commit generation.
Evidence against
  • `package.json` defines no npm lifecycle hooks.
  • Network use is limited to the package service endpoint `https://giteai2.vercel.app/api/gt` for its advertised AI commit workflow.
  • Observed file writes are an explicit login key store and a repository `.giteai` identifier.
  • The scanner's `child_process` dependency signal alone is not evidence of a dependency-squat execution chain.
Behavioral surface
Source
Filesystem
Supply chain
MinifiedTrivialUrlStrings
ManifestNo manifest risk signals triggered.
scanned 1 file(s), 19.7 KB of source, external domains: giteai2.vercel.app

Source & flagged code

1 flagged · loading source
package.jsonView file
Runtime dependency names matching Node built-ins: child_process
High
Node Builtin Dependency Squat

Package declares a runtime dependency whose name matches a Node built-in module.

package.jsonView on unpkg

Findings

1 High3 Low
HighNode Builtin Dependency Squatpackage.json
LowScripts Present
LowFilesystem
LowUrl Strings