registry  /  gitsheets-axi  /  2.2.0

gitsheets-axi@2.2.0

Agent-facing CLI for gitsheets — token-efficient TOON output, idempotent mutations, self-installing session hooks.

AI Security Review

scanned 3h ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. No malicious install-time or import-time behavior was found. The notable risk is an explicit CLI setup command that installs first-party session hooks for agent tools, documented as opt-in.

Static reason
No blocking static signals were detected.
Trigger
User runs `gitsheets-axi setup hooks` or other explicit CLI mutation commands.
Impact
Could alter agent session hook configuration when explicitly invoked; no evidence of stealth, exfiltration, or remote payload execution.
Mechanism
first-party agent session hook setup and gitsheets repo mutation CLI
Rationale
Source inspection found an opt-in, documented agent hook installer and normal gitsheets CLI record operations, with no lifecycle hook abuse, credential harvesting, exfiltration, or remote code execution. Per policy, explicit first-party agent hook setup is a lifecycle risk warning rather than malicious blocking behavior.
Evidence
package.jsonREADME.mddist/bin/gitsheets-axi.jsdist/src/cli.jsdist/src/commands/setup.jsdist/src/commands/push.jsdist/src/commands/init.jsdist/src/commands/infer.jsdist/src/commands/upsert.jsdist/src/commands/delete.jsdist/src/commands/attachment.jsdist/src/util/stdin.js~/.claude/settings.json~/.codex/hooks.jsonconfig.toml.gitsheets/<sheet>.tomlgitsheets record/attachment paths

Decision evidence

public snapshot
AI called this Suspicious at 82.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • dist/src/commands/setup.js exposes explicit `gitsheets-axi setup hooks` command that calls `installSessionStartHooks` with marker `gitsheets-axi`.
  • README.md documents opt-in SessionStart hooks for Claude Code, Codex, and OpenCode.
  • dist/src/commands/push.js can run user-invoked `git push`; dist/src/commands/init.js and infer.js run bounded `git show`.
Evidence against
  • package.json has no preinstall/install/postinstall lifecycle scripts.
  • dist/bin/gitsheets-axi.js only imports cli main; no install-time execution found.
  • No fetch/http client or non-registry network endpoint in package code.
  • Data mutations are CLI commands scoped to gitsheets repositories/records and explicit user input.
  • Only env reference is `GITSHEETS_AXI_NO_STDIN` in dist/src/util/stdin.js.
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemShell
Supply chain
HighEntropyStrings
ManifestNo manifest risk signals triggered.
scanned 34 file(s), 147 KB of source

Source & flagged code

2 flagged · loading source
dist/src/commands/setup.jsView file
Published source reference
Medium
Ai Review Evidence

dist/src/commands/setup.js exposes explicit `gitsheets-axi setup hooks` command that calls `installSessionStartHooks` with marker `gitsheets-axi`.

dist/src/commands/setup.jsView on unpkg
dist/src/commands/push.jsView file
Published source reference
Medium
Ai Review Evidence

dist/src/commands/push.js can run user-invoked `git push`; dist/src/commands/init.js and infer.js run bounded `git show`.

dist/src/commands/push.jsView on unpkg

Findings

4 Medium3 Low
MediumEnvironment Vars
MediumAi Review Evidencedist/src/commands/setup.js
MediumAi Review Evidence
MediumAi Review Evidencedist/src/commands/push.js
LowScripts Present
LowFilesystem
LowHigh Entropy Strings