registry  /  hana-cli  /  4.202607.1

hana-cli@4.202607.1

HANA Developer Command Line Interface

AI Security Review

scanned 3h ago · by lpm-firewall-ai

Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs `hana-cli mcpServerInstall` or an alias such as `hana-cli mcp`.
Impact
Enables the package's MCP tools in the selected AI client; it may access project connection context supplied to those tools.
Mechanism
Explicit MCP client configuration mutation and project-context CLI execution.
Rationale
Source inspection confirms an explicit AI-client MCP installer and a project-context command executor, which merits a warning under the stated policy. The postinstall hook is non-mutating and no concrete malicious chain was found.
Evidence
package.jsonscripts/postinstall.jsbin/mcpServerInstall.jsmcp-server/src/executor.tsmcp-server/build/prompts.jsbin/vscode.jsmcp-server/build/index.jsvscode-extension/hana-cli-0.1.8.vsix

Decision evidence

public snapshot
AI called this Suspicious at 91.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `bin/mcpServerInstall.js` explicitly writes MCP client config entries for Claude, Cursor, VS Code, and others.
  • The explicit `mcpServerInstall` command registers `mcp-server/build/index.js` as a stdio server.
  • `mcp-server/src/executor.ts` spawns this CLI in the selected project context.
  • `scripts/install-agent-instructions.js` is a user-invoked installer for agent instruction files.
Evidence against
  • `scripts/postinstall.js` only skips CI or prints a global dependency notice, then exits.
  • No lifecycle script invokes the MCP installer or writes AI-client configuration.
  • `bin/vscode.js` installs the bundled VSIX only on explicit `hana-cli vscode install`.
  • The VSIX manifest declares a SAP HANA workspace extension; archive entropy is consistent with a packaged VSIX.
  • `mcp-server/build/prompts.js` contains credential examples, not embedded secrets.
  • No source evidence of credential exfiltration, remote payload download, or stealth persistence.
Behavioral surface
Source
ChildProcessDynamicRequireEnvironmentVarsFilesystemNetworkShellWebSocket
Supply chain
HighEntropyStringsUrlStrings
Manifest
NoLicense
scanned 577 file(s), 2.98 MB of source, external domains: api.cf.eu10.hana.ondemand.com, api.cf.us10.hana.ondemand.com, cli.btp.cloud.sap, example.com, github.com, graphml.graphdrawing.org, keepachangelog.com, sap-samples.github.io, www.sap.com, www.w3.org

Source & flagged code

19 flagged · loading source
package.jsonView file
scripts.postinstall = node scripts/postinstall.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node scripts/postinstall.js
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
mcp-server/build/prompts.jsView file
313patternName = private_key_rsa severity = critical line = 313 matchedText = "key": "......"
Critical
Critical Secret

Package contains a critical-looking secret pattern.

mcp-server/build/prompts.jsView on unpkg · L313
313patternName = private_key_rsa severity = critical line = 313 matchedText = "key": "......"
Critical
Secret Pattern

RSA private key in mcp-server/build/prompts.js

mcp-server/build/prompts.jsView on unpkg · L313
bin/vscode.jsView file
matchType = previous_version_dangerous_delta matchedPackage = hana-cli@4.202607.0 matchedIdentity = npm:aGFuYS1jbGk:4.202607.0 similarity = 0.758 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

bin/vscode.jsView on unpkg
3import { buildDocEpilogue } from '../utils/doc-linker.js' L4: import { execFileSync } from 'child_process' L5: import { existsSync, readdirSync } from 'fs'
High
Child Process

Package source references child process execution.

bin/vscode.jsView on unpkg · L3
37* Execute a command safely using execFileSync. L38: * On Windows, VS Code ships as .cmd scripts which require cmd.exe to run. L39: * We invoke cmd.exe /c <command> <args> to avoid shell injection while
High
Shell

Package source references shell execution.

bin/vscode.jsView on unpkg · L37
bin/index.jsView file
42// Load all command modules in parallel L43: const lazyCommands = await Promise.all(commandFiles.map(file => import(file))) L44:
Medium
Dynamic Require

Package source references dynamic require/import behavior.

bin/index.jsView on unpkg · L42
bin/createModule.jsView file
56import fs from 'fs'; L57: import childproc from 'child_process'; L58: ... L60: // true at build-time, false at CF staging time L61: childproc.execSync('npm install && npm run build', { L62: cwd: '..',
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

bin/createModule.jsView on unpkg · L56
scripts/install-btp.shView file
path = scripts/install-btp.sh kind = build_helper sizeBytes = 365 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

scripts/install-btp.shView on unpkg
vscode-extension/hana-cli-0.1.8.vsixView file
path = vscode-extension/hana-cli-0.1.8.vsix kind = high_entropy_blob sizeBytes = 16801595 magicHex = [redacted]
High
Ships High Entropy Blob

Package ships high-entropy non-source blobs.

vscode-extension/hana-cli-0.1.8.vsixView on unpkg
path = vscode-extension/hana-cli-0.1.8.vsix kind = compressed_blob sizeBytes = 16801595 magicHex = [redacted]
Medium
Ships Compressed Blob

Package ships compressed or archive-like blobs.

vscode-extension/hana-cli-0.1.8.vsixView on unpkg
path = vscode-extension/hana-cli-0.1.8.vsix kind = nested_archive_needs_inspection sizeBytes = 16801595 magicHex = [redacted]
Low
Nested Archive Needs Inspection

Package ships a nested archive or MCP bundle that was inventoried but not recursively analyzed.

vscode-extension/hana-cli-0.1.8.vsixView on unpkg
mcp-server/src/prompts.tsView file
340patternName = private_key_rsa severity = critical line = 340 matchedText = "key": "......"
Critical
Secret Pattern

RSA private key in mcp-server/src/prompts.ts

mcp-server/src/prompts.tsView on unpkg · L340
docs/01-getting-started/configuration.mdView file
241patternName = generic_password severity = medium line = 241 matchedText = passwo...
Medium
Secret Pattern

Hardcoded password in docs/01-getting-started/configuration.md

docs/01-getting-started/configuration.mdView on unpkg · L241
docs/troubleshooting/index.mdView file
1134patternName = generic_password severity = medium line = 1134 matchedText = read -sp...WORD
Medium
Secret Pattern

Hardcoded password in docs/troubleshooting/index.md

docs/troubleshooting/index.mdView on unpkg · L1134
docs/03-features/mcp/implementation-guide.mdView file
329patternName = generic_password severity = medium line = 329 matchedText = password...23',
Medium
Secret Pattern

Hardcoded password in docs/03-features/mcp/implementation-guide.md

docs/03-features/mcp/implementation-guide.mdView on unpkg · L329
docs/03-features/mcp/implementation-complete.mdView file
231patternName = generic_password severity = medium line = 231 matchedText = password...23',
Medium
Secret Pattern

Hardcoded password in docs/03-features/mcp/implementation-complete.md

docs/03-features/mcp/implementation-complete.mdView on unpkg · L231
.github/agents/e2e-test-agent/e2e-test-agent.agent.mdView file
144patternName = generic_password severity = medium line = 144 matchedText = password...rd',
Medium
Secret Pattern

Hardcoded password in .github/agents/e2e-test-agent/e2e-test-agent.agent.md

.github/agents/e2e-test-agent/e2e-test-agent.agent.mdView on unpkg · L144

Findings

4 Critical5 High12 Medium6 Low
CriticalCritical Secretmcp-server/build/prompts.js
CriticalPrevious Version Dangerous Deltabin/vscode.js
CriticalSecret Patternmcp-server/build/prompts.js
CriticalSecret Patternmcp-server/src/prompts.ts
HighInstall Time Lifecycle Scriptspackage.json
HighChild Processbin/vscode.js
HighShellbin/vscode.js
HighRuntime Package Installbin/createModule.js
HighShips High Entropy Blobvscode-extension/hana-cli-0.1.8.vsix
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumDynamic Requirebin/index.js
MediumNetwork
MediumEnvironment Vars
MediumShips Build Helperscripts/install-btp.sh
MediumShips Compressed Blobvscode-extension/hana-cli-0.1.8.vsix
MediumStructural Risk Force Deep Review
MediumSecret Patterndocs/01-getting-started/configuration.md
MediumSecret Patterndocs/troubleshooting/index.md
MediumSecret Patterndocs/03-features/mcp/implementation-guide.md
MediumSecret Patterndocs/03-features/mcp/implementation-complete.md
MediumSecret Pattern.github/agents/e2e-test-agent/e2e-test-agent.agent.md
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNested Archive Needs Inspectionvscode-extension/hana-cli-0.1.8.vsix
LowNo License