registry  /  harness-aim-mcp  /  1.0.46

harness-aim-mcp@1.0.46

AIM — AI Maestro for the Harness platform. Your personal Harness Architect, powered by the Harness Adoption MCP server.

AI Security Review

scanned 3h ago · by lpm-firewall-ai

Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.

Static reason
No blocking static signals were detected.
Trigger
A user invokes the AIM setup or rules-install MCP tool and a calling agent follows its returned write instructions.
Impact
Can steer future workspace AI sessions toward this package's MCP tools and workflow.
Mechanism
Explicit user-command generation of AI-agent instruction files.
Rationale
No concrete malicious execution or exfiltration behavior was found, but explicit setup enables persistent broad AI-agent workflow control across several client formats. Per policy, this is a warning-level AI-agent capability risk rather than a publish block.
Evidence
package.jsonbuild/index.jsbuild/config.jsbuild/tools/shared/harness-adoption-setup.jsbuild/tools/shared/harness-adoption-rules-install.jsbuild/tools/shared/aim-rule-targets.jsbuild/docs/rules/aim-workflow.mdbuild/report-renderer/packs/index.jsAGENTS.mdCLAUDE.md.cursor/rules/aim-workflow.mdc.github/copilot-instructions.md.github/instructions/aim-workflow.instructions.md.kiro/steering/aim-workflow.md

Decision evidence

public snapshot
AI called this Suspicious at 90.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `build/tools/shared/aim-rule-targets.js` returns always-applied agent-rule targets including `AGENTS.md`, `CLAUDE.md`, Cursor, Copilot, and Kiro paths.
  • `build/docs/rules/aim-workflow.md` directs future agent sessions to use this package's MCP workflow and avoid some native alternatives.
  • `build/tools/shared/harness-adoption-rules-install.js` permits selecting `all` agent clients, but returns instructions/content rather than writing files itself.
  • `build/report-renderer/packs/index.js` dynamically imports local report-pack preprocessors configured from package-controlled pack paths.
Evidence against
  • `package.json` has no `preinstall`, `install`, or `postinstall`; its only lifecycle hook is `prepublishOnly`.
  • `build/index.js` starts only when invoked as the bin/entrypoint and exposes stdio, HTTP, report, and browser-management modes.
  • `build/config.js` uses configured Harness credentials/base URLs and rejects private/local request-header base-URL overrides.
  • Child-process usage in reviewed tool files opens requested local reports/URLs or runs bundled media/browser tooling; no secret collection or exfiltration chain was found.
  • The rule-install tool explicitly requires an `aim: install rules`-style user request and delegates filesystem writes to the calling agent.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsEvalFilesystemNativeBindingsNetworkShell
Supply chain
HighEntropyStringsMinifiedObfuscatedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 330 file(s), 3.02 MB of source, external domains: 127.0.0.1, api.elevenlabs.io, api.openai.com, app.harness.io, cdn.jsdelivr.net, developer.harness.io, fonts.googleapis.com, fonts.gstatic.com, harness.io, mermaid.js.org, texttospeech.googleapis.com, www.w3.org, your-tenant.atlassian.net

Source & flagged code

3 flagged · loading source
build/tools/harness-ccm-showcase.jsView file
13import * as path from "node:path"; L14: import { spawn } from "node:child_process"; L15: import { resolve, dirname } from "node:path";
High
Child Process

Package source references child process execution.

build/tools/harness-ccm-showcase.jsView on unpkg · L13
build/report-renderer/index.jsView file
30*/ L31: const REPORT_API_KEY = process.env.REPORT_API_KEY?.trim() || undefined; L32: function requireReportApiKey(req, res, next) { ... L40: if (token !== REPORT_API_KEY) { L41: res.status(401).json({ error: "Unauthorized — set Authorization: Bearer <REPORT_API_KEY>" }); L42: return; ... L67: try { L68: const oldPath = path.resolve(process.cwd(), "aim-pdf-out", "report-registry.json"); L69: if (fs.existsSync(oldPath) && !fs.existsSync(REGISTRY_PERSIST_PATH)) { ... L248: throw new Error(`Failed to load theme template from ${templatePath}: ${String(err)}. ` + L249: `If this is an external pack, ensure a package.json with { "type": "module" } ` + L250: `exists in the pack directory.`);
Low
Weak Crypto

Package source references weak cryptographic algorithms.

build/report-renderer/index.jsView on unpkg · L30
build/tools/reports/harness-adoption-reports-render.jsView file
9* L10: * When HARNESS_AIM_REPORTS_URL is set (e.g. "http://localhost:4321"), this L11: * tool does NOT register the report itself. Instead it validates the file and ... L18: import * as path from "node:path"; L19: import { spawn } from "node:child_process"; L20: import matter from "gray-matter"; ... L23: /** URL of the aim-reports server when running as a separate process. */ L24: const AIM_REPORTS_URL = process.env.HARNESS_AIM_REPORTS_URL?.replace(/\/$/, "") || undefined; L25: // Theme IDs are discovered at runtime from the themes directory (and any
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

build/tools/reports/harness-adoption-reports-render.jsView on unpkg · L9

Findings

3 High3 Medium8 Low
HighChild Processbuild/tools/harness-ccm-showcase.js
HighShell
HighSame File Env Network Executionbuild/tools/reports/harness-adoption-reports-render.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowEval
LowWeak Cryptobuild/report-renderer/index.js
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings