registry  /  harnessed  /  4.15.1

harnessed@4.15.1

AI coding harness package manager + composition orchestrator

AI Security Review

scanned 9d ago · by lpm-firewall-ai

No confirmed malicious attack surface. The package is an AI workflow/orchestration CLI that can modify Claude/Codex skills, commands, settings, MCP config, and harnessed state only through explicit user-invoked commands.

Static reason
No blocking static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs harnessed CLI commands such as setup, install, update, uninstall, checkpoint, or the documented inject-state hook.
Impact
Expected installation/configuration of AI workflow assets; no credential harvesting, covert exfiltration, lifecycle execution, or persistence beyond declared user-selected harness integration was found.
Mechanism
User-invoked AI harness installer and workflow state manager
Rationale
Static inspection shows powerful but package-aligned AI harness setup/install functionality, gated by explicit CLI invocation rather than npm lifecycle or import-time execution. The scanner's dangerous delta maps to declared orchestration prompts and installer code, not covert malware behavior.
Evidence
package.jsondist/index.mjsdist/cli.mjsbin/harnessed-inject-state.mjsmanifests/tools/*.yamlmanifests/cc-hooks/dashboard-autospawn.yaml~/.claude/skills/*~/.agents/skills/*~/.claude/commands/*.md~/.codex/prompts/*.md~/.claude/settings.json~/.claude.json~/.codex/config.toml~/.claude/harnessed/*~/.codex/harnessed/*

Decision evidence

public snapshot
AI called this Clean at 89.0% confidence as Benign with medium false-positive risk.
Evidence for block
    Evidence against
    • package.json has no install/preinstall/postinstall lifecycle hooks; only user-run build/test scripts.
    • dist/index.mjs only exports VERSION; no import-time side effects.
    • dist/cli.mjs dangerous primitives are CLI actions: setup/install/update/uninstall/checkpoint commands invoked by user.
    • dist/cli.mjs setup writes harness files under Claude/Codex config dirs and uses confirmations/--dry-run for installs.
    • bin/harnessed-inject-state.mjs is a hook helper that only reads harnessed state and repo planning files, prints context, and has no network/subprocess writes.
    • Network/process use is package-aligned: npm version check, claude/codex/npm/git/npx commands for explicit setup/install/update flows.
    Behavioral surface
    Source
    ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
    Supply chain
    HighEntropyStringsUrlStrings
    ManifestNo manifest risk signals triggered.
    scanned 4 file(s), 403 KB of source, external domains: git-scm.com, github.com, harnessed.dev

    Source & flagged code

    2 flagged · loading source
    dist/cli.mjsView file
    matchType = previous_version_dangerous_delta matchedPackage = harnessed@4.15.0 matchedIdentity = npm:aGFybmVzc2Vk:4.15.0 similarity = 0.750 summary = stored previous version shares package body but lacks this dangerous source file
    Critical
    Previous Version Dangerous Delta

    This package version adds a dangerous source file absent from the previous stored version.

    dist/cli.mjsView on unpkg
    11import * as ajvFormatsNs from 'ajv-formats'; L12: import { execFileSync, spawnSync, spawn, exec, execSync, execFile } from 'child_process'; L13: import { fileURLToPath } from 'url'; ... L21: import { Command } from 'commander'; L22: import { stdout, stdin } from 'process'; L23: import * as readline from 'readline/promises'; ... L34: L35: // package.json L36: var package_default; ... L47: type: "git", L48: url: "https://github.com/easyinplay/harnessed.git" L49: },
    Low
    Weak Crypto

    Package source references weak cryptographic algorithms.

    dist/cli.mjsView on unpkg · L11

    Findings

    1 Critical2 Medium5 Low
    CriticalPrevious Version Dangerous Deltadist/cli.mjs
    MediumNetwork
    MediumEnvironment Vars
    LowScripts Present
    LowWeak Cryptodist/cli.mjs
    LowFilesystem
    LowHigh Entropy Strings
    LowUrl Strings