registry  /  hayao  /  0.5.1

hayao@0.5.1

An AI-first game engine: a deterministic, headless-native simulation kernel with a Godot-style scene tree, pluggable renderers (SVG/Canvas/headless), and a built-in verification harness — designed so an LLM can author, test, and prove correct a whole game

AI Security Review

scanned 3h ago · by lpm-firewall-ai

No confirmed malicious attack surface. The package provides explicit user-invoked game scaffolding, local CLI utilities, and a Workshop MCP server for the current project.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs `create-hayao`, `hayao`, or `hayao-mcp` / invokes an MCP tool.
Impact
Writes are limited to the selected scaffold directory or project `.workshop/` directory; no automatic installation-time action or outbound exfiltration was found.
Mechanism
Local project scaffolding, playtest artifact handling, and explicitly requested subprocesses.
Rationale
Source inspection found no automatic execution, exfiltration, remote payload retrieval, persistence, or foreign AI-agent configuration mutation. Static child-process, dynamic-import, and runtime-install hints map to explicit local CLI/MCP features and bundled validation dependencies.
Evidence
package.jsonbin/create-hayao.mjsbin/hayao-mcp-cli.mjsbin/hayao.mjsdist/mcp.jsdist/workshop-plugin.jsdist/strike.js

Decision evidence

public snapshot
AI called this Clean at 95.0% confidence as Benign with low false-positive risk.
Evidence for block
    Evidence against
    • `package.json` has only `prepublishOnly`; no install-time lifecycle hook.
    • `bin/create-hayao.mjs` only scaffolds files into the explicitly named project directory.
    • `bin/hayao-mcp-cli.mjs` starts the packaged Workshop MCP server only when the user invokes `hayao-mcp`.
    • `dist/mcp.js` confines workshop reads/writes to the current project's `.workshop/` data and exposes user-invoked local tooling.
    • `dist/mcp.js` dynamic import loads discovered local game modules; `new Function` is bundled AJV validation code, not package payload execution.
    • No shipped executable contains outbound HTTP/fetch/WebSocket calls or credential/environment harvesting.
    Behavioral surface
    Source
    ChildProcessDynamicRequireEvalFilesystemNetworkShellWebSocket
    Supply chain
    HighEntropyStringsMinifiedTelemetryUrlStrings
    ManifestNo manifest risk signals triggered.
    scanned 52 file(s), 2.86 MB of source, external domains: fb.me, github.com, json-schema.org, raw.githubusercontent.com, react.dev, spec.openapis.org, stackoverflow.com, tools.ietf.org, www.safaribooksonline.com, www.w3.org

    Source & flagged code

    5 flagged · loading source
    bin/hayao-mcp-cli.mjsView file
    5// { "mcpServers": { "hayao-workshop": { "command": "npx", "args": ["hayao-mcp"] } } } L6: import { spawn } from 'node:child_process'; L7: import { fileURLToPath } from 'node:url';
    High
    Child Process

    Package source references child process execution.

    bin/hayao-mcp-cli.mjsView on unpkg · L5
    9const server = fileURLToPath(new URL('../dist/mcp.js', import.meta.url)); L10: const child = spawn('npx', ['tsx', server], { stdio: 'inherit' }); L11: child.on('exit', (code) => process.exit(code ?? 0));
    High
    Runtime Package Install

    Package source invokes a package manager install command at runtime.

    bin/hayao-mcp-cli.mjsView on unpkg · L9
    dist/mcp.jsView file
    6var __hasOwnProp = Object.prototype.hasOwnProperty; L7: var __commonJS = (cb, mod) => function __require() { L8: try {
    Medium
    Dynamic Require

    Package source references dynamic require/import behavior.

    dist/mcp.jsView on unpkg · L6
    2944sourceCode = this.opts.code.process(sourceCode, sch); L2945: const makeValidate = new Function(`${names_1.default.self}`, `${names_1.default.scope}`, sourceCode); L2946: const validate = makeValidate(this, this.scope.get());
    Low
    Eval

    Package source references a known benign dynamic code generation pattern.

    dist/mcp.jsView on unpkg · L2944
    bin/hayao.mjsView file
    matchType = previous_version_dangerous_delta matchedPackage = hayao@0.3.0 matchedIdentity = npm:aGF5YW8:0.3.0 similarity = 0.667 summary = stored previous version shares package body but lacks this dangerous source file
    Critical
    Previous Version Dangerous Delta

    This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

    bin/hayao.mjsView on unpkg

    Findings

    1 Critical3 High3 Medium7 Low
    CriticalPrevious Version Dangerous Deltabin/hayao.mjs
    HighChild Processbin/hayao-mcp-cli.mjs
    HighShell
    HighRuntime Package Installbin/hayao-mcp-cli.mjs
    MediumDynamic Requiredist/mcp.js
    MediumNetwork
    MediumStructural Risk Force Deep Review
    LowNon Install Lifecycle Scripts
    LowScripts Present
    LowEvaldist/mcp.js
    LowFilesystem
    LowHigh Entropy Strings
    LowTelemetry
    LowUrl Strings