registry  /  httpdr-setup  /  1.0.0

httpdr-setup@1.0.0

Catalogo e CLI para skills de agentes de IA em PT-BR, com setup cross-harness para Claude Code, Codex e GitHub Copilot.

AI Security Review

scanned 3h ago · by lpm-firewall-ai

Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
User runs `httpdr-setup setup`, `init`, `ecc-sync`, or plugin install.
Impact
Can alter project or opted-in global AI-agent control surfaces and copy hooks/scripts for later review or activation.
Mechanism
Explicit AI-agent configuration and vendored-resource installation.
Rationale
The scanner's critical reverse-shell label is a false positive, but the package intentionally mutates agent configuration when explicitly invoked. Flag as a warning for this user-command setup capability rather than block it as malicious.
Evidence
package.jsonbin/httpdr-setup.mjsapps/cli/index.mjslib/setup-runner.mjslib/ecc-resource-installer.mjslib/plugin-generator.mjsAGENTS.md.ai-harness/.codex/AGENTS.md.codex/config.tomlCLAUDE.md.claude/settings.cross-harness.example.json.github/copilot-instructions.md.github/prompts/ai-setup-audit.prompt.md~/.ai-harness/

Decision evidence

public snapshot
AI called this Suspicious at 91.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `lib/setup-runner.mjs` explicitly writes project AI-agent files including `AGENTS.md`, `.codex/AGENTS.md`, `CLAUDE.md`, and `.github/copilot-instructions.md`.
  • `apps/cli/index.mjs` exposes user-invoked `setup`, `init`, `ecc-sync`, and plugin-install commands that mutate the selected target.
  • `lib/ecc-resource-installer.mjs` copies vendored agent resources, hooks, scripts, and optional harness directories into a target.
Evidence against
  • `package.json` has no `preinstall`, `install`, or `postinstall` lifecycle hook.
  • The bin entry only imports the CLI; mutations require explicit CLI commands.
  • `lib/setup-runner.mjs` uses `spawnSync` only for fixed `git` inspection commands with `shell: false`.
  • No HTTP/network, socket, credential harvesting, eval, or remote payload execution was found in executable source.
  • The scanner's reverse-shell indication is unsupported: the apparent `nc` text is in generated deny rules, not process/socket wiring.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 39 file(s), 153 KB of source, external domains: github.com

Source & flagged code

4 flagged · loading source
lib/setup-runner.mjsView file
3import path from "node:path"; L4: import { spawnSync } from "node:child_process"; L5: import { discoverSkills, normalizeSkillName } from "./skills.mjs"; ... L56: const repoRoot = path.resolve(args.repoRoot || path.join(path.dirname(new URL(import.meta.url).pathname), "..")); L57: const target = path.resolve(args.target || process.cwd()); L58: const globalTarget = path.resolve(args["global-target"] || path.join(os.homedir(), ".ai-harness")); ... L71: const audit = auditProject(target, inventory); L72: const generatedAt = process.env.HTTPDR_SETUP_NOW || new Date().toISOString(); L73: ... L225: const exists = (relativePath) => fs.existsSync(path.join(root, relativePath)); L226: const pkg = readJson(path.join(root, "package.json")); L227: const scripts = pkg?.scripts || {};
Critical
Reverse Shell

Source matches reverse-shell style process and socket wiring.

lib/setup-runner.mjsView on unpkg · L3
3Trigger-reachable chain: manifest.exports -> packages/core/index.mjs -> lib/setup-runner.mjs L3: import path from "node:path"; L4: import { spawnSync } from "node:child_process"; L5: import { discoverSkills, normalizeSkillName } from "./skills.mjs"; ... L56: const repoRoot = path.resolve(args.repoRoot || path.join(path.dirname(new URL(import.meta.url).pathname), "..")); L57: const target = path.resolve(args.target || process.cwd()); L58: const globalTarget = path.resolve(args["global-target"] || path.join(os.homedir(), ".ai-harness")); ... L71: const audit = auditProject(target, inventory); L72: const generatedAt = process.env.HTTPDR_SETUP_NOW || new Date().toISOString(); L73: ... L225: const exists = (relativePath) => fs.existsSync(path.join(root, relativePath)); L226: const pkg = readJson(path.join(root, "package.json")); L227: const scripts = pkg?.scripts || {};
Critical
Trigger Reachable Dangerous Capability

A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.

lib/setup-runner.mjsView on unpkg · L3
3import path from "node:path"; L4: import { spawnSync } from "node:child_process"; L5: import { discoverSkills, normalizeSkillName } from "./skills.mjs";
High
Child Process

Package source references child process execution.

lib/setup-runner.mjsView on unpkg · L3
skills/comunicacao/sprint-review-deck/scripts/collect-git-context.shView file
path = skills/comunicacao/sprint-review-deck/scripts/collect-git-context.sh kind = build_helper sizeBytes = 3033 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

skills/comunicacao/sprint-review-deck/scripts/collect-git-context.shView on unpkg

Findings

2 Critical2 High3 Medium4 Low
CriticalReverse Shelllib/setup-runner.mjs
CriticalTrigger Reachable Dangerous Capabilitylib/setup-runner.mjs
HighChild Processlib/setup-runner.mjs
HighShell
MediumEnvironment Vars
MediumShips Build Helperskills/comunicacao/sprint-review-deck/scripts/collect-git-context.sh
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings