registry  /  hub-launch  /  1.11.0

hub-launch@1.11.0

GitHub Issue and PR automation CLI tool with plugin/hook system for project-specific customizations

AI Security Review

scanned 2d ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. No confirmed malicious install-time attack surface was found. The unresolved risk is explicit user-command setup of AI-agent workflow files and terminal auto-approval settings for HubLaunch workflows.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
User runs `hula init`, `hula login`, or launch/schedule CLI commands.
Impact
Can alter project AI-agent workflow files and VS Code terminal auto-approval settings after interactive CLI use; launch can send configured credentials/env vars to the HubLaunch server.
Mechanism
First-party agent skills/script setup plus configured remote job submission
Rationale
Static inspection does not support a malicious verdict because the scanner’s exfiltration and shell findings map to user-invoked CLI workflows with package-aligned endpoints and explicit configuration. However, first-party AI-agent extension setup and auto-approval mutation are real lifecycle risk, so warn rather than mark clean.
Evidence
package.jsondist/index.jsdist/commands/init.jsdist/commands/login.jsdist/commands/launch.jsdist/utils/env-vars.jsdist/services/hooks/HookExecutor.jsdist/config/constants.js.agents/skills/*/SKILL.md.claude/commands/*.md.github/scripts/hula-*.sh.vscode/settings.json.hublaunch/hublaunch.config.js.env~/.hublaunch/github-token~/.hublaunch/background-hook.pid
Network endpoints4
www.hublaunch.sitegithub.com/login/oauth/access_tokenapi.github.comapi.anthropic.com/v1/models

Decision evidence

public snapshot
AI called this Suspicious at 82.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • dist/commands/init.js user-invoked init copies bundled skills into .agents/skills and symlinks .claude/commands/*.md
  • dist/commands/init.js can write .vscode/settings.json chat.tools.terminal.autoApprove patterns, default prompt initial true
  • dist/templates/scripts/*.sh are copied executable to .github/scripts by init
  • dist/commands/launch.js forwards configured API keys, GitHub token, and selected .env vars to configured HubLaunch server
Evidence against
  • package.json has no preinstall/install/postinstall lifecycle hooks
  • dist/index.js only registers CLI commands; no install-time execution
  • dist/utils/env-vars.js blocks reserved env vars and only reads variables named in config or explicit envVars all from .env
  • dist/services/hooks/HookExecutor.js validates hook paths under project root before running project hooks
  • Network use is aligned with CLI purpose: HubLaunch server, GitHub OAuth/API, Anthropic model validation
Behavioral surface
Source
ChildProcessDynamicRequireEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 82 file(s), 681 KB of source, external domains: api.anthropic.com, api.github.com, app.daytona.io, claude.ai, cli.github.com, docs.github.com, example.com, github.com, hooks.slack.com, www.hublaunch.site, your-platform.com

Source & flagged code

7 flagged · loading source
dist/utils/shell.jsView file
1import { exec, spawn } from 'child_process'; L2: import { promisify } from 'util';
High
Child Process

Package source references child process execution.

dist/utils/shell.jsView on unpkg · L1
4import { logger } from './logger.js'; L5: const execAsync = promisify(exec); L6: /**
High
Shell

Package source references shell execution.

dist/utils/shell.jsView on unpkg · L4
dist/config/index.jsView file
67const moduleUrl = `${configUrl}?update=${Date.now()}`; L68: const configModule = (await import(moduleUrl)); L69: // Get the config - try default export first, then named 'config' export, then the module itself
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/config/index.jsView on unpkg · L67
dist/commands/init.jsView file
99L100: const context: HookContext = JSON.parse(contextJson); L101: console.log(\`🚀 Starting preview for: \${context.deploymentUrl}\`); ... L103: // Browser headless mode: Use env var or default to visible L104: const headless = process.env.CI === "true" || process.env.HEADLESS === "true"; L105: ... L126: const email = process.env.TEST_USER_EMAIL; L127: const password = process.env.TEST_USER_PASSWORD; L128: ... L343: # Test with sample context L344: tsx .[redacted].ts '{"deploymentUrl":"https://example.com","prNumber":123}' L345:
Critical
Credential Exfiltration

Source appears to send environment or credential material to an external endpoint.

dist/commands/init.jsView on unpkg · L99
99Trigger-reachable chain: manifest.main -> dist/index.js -> dist/commands/init.js L99: L100: const context: HookContext = JSON.parse(contextJson); L101: console.log(\`🚀 Starting preview for: \${context.deploymentUrl}\`); ... L103: // Browser headless mode: Use env var or default to visible L104: const headless = process.env.CI === "true" || process.env.HEADLESS === "true"; L105: ... L126: const email = process.env.TEST_USER_EMAIL; L127: const password = process.env.TEST_USER_PASSWORD; L128: ... L343: # Test with sample context L344: tsx .[redacted].ts '{"deploymentUrl":"https://example.com","prNumber":123}' L345:
Critical
Trigger Reachable Dangerous Capability

A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.

dist/commands/init.jsView on unpkg · L99
dist/services/hooks/HookExecutor.jsView file
130const contextJson = JSON.stringify(context); L131: // Execute with npx tsx using execFile L132: // shell: true is required for Windows to find npx.cmd L133: await execFileAsync('npx', ['tsx', fullPath, contextJson], {
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

dist/services/hooks/HookExecutor.jsView on unpkg · L130
dist/templates/scripts/hula-fix-commit.shView file
path = dist/templates/scripts/hula-fix-commit.sh kind = build_helper sizeBytes = 4588 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

dist/templates/scripts/hula-fix-commit.shView on unpkg

Findings

2 Critical3 High5 Medium4 Low
CriticalCredential Exfiltrationdist/commands/init.js
CriticalTrigger Reachable Dangerous Capabilitydist/commands/init.js
HighChild Processdist/utils/shell.js
HighShelldist/utils/shell.js
HighRuntime Package Installdist/services/hooks/HookExecutor.js
MediumDynamic Requiredist/config/index.js
MediumNetwork
MediumEnvironment Vars
MediumShips Build Helperdist/templates/scripts/hula-fix-commit.sh
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings