registry  /  hyperframes  /  0.7.49

hyperframes@0.7.49

HyperFrames CLI — create, preview, and render HTML video compositions

AI Security Review

scanned 2h ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. No install-time malicious behavior was found. The explicit `skills` command can install and mirror package-owned AI-agent skills; normal CLI commands may also schedule a detached self-update after a registry check.

Static reason
One or more suspicious static signals were detected.
Trigger
User runs `hyperframes skills` for agent-skill setup, or runs a non-help/non-JSON CLI command when an update is available.
Impact
Can modify AI-agent skill directories only after an explicit skills command; automatic updates can modify the global HyperFrames installation.
Mechanism
User-invoked agent-skill installation plus package-aligned background self-update.
Rationale
Source inspection found no malicious install hook or exfiltration chain. The explicit cross-agent skill installation/mirroring is a real agent-extension lifecycle risk and warrants a warning under the stated policy.
Evidence
package.jsondist/cli.jsdist/skills/hyperframes-cli/SKILL.mddist/skills/hyperframes/SKILL.mddist/studio/index.js
Network endpoints5
registry.npmjs.org/hyperframes/latestapi.heygen.comapp.heygen.com/oauth/authorizeapi2.heygen.com/v1/oauth/tokenapi.figma.com

Decision evidence

public snapshot
AI called this Suspicious at 90.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `dist/cli.js` exposes an explicit `skills` command that installs and mirrors HyperFrames skills into detected AI-agent skill directories.
  • `dist/cli.js` invokes `npx skills add` and creates symlinks/copies under agent skill roots after that user command.
  • `dist/cli.js` performs automatic npm update checks and can launch a detached package-manager self-update after normal CLI use.
Evidence against
  • `package.json` has no `preinstall`, `install`, `postinstall`, or other lifecycle hook.
  • Agent-directory writes are reachable through the user-invoked `hyperframes skills` command, not package installation.
  • No inspected code harvests unrelated credentials or sends local files to an untrusted endpoint.
  • Network use is package-aligned: npm update metadata, HeyGen cloud/auth APIs, and explicit Figma/cloud commands.
  • The studio bundle's fetches target local `/api/...` project routes or user-selected media URLs.
Behavioral surface
Source
ChildProcessDynamicRequireEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsMinifiedObfuscatedTelemetryUrlStrings
Manifest
NoLicense
scanned 16 file(s), 3.78 MB of source, external domains: aomediacodec.github.io, api.figma.com, api.heygen.com, cdn.example.com, cdn.jsdelivr.net, evilmartians.com, example.com, fonts.googleapis.com, github.com, react.dev, studio.local, us.i.posthog.com, www.figma.com, www.w3.org, www.w3ctech.com, www.webmproject.org
Oversized source lightweight scan
dist/cli.js9.17 MB file, sampled 256 KB
FilesystemNetworkChildProcessEnvironmentVarsShellDynamicRequireHighEntropyStringsUrlStringsapi.figma.comapi.heygen.comcdn.example.comexample.comwww.figma.com
dist/studio/assets/index-HvbbjzDK.js3.17 MB file, sampled 256 KB
NetworkChildProcessObfuscatedHighEntropyStringsMinifiedTelemetryUrlStringsgithub.comreact.devwww.w3.org

Source & flagged code

3 flagged · loading source
dist/studio/index.jsView file
207fill: "none", L208: xmlns: "http://www.w3.org/2000/svg", L209: "aria-hidden": "true", ... L1291: if (!raw) return {}; L1292: const parsed = JSON.parse(raw); L1293: if (!isRecord2(parsed)) return {}; ... L1573: try { L1574: return import.meta.env.DEV === true; L1575: } catch { ... L1710: headers: { "Content-Type": "application/json" }, L1711: body: JSON.stringify({ api_key: POSTHOG_API_KEY, batch }), L1712: signal: controller.signal
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

dist/studio/index.jsView on unpkg · L207
dist/studio/assets/index-HvbbjzDK.jsView file
path = dist/studio/assets/index-HvbbjzDK.js kind = oversized_source_file sizeBytes = 3326591 magicHex = [redacted]
High
Oversized Source File

Package contains source files above the static scanner size ceiling.

dist/studio/assets/index-HvbbjzDK.jsView on unpkg
dist/cli.jsView file
path = dist/cli.js kind = oversized_cli_entrypoint sizeBytes = 9618674 magicHex = [redacted]
Medium
Oversized Cli Entrypoint

Package contains an oversized executable-looking CLI entrypoint.

dist/cli.jsView on unpkg

Findings

2 High5 Medium7 Low
HighSandbox Evasion Gated Capabilitydist/studio/index.js
HighOversized Source Filedist/studio/assets/index-HvbbjzDK.js
MediumDynamic Require
MediumNetwork
MediumEnvironment Vars
MediumOversized Cli Entrypointdist/cli.js
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowTelemetry
LowUrl Strings
LowNo License