registry  /  imhcode  /  1.0.0

imhcode@1.0.0

IMH-Code — Imam Hussain Coding Harness Platform. A fast-first multi-agent AI coding framework with intelligent model routing. 19 generic role-based agents (planner, nextjs-executor, laravel-executor, etc.), configurable testing strategy, and 7 token-savin

AI Security Review

scanned 5h ago · by lpm-firewall-ai

No install-time malware was confirmed, but the CLI is a high-risk AI-agent orchestrator. User-invoked initialization mutates broad assistant control surfaces and live execution can launch coding agents with permission checks bypassed.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
User runs imhcode init or imhcode agent run/execute --live.
Impact
Can globally alter assistant behavior and run generated agent tasks with reduced safeguards if the user invokes the CLI.
Mechanism
AI-agent control-surface writes and permission-bypassing local CLI orchestration
Attack narrative
The package does not execute on npm install. When the user runs its CLI, it initializes an AI coding framework by copying package instructions and skills into multiple home-directory assistant namespaces, registering global shims, optionally installing a skills CLI, and later executing generated sprint shell scripts. Live agent adapters can call local coding CLIs with permission-bypass flags. This is dangerous agent-facing capability, but source inspection did not show credential theft, exfiltration, remote payload fetching, or unconsented lifecycle mutation.
Rationale
Because the broad assistant writes and permission-bypass flags are explicit CLI behavior rather than npm lifecycle execution, this is warn-worthy dangerous AI-agent capability rather than confirmed malicious install-time hijack. No concrete malware/exfiltration path was found in inspected source.
Evidence
package.jsonbin/imhcode.jssrc/orchestrator/executor.tssrc/orchestrator/session.tsAGENTS.mdCLAUDE.mdskills/ui-ux-pro-max/.claude/skills/design/scripts/cip/generate.py~/.imhcode/~/.claude/CLAUDE.md~/.claude/AGENTS.md~/.claude/skills/~/.gemini/CLAUDE.md~/.gemini/AGENTS.md~/.gemini/skills/~/.copilot/CLAUDE.md~/.copilot/AGENTS.md~/.copilot/skills/~/.local/bin/imhcode~/.zshrc~/.bashrc~/.bash_profile~/.profiledocs/sprint-*/run_all_tasks.sh

Decision evidence

public snapshot
AI called this Suspicious at 90.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • bin/imhcode.js init copies CLAUDE.md/AGENTS.md and skills into ~/.claude, ~/.gemini, and ~/.copilot.
  • bin/imhcode.js registerCliGlobally writes shims to ~/.imhcode/bin and ~/.local/bin and appends PATH to shell rc files.
  • bin/imhcode.js ensureCavemanAndGraphify runs npm install -g skills and npx skills add juliusbrussee/caveman during CLI init.
  • src/orchestrator/executor.ts live OpenCode uses --dangerously-skip-permissions and Codex uses --dangerously-bypass-approvals-and-sandbox.
  • bin/imhcode.js execute/test runs generated docs/sprint-*/run_all_tasks.sh scripts via sh.
Evidence against
  • package.json has no preinstall/install/postinstall lifecycle hooks.
  • Risky behavior is reached by explicit imhcode CLI commands, not package import or npm install.
  • No credential harvesting or data exfiltration flow found in inspected entrypoints.
  • Network references are package/tool aligned: model CLIs, npm skills install, Gemini image-generation helper.
  • Shipped AGENTS.md and CLAUDE.md contain product workflow guidance, not reviewer bypass or secret theft instructions.
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEvalFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 57 file(s), 384 KB of source, external domains: api.github.com, example.com, fonts.google.com, github.com, raw.githubusercontent.com, www.typeui.sh

Source & flagged code

20 flagged · loading source
skills/typeui-main/src/prompts/designSystem.tsView file
18async function loadInquirer(): Promise<InquirerModule["default"]> { L19: const dynamicImport = new Function( L20: "specifier",
Low
Eval

Package source references a known benign dynamic code generation pattern.

skills/typeui-main/src/prompts/designSystem.tsView on unpkg · L18
bin/imhcode.jsView file
23const path = require('path'); L24: const { execSync } = require('child_process'); L25: const os = require('os'); ... L33: const CONFIG_FILE = 'imhcode.config.json'; L34: const GLOBAL_DIR = path.join(os.homedir(), '.imhcode'); L35: const LOCAL_DIR_NAME = '.imhcode'; ... L48: if (command === '--version' || command === '-v') { L49: const pkg = require(path.join(__dirname, '..', 'package.json')); L50: console.log(`${CLI_CMD} version: ${pkg.version}`); ... L788: let primaryEngine = 'claude'; L789: const isInteractive = process.stdout.isTTY; L790:
Critical
Persistence Backdoor

Source writes persistence or remote-access backdoor material.

bin/imhcode.jsView on unpkg · L23
23Trigger-reachable chain: manifest.bin -> bin/imhcode.js L23: const path = require('path'); L24: const { execSync } = require('child_process'); L25: const os = require('os'); ... L33: const CONFIG_FILE = 'imhcode.config.json'; L34: const GLOBAL_DIR = path.join(os.homedir(), '.imhcode'); L35: const LOCAL_DIR_NAME = '.imhcode'; ... L48: if (command === '--version' || command === '-v') { L49: const pkg = require(path.join(__dirname, '..', 'package.json')); L50: console.log(`${CLI_CMD} version: ${pkg.version}`); ... L788: let primaryEngine = 'claude'; L789: const isInteractive = process.stdout.isTTY; L790:
Critical
Trigger Reachable Dangerous Capability

A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.

bin/imhcode.jsView on unpkg · L23
21L22: const fs = require('fs'); L23: const path = require('path');
Medium
Dynamic Require

Package source references dynamic require/import behavior.

bin/imhcode.jsView on unpkg · L21
skills/ui-ux-pro-max/.claude/skills/design/scripts/cip/generate.pyView file
path = skills/ui-ux-pro-max/.[redacted].py kind = payload_in_excluded_dir sizeBytes = 19430 magicHex = [redacted]
High
Payload In Excluded Dir

Package hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.

skills/ui-ux-pro-max/.claude/skills/design/scripts/cip/generate.pyView on unpkg
path = skills/ui-ux-pro-max/.[redacted].py kind = build_helper sizeBytes = 19430 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

skills/ui-ux-pro-max/.claude/skills/design/scripts/cip/generate.pyView on unpkg
skills/theme-factory/theme-showcase.pdfView file
path = skills/theme-factory/theme-showcase.pdf kind = high_entropy_blob sizeBytes = 124310 magicHex = [redacted]
High
Ships High Entropy Blob

Package ships high-entropy non-source blobs.

skills/theme-factory/theme-showcase.pdfView on unpkg
skills/graphify/skill-windows.mdView file
681patternName = generic_password severity = medium line = 681 matchedText = result =...ies)
Medium
Secret Pattern

Hardcoded password in skills/graphify/skill-windows.md

skills/graphify/skill-windows.mdView on unpkg · L681
skills/graphify/skill-trae.mdView file
592patternName = generic_password severity = medium line = 592 matchedText = result =...ies)
Medium
Secret Pattern

Hardcoded password in skills/graphify/skill-trae.md

skills/graphify/skill-trae.mdView on unpkg · L592
skills/graphify/skill-pi.mdView file
543patternName = generic_password severity = medium line = 543 matchedText = result =...ies)
Medium
Secret Pattern

Hardcoded password in skills/graphify/skill-pi.md

skills/graphify/skill-pi.mdView on unpkg · L543
skills/graphify/skill-codex.mdView file
605patternName = generic_password severity = medium line = 605 matchedText = result =...ies)
Medium
Secret Pattern

Hardcoded password in skills/graphify/skill-codex.md

skills/graphify/skill-codex.mdView on unpkg · L605
skills/graphify/skill-kiro.mdView file
543patternName = generic_password severity = medium line = 543 matchedText = result =...ies)
Medium
Secret Pattern

Hardcoded password in skills/graphify/skill-kiro.md

skills/graphify/skill-kiro.mdView on unpkg · L543
skills/graphify/skill-copilot.mdView file
603patternName = generic_password severity = medium line = 603 matchedText = result =...ies)
Medium
Secret Pattern

Hardcoded password in skills/graphify/skill-copilot.md

skills/graphify/skill-copilot.mdView on unpkg · L603
skills/graphify/skill-opencode.mdView file
655patternName = generic_password severity = medium line = 655 matchedText = result =...ies)
Medium
Secret Pattern

Hardcoded password in skills/graphify/skill-opencode.md

skills/graphify/skill-opencode.mdView on unpkg · L655
skills/graphify/skill-aider.mdView file
544patternName = generic_password severity = medium line = 544 matchedText = result =...ies)
Medium
Secret Pattern

Hardcoded password in skills/graphify/skill-aider.md

skills/graphify/skill-aider.mdView on unpkg · L544
skills/graphify/skill-claw.mdView file
544patternName = generic_password severity = medium line = 544 matchedText = result =...ies)
Medium
Secret Pattern

Hardcoded password in skills/graphify/skill-claw.md

skills/graphify/skill-claw.mdView on unpkg · L544
skills/graphify/skill-droid.mdView file
600patternName = generic_password severity = medium line = 600 matchedText = result =...ies)
Medium
Secret Pattern

Hardcoded password in skills/graphify/skill-droid.md

skills/graphify/skill-droid.mdView on unpkg · L600
skills/django-tdd/SKILL.mdView file
25patternName = generic_password severity = medium line = 25 matchedText = user = U...23')
Medium
Secret Pattern

Hardcoded password in skills/django-tdd/SKILL.md

skills/django-tdd/SKILL.mdView on unpkg · L25
117patternName = generic_password severity = medium line = 117 matchedText = password...23',
Medium
Secret Pattern

Hardcoded password in skills/django-tdd/SKILL.md

skills/django-tdd/SKILL.mdView on unpkg · L117
126patternName = generic_password severity = medium line = 126 matchedText = password...23',
Medium
Secret Pattern

Hardcoded password in skills/django-tdd/SKILL.md

skills/django-tdd/SKILL.mdView on unpkg · L126

Findings

2 Critical2 High17 Medium5 Low
CriticalPersistence Backdoorbin/imhcode.js
CriticalTrigger Reachable Dangerous Capabilitybin/imhcode.js
HighShips High Entropy Blobskills/theme-factory/theme-showcase.pdf
HighPayload In Excluded Dirskills/ui-ux-pro-max/.claude/skills/design/scripts/cip/generate.py
MediumDynamic Requirebin/imhcode.js
MediumNetwork
MediumShips Build Helperskills/ui-ux-pro-max/.claude/skills/design/scripts/cip/generate.py
MediumStructural Risk Force Deep Review
MediumSecret Patternskills/graphify/skill-windows.md
MediumSecret Patternskills/graphify/skill-trae.md
MediumSecret Patternskills/graphify/skill-pi.md
MediumSecret Patternskills/graphify/skill-codex.md
MediumSecret Patternskills/graphify/skill-kiro.md
MediumSecret Patternskills/graphify/skill-copilot.md
MediumSecret Patternskills/graphify/skill-opencode.md
MediumSecret Patternskills/graphify/skill-aider.md
MediumSecret Patternskills/graphify/skill-claw.md
MediumSecret Patternskills/graphify/skill-droid.md
MediumSecret Patternskills/django-tdd/SKILL.md
MediumSecret Patternskills/django-tdd/SKILL.md
MediumSecret Patternskills/django-tdd/SKILL.md
LowScripts Present
LowEvalskills/typeui-main/src/prompts/designSystem.ts
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings