registry  /  imhcode  /  1.0.1

imhcode@1.0.1

IMH-Code — Imam Hussain Coding Harness Platform. A fast-first multi-agent AI coding framework with intelligent model routing. 19 generic role-based agents (planner, nextjs-executor, laravel-executor, etc.), configurable testing strategy, and 7 token-savin

AI Security Review

scanned 24m ago · by lpm-firewall-ai

LPM blocks this version under the AI-agent control-surface policy. The default CLI initialization mutates broad home-level AI assistant control surfaces and shell startup configuration. It also configures live agent execution paths that bypass assistant permission/sandbox prompts.

Static reason
High-risk behavior combination matched malicious policy.; previous stored version diff introduced dangerous source
Trigger
User runs the imhcode CLI with no command, or later runs live agent execution.
Impact
Package-supplied instructions and skills can affect Claude/Gemini/Copilot behavior globally; live execution can run Codex/OpenCode with approval and sandbox protections disabled.
Mechanism
unprompted global AI-agent instruction/skill installation plus permission-bypass agent launcher
Policy narrative
Running the CLI default initializer installs package-controlled agent rules and skills into multiple home-level assistant directories, deleting any existing skills directory first. It also persists command shims through shell PATH changes and includes live execution adapters that invoke Codex/OpenCode with approval and sandbox bypass flags.
Rationale
Although there is no npm lifecycle hook, the package's primary bin command performs unprompted broad AI-agent control-surface mutation and persistence-like shell startup changes, then supports permission-bypassed agent execution. That is concrete dangerous behavior in the package entrypoint, not just noisy scanner output.
Evidence
package.jsonbin/imhcode.jssrc/orchestrator/executor.tsdist/orchestrator/executor.js~/.imhcode/AGENTS.md~/.imhcode/CLAUDE.md~/.imhcode/skills~/.claude/CLAUDE.md~/.claude/AGENTS.md~/.claude/skills~/.gemini/CLAUDE.md~/.gemini/AGENTS.md~/.gemini/skills~/.copilot/CLAUDE.md~/.copilot/AGENTS.md~/.copilot/skills~/.local/bin/imhcode~/.imhcode/bin/imhcode~/.zshrc~/.bashrc
Network endpoints3
github.com/goharabbas321/imhcode.gitgithub.com/goharabbas321/imhcode#readmegithub.com/goharabbas321/imhcode/issues

Decision evidence

public snapshot
AI called this Malicious at 92.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for policy block
  • bin/imhcode.js default runInit copies package CLAUDE.md, AGENTS.md, and skills into ~/.claude, ~/.gemini, and ~/.copilot without a separate opt-in prompt.
  • bin/imhcode.js overwrites/removes existing assistant skills directories via rmRecursiveSync(skillsDest) before copying package skills.
  • bin/imhcode.js appends PATH exports to shell startup files and installs shims in ~/.local/bin and ~/.imhcode/bin.
  • bin/imhcode.js runs npm install -g skills and npx skills add juliusbrussee/caveman during init.
  • src/orchestrator/executor.ts launches opencode with --dangerously-skip-permissions and codex with --dangerously-bypass-approvals-and-sandbox for live agent execution.
  • package.json has no lifecycle scripts; activation is via the imhcode bin/default CLI path, not npm install hooks.
Evidence against
  • No package.json preinstall/postinstall/prepare lifecycle hook found.
  • No credential harvesting or explicit secret exfiltration found in inspected entrypoints.
  • Network references are mostly documentation/repository URLs or user-invoked CLI/package-manager operations.
  • The package is clearly positioned as an AI coding orchestration framework, so agent files are package-aligned in purpose.
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEvalFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 57 file(s), 415 KB of source, external domains: api.github.com, example.com, fonts.google.com, github.com, raw.githubusercontent.com, www.typeui.sh

Source & flagged code

22 flagged · loading source
skills/typeui-main/src/prompts/designSystem.tsView file
18async function loadInquirer(): Promise<InquirerModule["default"]> { L19: const dynamicImport = new Function( L20: "specifier",
Low
Eval

Package source references a known benign dynamic code generation pattern.

skills/typeui-main/src/prompts/designSystem.tsView on unpkg · L18
bin/imhcode.jsView file
24const path = require('path'); L25: const { execSync, spawnSync } = require('child_process'); L26: const os = require('os'); ... L34: const CONFIG_FILE = 'imhcode.config.json'; L35: const GLOBAL_DIR = path.join(os.homedir(), '.imhcode'); L36: const LOCAL_DIR_NAME = '.imhcode'; ... L49: if (command === '--version' || command === '-v') { L50: const pkg = require(path.join(__dirname, '..', 'package.json')); L51: console.log(`${CLI_CMD} version: ${pkg.version}`); ... L482: # 3. Run development server L483: ${stack.includes('Next.js') ? 'cd frontend && npm run dev # → http://localhost:3000' : ''} L484: ${stack.includes('Vue 3 / Nuxt 4') ? 'cd frontend && npm run dev # → http://localhost:3000' : ''}
Critical
Persistence Backdoor

Source writes persistence or remote-access backdoor material.

bin/imhcode.jsView on unpkg · L24
24Trigger-reachable chain: manifest.bin -> bin/imhcode.js L24: const path = require('path'); L25: const { execSync, spawnSync } = require('child_process'); L26: const os = require('os'); ... L34: const CONFIG_FILE = 'imhcode.config.json'; L35: const GLOBAL_DIR = path.join(os.homedir(), '.imhcode'); L36: const LOCAL_DIR_NAME = '.imhcode'; ... L49: if (command === '--version' || command === '-v') { L50: const pkg = require(path.join(__dirname, '..', 'package.json')); L51: console.log(`${CLI_CMD} version: ${pkg.version}`); ... L482: # 3. Run development server L483: ${stack.includes('Next.js') ? 'cd frontend && npm run dev # → http://localhost:3000' : ''} L484: ${stack.includes('Vue 3 / Nuxt 4') ? 'cd frontend && npm run dev # → http://localhost:3000' : ''}
Critical
Trigger Reachable Dangerous Capability

A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.

bin/imhcode.jsView on unpkg · L24
matchType = previous_version_dangerous_delta matchedPackage = imhcode@1.0.0 matchedIdentity = npm:aW1oY29kZQ:1.0.0 similarity = 0.982 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

bin/imhcode.jsView on unpkg
24Manifest entrypoint (manifest.bin) carries capability families absent from dist/build output: sensitive-file+network, execution+network L24: const path = require('path'); L25: const { execSync, spawnSync } = require('child_process'); L26: const os = require('os'); ... L34: const CONFIG_FILE = 'imhcode.config.json'; L35: const GLOBAL_DIR = path.join(os.homedir(), '.imhcode'); L36: const LOCAL_DIR_NAME = '.imhcode'; ... L49: if (command === '--version' || command === '-v') { L50: const pkg = require(path.join(__dirname, '..', 'package.json')); L51: console.log(`${CLI_CMD} version: ${pkg.version}`); ... L482: # 3. Run development server L483: ${stack.includes('Next.js') ? 'cd frontend && npm run dev # → http://localhost:3000' : ''} L484: ${stack.includes('Vue 3 / Nuxt 4') ? 'cd frontend && npm run dev # → http://localhost:3000' : ''}
High
Entrypoint Build Divergence

Manifest entrypoint contains risky behavior absent from dist/build output.

bin/imhcode.jsView on unpkg · L24
22L23: const fs = require('fs'); L24: const path = require('path');
Medium
Dynamic Require

Package source references dynamic require/import behavior.

bin/imhcode.jsView on unpkg · L22
skills/ui-ux-pro-max/.claude/skills/design/scripts/cip/generate.pyView file
path = skills/ui-ux-pro-max/.[redacted].py kind = payload_in_excluded_dir sizeBytes = 19430 magicHex = [redacted]
High
Payload In Excluded Dir

Package hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.

skills/ui-ux-pro-max/.claude/skills/design/scripts/cip/generate.pyView on unpkg
path = skills/ui-ux-pro-max/.[redacted].py kind = build_helper sizeBytes = 19430 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

skills/ui-ux-pro-max/.claude/skills/design/scripts/cip/generate.pyView on unpkg
skills/theme-factory/theme-showcase.pdfView file
path = skills/theme-factory/theme-showcase.pdf kind = high_entropy_blob sizeBytes = 124310 magicHex = [redacted]
High
Ships High Entropy Blob

Package ships high-entropy non-source blobs.

skills/theme-factory/theme-showcase.pdfView on unpkg
skills/graphify/skill-windows.mdView file
681patternName = generic_password severity = medium line = 681 matchedText = result =...ies)
Medium
Secret Pattern

Hardcoded password in skills/graphify/skill-windows.md

skills/graphify/skill-windows.mdView on unpkg · L681
skills/graphify/skill-trae.mdView file
592patternName = generic_password severity = medium line = 592 matchedText = result =...ies)
Medium
Secret Pattern

Hardcoded password in skills/graphify/skill-trae.md

skills/graphify/skill-trae.mdView on unpkg · L592
skills/graphify/skill-pi.mdView file
543patternName = generic_password severity = medium line = 543 matchedText = result =...ies)
Medium
Secret Pattern

Hardcoded password in skills/graphify/skill-pi.md

skills/graphify/skill-pi.mdView on unpkg · L543
skills/graphify/skill-codex.mdView file
605patternName = generic_password severity = medium line = 605 matchedText = result =...ies)
Medium
Secret Pattern

Hardcoded password in skills/graphify/skill-codex.md

skills/graphify/skill-codex.mdView on unpkg · L605
skills/graphify/skill-kiro.mdView file
543patternName = generic_password severity = medium line = 543 matchedText = result =...ies)
Medium
Secret Pattern

Hardcoded password in skills/graphify/skill-kiro.md

skills/graphify/skill-kiro.mdView on unpkg · L543
skills/graphify/skill-copilot.mdView file
603patternName = generic_password severity = medium line = 603 matchedText = result =...ies)
Medium
Secret Pattern

Hardcoded password in skills/graphify/skill-copilot.md

skills/graphify/skill-copilot.mdView on unpkg · L603
skills/graphify/skill-opencode.mdView file
655patternName = generic_password severity = medium line = 655 matchedText = result =...ies)
Medium
Secret Pattern

Hardcoded password in skills/graphify/skill-opencode.md

skills/graphify/skill-opencode.mdView on unpkg · L655
skills/graphify/skill-aider.mdView file
544patternName = generic_password severity = medium line = 544 matchedText = result =...ies)
Medium
Secret Pattern

Hardcoded password in skills/graphify/skill-aider.md

skills/graphify/skill-aider.mdView on unpkg · L544
skills/graphify/skill-claw.mdView file
544patternName = generic_password severity = medium line = 544 matchedText = result =...ies)
Medium
Secret Pattern

Hardcoded password in skills/graphify/skill-claw.md

skills/graphify/skill-claw.mdView on unpkg · L544
skills/graphify/skill-droid.mdView file
600patternName = generic_password severity = medium line = 600 matchedText = result =...ies)
Medium
Secret Pattern

Hardcoded password in skills/graphify/skill-droid.md

skills/graphify/skill-droid.mdView on unpkg · L600
skills/django-tdd/SKILL.mdView file
25patternName = generic_password severity = medium line = 25 matchedText = user = U...23')
Medium
Secret Pattern

Hardcoded password in skills/django-tdd/SKILL.md

skills/django-tdd/SKILL.mdView on unpkg · L25
117patternName = generic_password severity = medium line = 117 matchedText = password...23',
Medium
Secret Pattern

Hardcoded password in skills/django-tdd/SKILL.md

skills/django-tdd/SKILL.mdView on unpkg · L117
126patternName = generic_password severity = medium line = 126 matchedText = password...23',
Medium
Secret Pattern

Hardcoded password in skills/django-tdd/SKILL.md

skills/django-tdd/SKILL.mdView on unpkg · L126

Findings

3 Critical3 High17 Medium5 Low
CriticalPersistence Backdoorbin/imhcode.js
CriticalTrigger Reachable Dangerous Capabilitybin/imhcode.js
CriticalPrevious Version Dangerous Deltabin/imhcode.js
HighEntrypoint Build Divergencebin/imhcode.js
HighShips High Entropy Blobskills/theme-factory/theme-showcase.pdf
HighPayload In Excluded Dirskills/ui-ux-pro-max/.claude/skills/design/scripts/cip/generate.py
MediumDynamic Requirebin/imhcode.js
MediumNetwork
MediumShips Build Helperskills/ui-ux-pro-max/.claude/skills/design/scripts/cip/generate.py
MediumStructural Risk Force Deep Review
MediumSecret Patternskills/graphify/skill-windows.md
MediumSecret Patternskills/graphify/skill-trae.md
MediumSecret Patternskills/graphify/skill-pi.md
MediumSecret Patternskills/graphify/skill-codex.md
MediumSecret Patternskills/graphify/skill-kiro.md
MediumSecret Patternskills/graphify/skill-copilot.md
MediumSecret Patternskills/graphify/skill-opencode.md
MediumSecret Patternskills/graphify/skill-aider.md
MediumSecret Patternskills/graphify/skill-claw.md
MediumSecret Patternskills/graphify/skill-droid.md
MediumSecret Patternskills/django-tdd/SKILL.md
MediumSecret Patternskills/django-tdd/SKILL.md
MediumSecret Patternskills/django-tdd/SKILL.md
LowScripts Present
LowEvalskills/typeui-main/src/prompts/designSystem.ts
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings