registry  /  imhcode  /  1.0.3

imhcode@1.0.3

IMH-Code — Imam Hussain Coding Harness Platform. A fast-first multi-agent AI coding framework with intelligent model routing. 19 generic role-based agents (planner, nextjs-executor, laravel-executor, etc.), configurable testing strategy, and 7 token-savin

AI Security Review

scanned 19m ago · by lpm-firewall-ai

No confirmed install-time malware was found, but the user-invoked CLI mutates broad AI-agent control surfaces and can launch local agents with disabled permission/sandbox flags. This is a dangerous agent platform capability rather than a silent npm lifecycle hijack.

Static reason
High-risk behavior combination matched malicious policy.; previous stored version diff introduced dangerous source
Trigger
User runs imhcode, imhcode execute/test, or imhcode agent run --live.
Impact
Can install package-supplied agent instructions/skills into home assistant directories and run generated tasks through local AI CLIs with reduced safeguards.
Mechanism
user-invoked global assistant config writes and privileged local agent CLI spawning
Attack narrative
Running the CLI initializer copies package-controlled instructions and skills into several home-directory assistant configs and installs command shims/PATH edits. Later execute/test flows run generated shell scripts that call live AI CLIs, including adapters that disable OpenCode/Codex permissions or sandboxing. Because this is explicit CLI use and not an npm lifecycle hook, it is not a publish-blocking control-surface hijack, but it is real agent-facing risk.
Rationale
Static inspection found no install-time execution or exfiltration, but did confirm user-invoked writes to broad assistant control surfaces and live agent execution with bypass flags. This warrants a warning rather than a block under the provided policy.
Evidence
package.jsonbin/imhcode.jssrc/orchestrator/executor.tsdist/orchestrator/executor.js~/.imhcode/~/.claude/CLAUDE.md~/.claude/AGENTS.md~/.claude/skills/~/.gemini/CLAUDE.md~/.gemini/AGENTS.md~/.gemini/skills/~/.copilot/CLAUDE.md~/.copilot/AGENTS.md~/.copilot/skills/~/.local/bin/imhcode~/.zshrc~/.bashrc~/.bash_profile~/.profiledocs/
Network endpoints3
github.com/goharabbas321/imhcode.gitgithub.com/goharabbas321/imhcode#readmegithub.com/goharabbas321/imhcode/issues

Decision evidence

public snapshot
AI called this Suspicious at 91.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • bin/imhcode.js default init copies package CLAUDE.md, AGENTS.md, and full skills/ into ~/.claude, ~/.gemini, and ~/.copilot.
  • bin/imhcode.js overwrites ~/.imhcode agents/skills/docs and installs shims in ~/.imhcode/bin and ~/.local/bin, with shell rc PATH edits.
  • bin/imhcode.js ensureCavemanAndGraphify may run npm install -g skills and npx skills add juliusbrussee/caveman during init.
  • src/orchestrator/executor.ts live adapters spawn local AI CLIs; OpenCode uses --dangerously-skip-permissions and Codex uses --dangerously-bypass-approvals-and-sandbox.
  • Generated sprint scripts execute imhcode agent run ... --live via shell when user runs imhcode execute/test.
Evidence against
  • package.json has no preinstall/install/postinstall lifecycle hooks, so behavior is not npm-install triggered.
  • The broad writes are reached by the user-invoked imhcode initializer, not import-time execution.
  • No credential harvesting, secret scanning, or data exfiltration path was found in inspected entrypoints.
  • Network activity is package-aligned tooling/model setup or bundled skill utilities, not silent exfiltration.
  • Shell execution primarily runs generated project sprint/test scripts or selected local AI CLIs after explicit CLI commands.
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEvalFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 57 file(s), 415 KB of source, external domains: api.github.com, example.com, fonts.google.com, github.com, raw.githubusercontent.com, www.typeui.sh

Source & flagged code

22 flagged · loading source
skills/typeui-main/src/prompts/designSystem.tsView file
18async function loadInquirer(): Promise<InquirerModule["default"]> { L19: const dynamicImport = new Function( L20: "specifier",
Low
Eval

Package source references a known benign dynamic code generation pattern.

skills/typeui-main/src/prompts/designSystem.tsView on unpkg · L18
bin/imhcode.jsView file
24const path = require('path'); L25: const { execSync, spawnSync } = require('child_process'); L26: const os = require('os'); ... L34: const CONFIG_FILE = 'imhcode.config.json'; L35: const GLOBAL_DIR = path.join(os.homedir(), '.imhcode'); L36: const LOCAL_DIR_NAME = '.imhcode'; ... L49: if (command === '--version' || command === '-v') { L50: const pkg = require(path.join(__dirname, '..', 'package.json')); L51: console.log(`${CLI_CMD} version: ${pkg.version}`); ... L482: # 3. Run development server L483: ${stack.includes('Next.js') ? 'cd frontend && npm run dev # → http://localhost:3000' : ''} L484: ${stack.includes('Vue 3 / Nuxt 4') ? 'cd frontend && npm run dev # → http://localhost:3000' : ''}
Critical
Persistence Backdoor

Source writes persistence or remote-access backdoor material.

bin/imhcode.jsView on unpkg · L24
24Trigger-reachable chain: manifest.bin -> bin/imhcode.js L24: const path = require('path'); L25: const { execSync, spawnSync } = require('child_process'); L26: const os = require('os'); ... L34: const CONFIG_FILE = 'imhcode.config.json'; L35: const GLOBAL_DIR = path.join(os.homedir(), '.imhcode'); L36: const LOCAL_DIR_NAME = '.imhcode'; ... L49: if (command === '--version' || command === '-v') { L50: const pkg = require(path.join(__dirname, '..', 'package.json')); L51: console.log(`${CLI_CMD} version: ${pkg.version}`); ... L482: # 3. Run development server L483: ${stack.includes('Next.js') ? 'cd frontend && npm run dev # → http://localhost:3000' : ''} L484: ${stack.includes('Vue 3 / Nuxt 4') ? 'cd frontend && npm run dev # → http://localhost:3000' : ''}
Critical
Trigger Reachable Dangerous Capability

A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.

bin/imhcode.jsView on unpkg · L24
matchType = previous_version_dangerous_delta matchedPackage = imhcode@1.0.0 matchedIdentity = npm:aW1oY29kZQ:1.0.0 similarity = 0.982 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

bin/imhcode.jsView on unpkg
24Manifest entrypoint (manifest.bin) carries capability families absent from dist/build output: sensitive-file+network, execution+network L24: const path = require('path'); L25: const { execSync, spawnSync } = require('child_process'); L26: const os = require('os'); ... L34: const CONFIG_FILE = 'imhcode.config.json'; L35: const GLOBAL_DIR = path.join(os.homedir(), '.imhcode'); L36: const LOCAL_DIR_NAME = '.imhcode'; ... L49: if (command === '--version' || command === '-v') { L50: const pkg = require(path.join(__dirname, '..', 'package.json')); L51: console.log(`${CLI_CMD} version: ${pkg.version}`); ... L482: # 3. Run development server L483: ${stack.includes('Next.js') ? 'cd frontend && npm run dev # → http://localhost:3000' : ''} L484: ${stack.includes('Vue 3 / Nuxt 4') ? 'cd frontend && npm run dev # → http://localhost:3000' : ''}
High
Entrypoint Build Divergence

Manifest entrypoint contains risky behavior absent from dist/build output.

bin/imhcode.jsView on unpkg · L24
22L23: const fs = require('fs'); L24: const path = require('path');
Medium
Dynamic Require

Package source references dynamic require/import behavior.

bin/imhcode.jsView on unpkg · L22
skills/ui-ux-pro-max/.claude/skills/design/scripts/cip/generate.pyView file
path = skills/ui-ux-pro-max/.[redacted].py kind = payload_in_excluded_dir sizeBytes = 19430 magicHex = [redacted]
High
Payload In Excluded Dir

Package hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.

skills/ui-ux-pro-max/.claude/skills/design/scripts/cip/generate.pyView on unpkg
path = skills/ui-ux-pro-max/.[redacted].py kind = build_helper sizeBytes = 19430 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

skills/ui-ux-pro-max/.claude/skills/design/scripts/cip/generate.pyView on unpkg
skills/theme-factory/theme-showcase.pdfView file
path = skills/theme-factory/theme-showcase.pdf kind = high_entropy_blob sizeBytes = 124310 magicHex = [redacted]
High
Ships High Entropy Blob

Package ships high-entropy non-source blobs.

skills/theme-factory/theme-showcase.pdfView on unpkg
skills/graphify/skill-windows.mdView file
681patternName = generic_password severity = medium line = 681 matchedText = result =...ies)
Medium
Secret Pattern

Hardcoded password in skills/graphify/skill-windows.md

skills/graphify/skill-windows.mdView on unpkg · L681
skills/graphify/skill-trae.mdView file
592patternName = generic_password severity = medium line = 592 matchedText = result =...ies)
Medium
Secret Pattern

Hardcoded password in skills/graphify/skill-trae.md

skills/graphify/skill-trae.mdView on unpkg · L592
skills/graphify/skill-pi.mdView file
543patternName = generic_password severity = medium line = 543 matchedText = result =...ies)
Medium
Secret Pattern

Hardcoded password in skills/graphify/skill-pi.md

skills/graphify/skill-pi.mdView on unpkg · L543
skills/graphify/skill-codex.mdView file
605patternName = generic_password severity = medium line = 605 matchedText = result =...ies)
Medium
Secret Pattern

Hardcoded password in skills/graphify/skill-codex.md

skills/graphify/skill-codex.mdView on unpkg · L605
skills/graphify/skill-kiro.mdView file
543patternName = generic_password severity = medium line = 543 matchedText = result =...ies)
Medium
Secret Pattern

Hardcoded password in skills/graphify/skill-kiro.md

skills/graphify/skill-kiro.mdView on unpkg · L543
skills/graphify/skill-copilot.mdView file
603patternName = generic_password severity = medium line = 603 matchedText = result =...ies)
Medium
Secret Pattern

Hardcoded password in skills/graphify/skill-copilot.md

skills/graphify/skill-copilot.mdView on unpkg · L603
skills/graphify/skill-opencode.mdView file
655patternName = generic_password severity = medium line = 655 matchedText = result =...ies)
Medium
Secret Pattern

Hardcoded password in skills/graphify/skill-opencode.md

skills/graphify/skill-opencode.mdView on unpkg · L655
skills/graphify/skill-aider.mdView file
544patternName = generic_password severity = medium line = 544 matchedText = result =...ies)
Medium
Secret Pattern

Hardcoded password in skills/graphify/skill-aider.md

skills/graphify/skill-aider.mdView on unpkg · L544
skills/graphify/skill-claw.mdView file
544patternName = generic_password severity = medium line = 544 matchedText = result =...ies)
Medium
Secret Pattern

Hardcoded password in skills/graphify/skill-claw.md

skills/graphify/skill-claw.mdView on unpkg · L544
skills/graphify/skill-droid.mdView file
600patternName = generic_password severity = medium line = 600 matchedText = result =...ies)
Medium
Secret Pattern

Hardcoded password in skills/graphify/skill-droid.md

skills/graphify/skill-droid.mdView on unpkg · L600
skills/django-tdd/SKILL.mdView file
25patternName = generic_password severity = medium line = 25 matchedText = user = U...23')
Medium
Secret Pattern

Hardcoded password in skills/django-tdd/SKILL.md

skills/django-tdd/SKILL.mdView on unpkg · L25
117patternName = generic_password severity = medium line = 117 matchedText = password...23',
Medium
Secret Pattern

Hardcoded password in skills/django-tdd/SKILL.md

skills/django-tdd/SKILL.mdView on unpkg · L117
126patternName = generic_password severity = medium line = 126 matchedText = password...23',
Medium
Secret Pattern

Hardcoded password in skills/django-tdd/SKILL.md

skills/django-tdd/SKILL.mdView on unpkg · L126

Findings

3 Critical3 High17 Medium5 Low
CriticalPersistence Backdoorbin/imhcode.js
CriticalTrigger Reachable Dangerous Capabilitybin/imhcode.js
CriticalPrevious Version Dangerous Deltabin/imhcode.js
HighEntrypoint Build Divergencebin/imhcode.js
HighShips High Entropy Blobskills/theme-factory/theme-showcase.pdf
HighPayload In Excluded Dirskills/ui-ux-pro-max/.claude/skills/design/scripts/cip/generate.py
MediumDynamic Requirebin/imhcode.js
MediumNetwork
MediumShips Build Helperskills/ui-ux-pro-max/.claude/skills/design/scripts/cip/generate.py
MediumStructural Risk Force Deep Review
MediumSecret Patternskills/graphify/skill-windows.md
MediumSecret Patternskills/graphify/skill-trae.md
MediumSecret Patternskills/graphify/skill-pi.md
MediumSecret Patternskills/graphify/skill-codex.md
MediumSecret Patternskills/graphify/skill-kiro.md
MediumSecret Patternskills/graphify/skill-copilot.md
MediumSecret Patternskills/graphify/skill-opencode.md
MediumSecret Patternskills/graphify/skill-aider.md
MediumSecret Patternskills/graphify/skill-claw.md
MediumSecret Patternskills/graphify/skill-droid.md
MediumSecret Patternskills/django-tdd/SKILL.md
MediumSecret Patternskills/django-tdd/SKILL.md
MediumSecret Patternskills/django-tdd/SKILL.md
LowScripts Present
LowEvalskills/typeui-main/src/prompts/designSystem.ts
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings