registry  /  imhcode  /  1.0.4

imhcode@1.0.4

IMH-Code — Imam Hussain Coding Harness Platform. A fast-first multi-agent AI coding framework with intelligent model routing. 19 generic role-based agents (planner, nextjs-executor, laravel-executor, etc.), configurable testing strategy, and 7 token-savin

AI Security Review

scanned 17m ago · by lpm-firewall-ai

LPM blocks this version under the AI-agent control-surface policy. The package CLI initializes by persistently rewriting global AI assistant control surfaces and shell startup configuration. It also installs external tooling and configures agent execution paths that can bypass permissions in supported CLIs.

Static reason
High-risk behavior combination matched malicious policy.; previous stored version diff introduced dangerous source
Trigger
User runs the imhcode binary with no subcommand
Impact
Package-supplied instructions and skills can affect future Claude/Gemini/Copilot sessions outside the current project, with PATH persistence and permission-bypass execution modes available for live agent runs.
Mechanism
Unprompted global assistant configuration and persistent shell/agent setup
Policy narrative
Running the package CLI without arguments performs initialization that overwrites global Claude, Gemini, and Copilot configuration files and skills with package-supplied agent instructions, removes existing skills directories, modifies shell startup PATH, and runs global npm/npx installation commands. This gives the package persistent influence over broad AI-agent control surfaces beyond a single project.
Rationale
Source inspection confirms unconsented persistent mutation of broad/foreign AI-agent control surfaces from the package entrypoint, plus shell persistence and dangerous permission-bypass agent execution modes. Although not an npm lifecycle hook and no data exfiltration was found, the global assistant-control overwrite is concrete blockable behavior under the firewall policy.
Evidence
package.jsonbin/imhcode.jsAGENTS.mdCLAUDE.mdsrc/orchestrator/executor.tsdist/orchestrator/executor.js~/.imhcode/~/.claude/CLAUDE.md~/.claude/AGENTS.md~/.claude/skills~/.gemini/CLAUDE.md~/.gemini/AGENTS.md~/.gemini/skills~/.copilot/CLAUDE.md~/.copilot/AGENTS.md~/.copilot/skills~/.local/bin/imhcode~/.zshrc~/.bashrc~/.bash_profile~/.profile

Decision evidence

public snapshot
AI called this Malicious at 94.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for policy block
  • bin/imhcode.js default entry runs runInit() when no command is supplied
  • runInit() copies package CLAUDE.md, AGENTS.md, and skills/ into ~/.claude, ~/.gemini, and ~/.copilot
  • runInit() removes existing assistant skills directories before copying package skills
  • registerCliGlobally() writes shims to ~/.imhcode/bin and ~/.local/bin and appends PATH changes to shell rc files
  • ensureCavemanAndGraphify() runs npm install -g skills and npx skills add during init
  • src/dist executor adapters use opencode --dangerously-skip-permissions and codex --dangerously-bypass-approvals-and-sandbox for live runs
Evidence against
  • package.json has no npm lifecycle install hooks
  • No credential harvesting or exfiltration logic found in reviewed entrypoints
  • Network activity is mostly package-manager/CLI installation invoked from init
  • Primary behavior is an AI coding orchestration framework with bundled agents and skills
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEvalFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 57 file(s), 423 KB of source, external domains: api.github.com, example.com, fonts.google.com, github.com, raw.githubusercontent.com, www.typeui.sh

Source & flagged code

22 flagged · loading source
skills/typeui-main/src/prompts/designSystem.tsView file
18async function loadInquirer(): Promise<InquirerModule["default"]> { L19: const dynamicImport = new Function( L20: "specifier",
Low
Eval

Package source references a known benign dynamic code generation pattern.

skills/typeui-main/src/prompts/designSystem.tsView on unpkg · L18
bin/imhcode.jsView file
24const path = require('path'); L25: const { execSync, spawnSync } = require('child_process'); L26: const os = require('os'); ... L34: const CONFIG_FILE = 'imhcode.config.json'; L35: const GLOBAL_DIR = path.join(os.homedir(), '.imhcode'); L36: const LOCAL_DIR_NAME = '.imhcode'; ... L49: if (command === '--version' || command === '-v') { L50: const pkg = require(path.join(__dirname, '..', 'package.json')); L51: console.log(`${CLI_CMD} version: ${pkg.version}`); ... L483: # 3. Run development server L484: ${stack.includes('Next.js') ? 'cd frontend && npm run dev # → http://localhost:3000' : ''} L485: ${stack.includes('Vue 3 / Nuxt 4') ? 'cd frontend && npm run dev # → http://localhost:3000' : ''}
Critical
Persistence Backdoor

Source writes persistence or remote-access backdoor material.

bin/imhcode.jsView on unpkg · L24
24Trigger-reachable chain: manifest.bin -> bin/imhcode.js L24: const path = require('path'); L25: const { execSync, spawnSync } = require('child_process'); L26: const os = require('os'); ... L34: const CONFIG_FILE = 'imhcode.config.json'; L35: const GLOBAL_DIR = path.join(os.homedir(), '.imhcode'); L36: const LOCAL_DIR_NAME = '.imhcode'; ... L49: if (command === '--version' || command === '-v') { L50: const pkg = require(path.join(__dirname, '..', 'package.json')); L51: console.log(`${CLI_CMD} version: ${pkg.version}`); ... L483: # 3. Run development server L484: ${stack.includes('Next.js') ? 'cd frontend && npm run dev # → http://localhost:3000' : ''} L485: ${stack.includes('Vue 3 / Nuxt 4') ? 'cd frontend && npm run dev # → http://localhost:3000' : ''}
Critical
Trigger Reachable Dangerous Capability

A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.

bin/imhcode.jsView on unpkg · L24
matchType = previous_version_dangerous_delta matchedPackage = imhcode@1.0.0 matchedIdentity = npm:aW1oY29kZQ:1.0.0 similarity = 0.982 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

bin/imhcode.jsView on unpkg
24Manifest entrypoint (manifest.bin) carries capability families absent from dist/build output: sensitive-file+network, execution+network L24: const path = require('path'); L25: const { execSync, spawnSync } = require('child_process'); L26: const os = require('os'); ... L34: const CONFIG_FILE = 'imhcode.config.json'; L35: const GLOBAL_DIR = path.join(os.homedir(), '.imhcode'); L36: const LOCAL_DIR_NAME = '.imhcode'; ... L49: if (command === '--version' || command === '-v') { L50: const pkg = require(path.join(__dirname, '..', 'package.json')); L51: console.log(`${CLI_CMD} version: ${pkg.version}`); ... L483: # 3. Run development server L484: ${stack.includes('Next.js') ? 'cd frontend && npm run dev # → http://localhost:3000' : ''} L485: ${stack.includes('Vue 3 / Nuxt 4') ? 'cd frontend && npm run dev # → http://localhost:3000' : ''}
High
Entrypoint Build Divergence

Manifest entrypoint contains risky behavior absent from dist/build output.

bin/imhcode.jsView on unpkg · L24
22L23: const fs = require('fs'); L24: const path = require('path');
Medium
Dynamic Require

Package source references dynamic require/import behavior.

bin/imhcode.jsView on unpkg · L22
skills/ui-ux-pro-max/.claude/skills/design/scripts/cip/generate.pyView file
path = skills/ui-ux-pro-max/.[redacted].py kind = payload_in_excluded_dir sizeBytes = 19430 magicHex = [redacted]
High
Payload In Excluded Dir

Package hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.

skills/ui-ux-pro-max/.claude/skills/design/scripts/cip/generate.pyView on unpkg
path = skills/ui-ux-pro-max/.[redacted].py kind = build_helper sizeBytes = 19430 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

skills/ui-ux-pro-max/.claude/skills/design/scripts/cip/generate.pyView on unpkg
skills/theme-factory/theme-showcase.pdfView file
path = skills/theme-factory/theme-showcase.pdf kind = high_entropy_blob sizeBytes = 124310 magicHex = [redacted]
High
Ships High Entropy Blob

Package ships high-entropy non-source blobs.

skills/theme-factory/theme-showcase.pdfView on unpkg
skills/graphify/skill-windows.mdView file
681patternName = generic_password severity = medium line = 681 matchedText = result =...ies)
Medium
Secret Pattern

Hardcoded password in skills/graphify/skill-windows.md

skills/graphify/skill-windows.mdView on unpkg · L681
skills/graphify/skill-trae.mdView file
592patternName = generic_password severity = medium line = 592 matchedText = result =...ies)
Medium
Secret Pattern

Hardcoded password in skills/graphify/skill-trae.md

skills/graphify/skill-trae.mdView on unpkg · L592
skills/graphify/skill-pi.mdView file
543patternName = generic_password severity = medium line = 543 matchedText = result =...ies)
Medium
Secret Pattern

Hardcoded password in skills/graphify/skill-pi.md

skills/graphify/skill-pi.mdView on unpkg · L543
skills/graphify/skill-codex.mdView file
605patternName = generic_password severity = medium line = 605 matchedText = result =...ies)
Medium
Secret Pattern

Hardcoded password in skills/graphify/skill-codex.md

skills/graphify/skill-codex.mdView on unpkg · L605
skills/graphify/skill-kiro.mdView file
543patternName = generic_password severity = medium line = 543 matchedText = result =...ies)
Medium
Secret Pattern

Hardcoded password in skills/graphify/skill-kiro.md

skills/graphify/skill-kiro.mdView on unpkg · L543
skills/graphify/skill-copilot.mdView file
603patternName = generic_password severity = medium line = 603 matchedText = result =...ies)
Medium
Secret Pattern

Hardcoded password in skills/graphify/skill-copilot.md

skills/graphify/skill-copilot.mdView on unpkg · L603
skills/graphify/skill-opencode.mdView file
655patternName = generic_password severity = medium line = 655 matchedText = result =...ies)
Medium
Secret Pattern

Hardcoded password in skills/graphify/skill-opencode.md

skills/graphify/skill-opencode.mdView on unpkg · L655
skills/graphify/skill-aider.mdView file
544patternName = generic_password severity = medium line = 544 matchedText = result =...ies)
Medium
Secret Pattern

Hardcoded password in skills/graphify/skill-aider.md

skills/graphify/skill-aider.mdView on unpkg · L544
skills/graphify/skill-claw.mdView file
544patternName = generic_password severity = medium line = 544 matchedText = result =...ies)
Medium
Secret Pattern

Hardcoded password in skills/graphify/skill-claw.md

skills/graphify/skill-claw.mdView on unpkg · L544
skills/graphify/skill-droid.mdView file
600patternName = generic_password severity = medium line = 600 matchedText = result =...ies)
Medium
Secret Pattern

Hardcoded password in skills/graphify/skill-droid.md

skills/graphify/skill-droid.mdView on unpkg · L600
skills/django-tdd/SKILL.mdView file
25patternName = generic_password severity = medium line = 25 matchedText = user = U...23')
Medium
Secret Pattern

Hardcoded password in skills/django-tdd/SKILL.md

skills/django-tdd/SKILL.mdView on unpkg · L25
117patternName = generic_password severity = medium line = 117 matchedText = password...23',
Medium
Secret Pattern

Hardcoded password in skills/django-tdd/SKILL.md

skills/django-tdd/SKILL.mdView on unpkg · L117
126patternName = generic_password severity = medium line = 126 matchedText = password...23',
Medium
Secret Pattern

Hardcoded password in skills/django-tdd/SKILL.md

skills/django-tdd/SKILL.mdView on unpkg · L126

Findings

3 Critical3 High17 Medium5 Low
CriticalPersistence Backdoorbin/imhcode.js
CriticalTrigger Reachable Dangerous Capabilitybin/imhcode.js
CriticalPrevious Version Dangerous Deltabin/imhcode.js
HighEntrypoint Build Divergencebin/imhcode.js
HighShips High Entropy Blobskills/theme-factory/theme-showcase.pdf
HighPayload In Excluded Dirskills/ui-ux-pro-max/.claude/skills/design/scripts/cip/generate.py
MediumDynamic Requirebin/imhcode.js
MediumNetwork
MediumShips Build Helperskills/ui-ux-pro-max/.claude/skills/design/scripts/cip/generate.py
MediumStructural Risk Force Deep Review
MediumSecret Patternskills/graphify/skill-windows.md
MediumSecret Patternskills/graphify/skill-trae.md
MediumSecret Patternskills/graphify/skill-pi.md
MediumSecret Patternskills/graphify/skill-codex.md
MediumSecret Patternskills/graphify/skill-kiro.md
MediumSecret Patternskills/graphify/skill-copilot.md
MediumSecret Patternskills/graphify/skill-opencode.md
MediumSecret Patternskills/graphify/skill-aider.md
MediumSecret Patternskills/graphify/skill-claw.md
MediumSecret Patternskills/graphify/skill-droid.md
MediumSecret Patternskills/django-tdd/SKILL.md
MediumSecret Patternskills/django-tdd/SKILL.md
MediumSecret Patternskills/django-tdd/SKILL.md
LowScripts Present
LowEvalskills/typeui-main/src/prompts/designSystem.ts
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings