registry  /  incanto  /  0.8.0

incanto@0.8.0

Vibe-coding-first web game engine SDK — JSON-driven scenes on three.js

AI Security Review

scanned 2h ago · by lpm-firewall-ai

Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.

Static reason
No blocking static signals were detected.
Trigger
User runs `incanto-skills` (for example through npx).
Impact
Changes agent guidance available in the caller project; no automatic installation, exfiltration, or remote payload execution was found.
Mechanism
Copies first-party skill files into a selected AI-agent configuration path.
Rationale
The package is not malicious by source inspection, but policy requires a warning for explicit first-party AI-agent skill installation. The remaining dynamic imports and network references are package-aligned game-engine functionality.
Evidence
package.jsonbin/incanto-skills.mjsbin/incanto-editor.mjsbin/incanto-assets.mjsbin/incanto-env.mjsdist/index.jsskills/incanto-*.md.claude/skills/<skill-name>/SKILL.md.claude/skills/incanto-skills.json

Decision evidence

public snapshot
AI called this Suspicious at 93.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `bin/incanto-skills.mjs` explicitly copies package skills into `.claude/skills` by default.
  • The same command writes `incanto-skills.json` in the selected project output.
  • This agent-surface mutation is user-invoked via the `incanto-skills` bin, not install-time.
Evidence against
  • `package.json` defines no preinstall, install, postinstall, or prepare lifecycle hook.
  • Reviewed CLI files show no credential harvesting, shell execution, eval/vm use, or destructive filesystem actions.
  • `bin/incanto-editor.mjs` binds to loopback by default and bounds scene-file writes to project `*.scene.json` paths.
  • Network code is game-asset preloading and an optional Agent8 transport, not package telemetry or exfiltration.
Behavioral surface
Source
ChildProcessDynamicRequireFilesystemNetwork
Supply chain
HighEntropyStringsMinifiedProtestwareUrlStrings
Manifest
NoLicense
scanned 46 file(s), 4.17 MB of source, external domains: agent8-games.verse8.io, github.com, hacksoflife.blogspot.ch, jcgt.org, verse8-game-backend-kr-609824224664.asia-northeast3.run.app, vrm.dev, www.w3.org
Oversized source lightweight scan
editor/assets/rapier-DE6a0vmv.js2.13 MB file, sampled 256 KB
NetworkMinified

Source & flagged code

3 flagged · loading source
bin/incanto-assets.mjsView file
84if (entry.animation) { L85: const { spriteFromLibraryMeta } = await import( L86: pathToFileURL(join(PKG, 'dist', '2d.js')).href
Medium
Dynamic Require

Package source references dynamic require/import behavior.

bin/incanto-assets.mjsView on unpkg · L84
assets/audio/attacked.mp3View file
path = assets/audio/attacked.mp3 kind = high_entropy_blob sizeBytes = 8757 magicHex = [redacted]
High
Ships High Entropy Blob

Package ships high-entropy non-source blobs.

assets/audio/attacked.mp3View on unpkg
editor/assets/rapier-DE6a0vmv.jsView file
path = editor/assets/rapier-DE6a0vmv.js kind = oversized_source_file sizeBytes = 2236503 magicHex = [redacted]
High
Oversized Source File

Package contains source files above the static scanner size ceiling.

editor/assets/rapier-DE6a0vmv.jsView on unpkg

Findings

2 High4 Medium5 Low
HighShips High Entropy Blobassets/audio/attacked.mp3
HighOversized Source Fileeditor/assets/rapier-DE6a0vmv.js
MediumDynamic Requirebin/incanto-assets.mjs
MediumNetwork
MediumProtestware
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License