AI Security Review
scanned 3h ago · by lpm-firewall-aiNo confirmed malicious attack surface in the inspected wrapper package. The runtime behavior is a user-invoked launcher for allowlisted platform packages, with no install-time execution.
Static reason
One or more suspicious static signals were detected.
Trigger
User runs the `juggernaut` CLI.
Impact
Executes the package-selected native CLI with inherited environment; no source-confirmed exfiltration or persistence in this package.
Mechanism
allowlisted platform binary launcher
Rationale
The suspicious primitives are package-aligned launcher behavior: the package has no lifecycle hooks, no source-level network code, and no install-time mutation of Claude/Codex/Cursor/MCP control surfaces. Documented Claude configuration appears user-invoked via the delegated CLI, not delivered automatically by this npm wrapper.
Evidence
package.jsonindex.jsREADME.md
Decision evidence
public snapshotAI called this Clean at 88.0% confidence as Benign with low false-positive risk.
Evidence for block
- README documents user-invoked `juggernaut apply` can write Claude settings and shell activation, but this package source does not implement lifecycle delivery.
Evidence against
- package.json has no preinstall/install/postinstall hooks and only exposes bin `juggernaut` -> `./index.js`.
- index.js executes only under `require.main === module`; importing exports helper functions only.
- index.js allowlists platform optional package names and validates binary realpath stays under package directory before spawn.
- child_process.spawnSync runs a package-owned platform binary with `shell:false` and forwards sanitized CLI args.
- No source writes files, harvests credentials, registers MCP/agent surfaces at install time, or performs network calls.
- Scanner runtime install hint is from an error message suggesting `npm install -g`, not an executed package manager command.
Behavioral surface
ChildProcessEnvironmentVarsFilesystem
UrlStrings
Source & flagged code
2 flagged · loading sourceindex.jsView file
4var path = require("path");
L5: var childProcess = require("node:child_process");
L6: var fs = require("fs");
High
index.js#virtual:normalized:round1View file
153process.stderr.write(
L154: "juggernaut-bedrock is in a broken or partially-updated state (launcher v" + rootVersion + ", binary v" + binVersion + ").\nThis usually happens when the package was updated while ...
L155: );
...
L158: var args = safeForwardArgs(process.argv.slice(2));
L159: var result = child_process.spawnSync(bin, args, {
L160: stdio: "inherit",
High
Runtime Package Install
Package source invokes a package manager install command at runtime.
index.js#virtual:normalized:round1View on unpkg · L153Findings
2 High1 Medium3 Low
HighChild Processindex.js
HighRuntime Package Installindex.js#virtual:normalized:round1
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowUrl Strings