AI Security Review
scanned 10d ago · by lpm-firewall-aiNo confirmed malicious attack surface found. The package is a user-invoked local HTML/SVG review CLI with a localhost server and optional agent setup commands.
Static reason
One or more suspicious static signals were detected.
Trigger
User runs marigold-draft/marigold-local commands
Impact
Can read/update user-selected draft files and write package-specific local state when invoked; no install-time execution or exfiltration found.
Mechanism
local review server, sidecar comment files, optional Claude/MCP setup
Rationale
Static inspection found no npm install hook, credential harvesting, remote endpoint, or unconsented lifecycle mutation; risky primitives are tied to explicit CLI actions and localhost review/MCP workflows. Optional Claude skill/MCP writes are under an agent-setup command rather than automatic install/import behavior, so they do not meet the block policy.
Evidence
package.jsondist/cli.cjs~/.marigold-local/server.json~/.marigold-local/docs.json<draft>.marigold.json~/.claude/skills/marigold-draft/SKILL.mdClaude/claude_desktop_config.json
Network endpoints2
127.0.0.1:<port>localhost:<port>
Decision evidence
public snapshotAI called this Clean at 90.0% confidence as Benign with low false-positive risk.
Evidence for block
Evidence against
- package.json has no install/postinstall/prepare hook; only prepublishOnly build script
- bin points to dist/cli.cjs for explicit CLI use
- network use is localhost-only 127.0.0.1/local server API
- child_process starts its own CLI server or opens browser on user command
- file writes are local state, selected draft/sidecar files, or explicit agent setup
- Claude/MCP config writes are in agent-setup code, not lifecycle-triggered
Behavioral surface
ChildProcessCryptoEnvironmentVarsEvalFilesystemNetwork
HighEntropyStringsUrlStrings
Source & flagged code
2 flagged · loading sourcedist/cli.cjsView file
4102patternName = generic_password
severity = medium
line = 4102
matchedText = password...d]",
Medium
22156sourceCode = this.opts.code.process(sourceCode, sch);
L22157: const makeValidate = new Function(`${names_1.default.self}`, `${names_1.default.scope}`, sourceCode);
L22158: const validate = makeValidate(this, this.scope.get());
Low
Eval
Package source references a known benign dynamic code generation pattern.
dist/cli.cjsView on unpkg · L22156Findings
3 Medium6 Low
MediumSecret Patterndist/cli.cjs
MediumNetwork
MediumEnvironment Vars
LowNon Install Lifecycle Scripts
LowScripts Present
LowEvaldist/cli.cjs
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings