registry  /  marigold-draft  /  0.1.0

marigold-draft@0.1.0

Local Marigold review loop for agent-authored HTML/SVG drafts — comment in the browser, feedback flows straight back to your coding agent.

AI Security Review

scanned 10d ago · by lpm-firewall-ai

No confirmed malicious attack surface found. The package is a user-invoked local HTML/SVG review CLI with a localhost server and optional agent setup commands.

Static reason
One or more suspicious static signals were detected.
Trigger
User runs marigold-draft/marigold-local commands
Impact
Can read/update user-selected draft files and write package-specific local state when invoked; no install-time execution or exfiltration found.
Mechanism
local review server, sidecar comment files, optional Claude/MCP setup
Rationale
Static inspection found no npm install hook, credential harvesting, remote endpoint, or unconsented lifecycle mutation; risky primitives are tied to explicit CLI actions and localhost review/MCP workflows. Optional Claude skill/MCP writes are under an agent-setup command rather than automatic install/import behavior, so they do not meet the block policy.
Evidence
package.jsondist/cli.cjs~/.marigold-local/server.json~/.marigold-local/docs.json<draft>.marigold.json~/.claude/skills/marigold-draft/SKILL.mdClaude/claude_desktop_config.json
Network endpoints2
127.0.0.1:<port>localhost:<port>

Decision evidence

public snapshot
AI called this Clean at 90.0% confidence as Benign with low false-positive risk.
Evidence for block
    Evidence against
    • package.json has no install/postinstall/prepare hook; only prepublishOnly build script
    • bin points to dist/cli.cjs for explicit CLI use
    • network use is localhost-only 127.0.0.1/local server API
    • child_process starts its own CLI server or opens browser on user command
    • file writes are local state, selected draft/sidecar files, or explicit agent setup
    • Claude/MCP config writes are in agent-setup code, not lifecycle-triggered
    Behavioral surface
    Source
    ChildProcessCryptoEnvironmentVarsEvalFilesystemNetwork
    Supply chain
    HighEntropyStringsUrlStrings
    ManifestNo manifest risk signals triggered.
    scanned 1 file(s), 1.23 MB of source, external domains: 127.0.0.1, dom.spec.whatwg.org, github.com, html.spec.whatwg.org, html5sec.org, json-schema.org, mathiasbynens.be, raw.githubusercontent.com, spec.openapis.org, stackoverflow.com, tools.ietf.org, www.safaribooksonline.com, www.w3.org

    Source & flagged code

    2 flagged · loading source
    dist/cli.cjsView file
    4102patternName = generic_password severity = medium line = 4102 matchedText = password...d]",
    Medium
    Secret Pattern

    Package contains a possible secret pattern.

    dist/cli.cjsView on unpkg · L4102
    22156sourceCode = this.opts.code.process(sourceCode, sch); L22157: const makeValidate = new Function(`${names_1.default.self}`, `${names_1.default.scope}`, sourceCode); L22158: const validate = makeValidate(this, this.scope.get());
    Low
    Eval

    Package source references a known benign dynamic code generation pattern.

    dist/cli.cjsView on unpkg · L22156

    Findings

    3 Medium6 Low
    MediumSecret Patterndist/cli.cjs
    MediumNetwork
    MediumEnvironment Vars
    LowNon Install Lifecycle Scripts
    LowScripts Present
    LowEvaldist/cli.cjs
    LowFilesystem
    LowHigh Entropy Strings
    LowUrl Strings