registry  /  notecraftapp  /  0.2.4

notecraftapp@0.2.4

由 AI 生成視覺化與動態互動元件、嵌入筆記的個人筆記 Web App。用 npx 一行指令在任何 md/mdx 資料夾啟動漂亮 UI。

AI Security Review

scanned 2h ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. No confirmed malicious attack surface was found. The unresolved risk is explicit user-command installation of first-party Claude Code skills/agents into a project .claude directory, plus package-aligned runtime setup under ~/.notecraft.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs notecraftapp init-skill, or runs the CLI from npx/global install for first-time setup.
Impact
May add or overwrite project .claude skill/agent files when requested; first run installs app dependencies in ~/.notecraft/app-0.2.4.
Mechanism
explicit agent extension setup and package-local dependency bootstrap
Rationale
Static inspection shows a real agent-extension lifecycle risk, but it is explicit and first-party rather than unconsented install-time mutation. Runtime child_process, npm install, local server, and file writes are aligned with the documented note viewer/generator workflow and lack exfiltration or remote-code behavior.
Evidence
package.jsonbin/notecraftapp.mjssrc/dev-api/handlers.mjsastro.config.mjssrc/components/islands/PagefindSearch.tsxskill-template/.claude/skills/content-visualize/SKILL.mdskill-template/.claude/agents/component-generator.md~/.notecraft/app-0.2.4/**~/.notecraft/cache/<hash>/**<targetRoot>/.claude/**<notesRoot>/**/*.md<notesRoot>/**/*.mdx<userCwd>/.notecraft/components/*.tsx<userCwd>/.notecraft/*.json

Decision evidence

public snapshot
AI called this Suspicious at 86.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • bin/notecraftapp.mjs defines explicit init-skill command that copies packaged skill-template/.claude into targetRoot/.claude.
  • bin/notecraftapp.mjs init-skill supports --force and can overwrite conflicting .claude skill/agent files after user command.
  • Packaged skill-template includes Claude Code skills and agents that can write generated components/MDX when later invoked.
  • bin/notecraftapp.mjs first runtime copies package to ~/.notecraft/app-0.2.4 and runs npm install there.
Evidence against
  • package.json has no preinstall/install/postinstall hook; only prepublishOnly runs sync-skill for publisher workflow.
  • AI-agent .claude mutation is behind explicit notecraftapp init-skill, not unconsented install-time execution.
  • bin/notecraftapp.mjs runtime npm install is package-aligned dependency setup in ~/.notecraft/app-<version>.
  • src/dev-api/handlers.mjs restricts API/assets to localhost and uses path containment checks for note file operations.
  • skill-template scanner search found no curl/wget/fetch/process.env/child_process/eval patterns.
  • skill-template/.claude/skills/trendlink-design/.thumbnail is a WebP image, not executable code.
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 35 file(s), 242 KB of source, external domains: 127.0.0.1

Source & flagged code

7 flagged · loading source
bin/notecraftapp.mjsView file
matchType = previous_version_dangerous_delta matchedPackage = notecraftapp@0.1.1 matchedIdentity = npm:bm90ZWNyYWZ0YXBw:0.1.1 similarity = 0.882 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

bin/notecraftapp.mjsView on unpkg
9import { defineCommand, runMain } from "citty"; L10: import { spawn, spawnSync } from "node:child_process"; L11: import { createServer } from "node:http";
High
Child Process

Package source references child process execution.

bin/notecraftapp.mjsView on unpkg · L9
67console.log(`[notecraftapp] 安裝相依(npm install)…`); L68: const install = spawnSync("npm", ["install", "--omit=dev", "--no-audit", "--no-fund"], { L69: cwd: stableAppRoot, ... L72: if (install.status !== 0) { L73: console.error("[notecraftapp] npm install 失敗"); L74: process.exit(install.status ?? 1);
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

bin/notecraftapp.mjsView on unpkg · L67
9import { defineCommand, runMain } from "citty"; L10: import { spawn, spawnSync } from "node:child_process"; L11: import { createServer } from "node:http"; L12: import { promises as fs, existsSync, readFileSync, statSync } from "node:fs"; ... L22: const packageRoot = path.resolve(path.dirname(__filename), ".."); L23: const pkgJson = JSON.parse(readFileSync(path.join(packageRoot, "package.json"), "utf-8")); L24: ... L34: L35: const stableAppRoot = path.join(os.homedir(), ".notecraft", `app-${pkgJson.version}`); L36: L37: function isDevSource() { L38: if (process.env.NOTECRAFTAPP_DEV === "1") return true;
Low
Weak Crypto

Package source references weak cryptographic algorithms.

bin/notecraftapp.mjsView on unpkg · L9
src/components/islands/PagefindSearch.tsxView file
29const url = "/pagefind/" + "pagefind.js"; L30: const mod = await import(/* @vite-ignore */ url); L31: if (cancelled) return;
Medium
Dynamic Require

Package source references dynamic require/import behavior.

src/components/islands/PagefindSearch.tsxView on unpkg · L29
skill-template/.claude/skills/trendlink-design/.thumbnailView file
path = sk[redacted]/.claude/skills/trendlink-design/.thumbnail kind = high_entropy_blob sizeBytes = 5176 magicHex = [redacted]
High
Ships High Entropy Blob

Package ships high-entropy non-source blobs.

skill-template/.claude/skills/trendlink-design/.thumbnailView on unpkg
path = sk[redacted]/.claude/skills/trendlink-design/.thumbnail kind = payload_in_excluded_dir sizeBytes = 5176 magicHex = [redacted]
High
Payload In Excluded Dir

Package hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.

skill-template/.claude/skills/trendlink-design/.thumbnailView on unpkg

Findings

1 Critical5 High4 Medium6 Low
CriticalPrevious Version Dangerous Deltabin/notecraftapp.mjs
HighChild Processbin/notecraftapp.mjs
HighShell
HighRuntime Package Installbin/notecraftapp.mjs
HighShips High Entropy Blobskill-template/.claude/skills/trendlink-design/.thumbnail
HighPayload In Excluded Dirskill-template/.claude/skills/trendlink-design/.thumbnail
MediumDynamic Requiresrc/components/islands/PagefindSearch.tsx
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowWeak Cryptobin/notecraftapp.mjs
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings