registry  /  nstantkit  /  0.1.11

nstantkit@0.1.11

Add production-grade features to your app in one command — login, payments, AI chat and more, with AI skills included.

AI Security Review

scanned 13d ago · by lpm-firewall-ai

No confirmed malicious attack surface was established. The package is a scaffolding CLI that writes app modules, skill docs, AGENTS.md, env templates, and can run dependency installation only after user-invoked commands.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
User runs nstantkit/fastkit CLI commands such as login, init, or add.
Impact
Creates or modifies target project files and may install dependencies; no unconsented exfiltration or lifecycle execution confirmed.
Mechanism
user-invoked project scaffolding and module installation
Rationale
Scanner hits map to expected scaffolding, payments/auth/email/AI integrations, and user-invoked dependency installation rather than stealthy install-time behavior or exfiltration. The AGENTS/skill writes are explicit product functionality and no concrete malicious endpoint or payload was found.
Evidence
package.jsondist/index.jsfastkit.settings.jsontemplate/AGENTS.mdregistry/modules/auth/files/server/routes/auth.tsregistry/modules/ai-chat/files/server/lib/ai/tools.tsregistry/modules/billing-flitt/files/server/lib/billing/flitt.ts.env.env.exampleAGENTS.md.fastkit/installed.json.fastkit/<module>.mdskills/<module>/SKILL.md~/.fastkit/auth.json
Network endpoints6
oauth2.googleapis.com/tokeninfoapi.openai.com/v1/chat/completionsapi.anthropic.com/v1/messagesapi.stripe.com/v1pay.flitt.com/apiapi.resend.com/emails

Decision evidence

public snapshot
AI called this Clean at 82.0% confidence as Benign with medium false-positive risk.
Evidence for block
  • dist/index.js user-invoked add/init writes project files and AGENTS.md, copies skills, and may run pnpm/npm install.
  • fastkit.settings.json contains embedded license account credentials used for local CLI authorization.
  • registry/modules/ai-chat/files/server/lib/ai/tools.ts includes an http_get tool that can fetch public HTTPS URLs.
Evidence against
  • package.json has no lifecycle scripts; bin points only to dist/index.js CLI.
  • dist/index.js requires explicit login plus init/add commands before filesystem writes or installs occur.
  • Network endpoints found are package-aligned: Stripe, Flitt, Resend, Google OAuth, OpenAI, Anthropic, and user-supplied public HTTPS for ai-chat.
  • registry/modules/auth/files/server/routes/auth.ts sends emails to app users and verifies Google tokens; no credential/env exfiltration to attacker endpoint found.
  • AGENTS.md and skills writes are disclosed scaffolding behavior for the CLI, not install-time or import-time mutation.
  • No obfuscated payload, persistence, destructive behavior, dependency confusion, or lifecycle execution found.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
Manifest
NoLicense
scanned 134 file(s), 713 KB of source, external domains: accounts.google.com, api.anthropic.com, api.openai.com, api.resend.com, api.stripe.com, oauth2.googleapis.com, pay.flitt.com, www.w3.org

Source & flagged code

4 flagged · loading source
dist/index.jsView file
2427import { cpSync, existsSync as existsSync2, mkdirSync, readFileSync as readFileSync2, writeFileSync, copyFileSync } from "fs"; L2428: import { execSync } from "child_process"; L2429: import path2 from "path";
High
Child Process

Package source references child process execution.

dist/index.jsView on unpkg · L2427
6620console.log(import_picocolors.default.dim(" Installing dependencies (pnpm install)\u2026")); L6621: execSync("pnpm install", { cwd: target, stdio: "inherit" }); L6622: installed = true; ... L6634: console.log(import_picocolors.default.dim(` L6635: Then add features: npx fastkit add auth | billing | ai-chat | email | profile`)); L6636: }
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

dist/index.jsView on unpkg · L6620
registry/modules/billing-flitt/files/server/lib/billing/flitt.tsView file
8* L9: * 1. POST the subscription order to https://pay.flitt.com/api/checkout/url L10: * 2. Redirect the customer to the returned checkout_url ... L27: export function flittConfigured(): boolean { L28: return process.env.FLITT_DISABLED !== '1'; L29: } ... L104: L105: async function flittPost(path: string, body: Record<string, unknown>): Promise<FlittResponse> { L106: const res = await fetch(`${FLITT_BASE}${path}`, { ... L111: }); L112: const data = (await res.json().catch(() => ({}))) as { response?: FlittResponse }; L113: return data?.response ?? (data as FlittResponse);
Low
Weak Crypto

Package source references weak cryptographic algorithms.

registry/modules/billing-flitt/files/server/lib/billing/flitt.tsView on unpkg · L8
registry/modules/auth/files/server/routes/auth.tsView file
32function appUrl(): string { L33: return process.env.APP_URL || 'http://localhost:5173'; L34: } ... L102: // ---------- Register ---------- L103: router.post('/register', async (req, res) => { L104: const { email, password, name } = req.body ?? {}; L105: if (typeof email !== 'string' || !/^\S+@\S+\.\S+$/.test(email)) return res.status(400).json({ error: 'Valid email required' }); L106: if (typeof password !== 'string' || password.length < 8) return res.status(400).json({ error: 'Password must be at least 8 characters' });
Critical
Credential Exfiltration

Source appears to send environment or credential material to an external endpoint.

registry/modules/auth/files/server/routes/auth.tsView on unpkg · L32

Findings

1 Critical3 High3 Medium6 Low
CriticalCredential Exfiltrationregistry/modules/auth/files/server/routes/auth.ts
HighChild Processdist/index.js
HighShell
HighRuntime Package Installdist/index.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowWeak Cryptoregistry/modules/billing-flitt/files/server/lib/billing/flitt.ts
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License