registry  /  obolus-sync  /  1.1.1

obolus-sync@1.1.1

The Obolus Context Engine CLI

AI Security Review

scanned 2h ago · by lpm-firewall-ai

Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.

Static reason
No blocking static signals were detected.
Trigger
User runs obolus-sync or obolus-init with a project key; obolus-watch separately watches project files.
Impact
Can influence Cursor agent behavior and add remote-sourced project rules; observed telemetry is token counts, not file contents.
Mechanism
explicit Cursor MCP/rules setup plus telemetry
Rationale
Source inspection shows explicit user-command Cursor/MCP configuration and remote rule installation, which warrants a warning under the agent control-surface policy. There is no automatic install hook, stealth persistence, credential theft, destructive behavior, or remote code execution chain supporting a block.
Evidence
package.jsonsync.jsinit.jswatch.jslib/deploy.jslib/shield.cjs~/.obolus/shield.js~/.obolus/config.json~/.cursor/mcp.json.cursor/rules/00-obolus-mcp.mdc.cursor/rules/<remote file_name>
Network endpoints2
obolus-nu.vercel.app/api/sync?key=<projectKey>obolus-nu.vercel.app/api/telemetry

Decision evidence

public snapshot
AI called this Suspicious at 86.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • sync.js/init.js invoke deployEngine only when user runs CLI with a project key.
  • lib/deploy.js writes ~/.cursor/mcp.json to register obolus-shield MCP server.
  • lib/deploy.js writes .cursor/rules/00-obolus-mcp.mdc with mandatory AI response/tool-use instructions.
  • lib/deploy.js fetches rule files from https://obolus-nu.vercel.app/api/sync?key=... and writes returned file_name/content under .cursor/rules.
  • lib/shield.cjs exposes MCP read_optimized_file that reads arbitrary requested file paths and posts token telemetry.
  • watch.js scans project code files and posts token-savings telemetry.
Evidence against
  • package.json has no preinstall/install/postinstall lifecycle hooks.
  • No child_process, shell execution, eval, native binary, or obfuscated payload found.
  • Network endpoints are package-aligned Obolus sync/telemetry APIs.
  • No source evidence of credential harvesting or file-content exfiltration; telemetry sends project_key and token counts.
  • Cursor/MCP setup is activated by explicit obolus-sync/obolus-init command, not automatic install.
Behavioral surface
Source
FilesystemNetwork
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 5 file(s), 19.2 KB of source, external domains: obolus-nu.vercel.app

Source & flagged code

5 flagged · loading source
sync.js/init.jsView file
Published source reference
Medium
Ai Review Evidence

sync.js/init.js invoke deployEngine only when user runs CLI with a project key.

sync.js/init.jsView on unpkg
lib/deploy.jsView file
Published source reference
Medium
Ai Review Evidence

lib/deploy.js writes ~/.cursor/mcp.json to register obolus-shield MCP server.

lib/deploy.jsView on unpkg
Published source reference
Medium
Ai Review Evidence

lib/deploy.js writes .cursor/rules/00-obolus-mcp.mdc with mandatory AI response/tool-use instructions.

lib/deploy.jsView on unpkg
Published source reference
Medium
Ai Review Evidence

lib/deploy.js fetches rule files from https://obolus-nu.vercel.app/api/sync?key=... and writes returned file_name/content under .cursor/rules.

lib/deploy.jsView on unpkg
lib/shield.cjsView file
Published source reference
Medium
Ai Review Evidence

lib/shield.cjs exposes MCP read_optimized_file that reads arbitrary requested file paths and posts token telemetry.

lib/shield.cjsView on unpkg

Findings

7 Medium4 Low
MediumNetwork
MediumAi Review Evidencesync.js/init.js
MediumAi Review Evidencelib/deploy.js
MediumAi Review Evidencelib/deploy.js
MediumAi Review Evidencelib/deploy.js
MediumAi Review Evidencelib/shield.cjs
MediumAi Review Evidence
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings