registry  /  plasalid  /  0.10.0

plasalid@0.10.0

Plasalid — The Harness Layer for Personal Finance

AI Security Review

scanned 2h ago · by lpm-firewall-ai

Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.

Static reason
No blocking static signals were detected.
Trigger
User runs `plasalid setup` or `plasalid agent-setup`, optionally with `--codex` or `--global`.
Impact
Can influence participating agent CLIs through user-requested local configuration changes.
Mechanism
Explicit agent configuration and skill-pack file writes.
Rationale
This is not malicious, but explicit AI-agent configuration mutation warrants a warning under the firewall policy. The inspected source establishes no concrete exfiltration or payload-execution chain.
Evidence
package.jsondist/cli/commands/setup.jsdist/cli/commands/agent-setup.jsdist/setup/install.jsdist/agent-setup/install.jsdist/config.js./.claude/skills/plasalid/SKILL.md./.claude/skills/plasalid/references/commands.md./.claude/skills/plasalid/references/schemas.md./.claude/skills/plasalid/references/taxonomy.md./.claude/skills/plasalid/VERSION./AGENTS.md~/.claude/skills/plasalid/SKILL.md

Decision evidence

public snapshot
AI called this Suspicious at 91.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `dist/cli/commands/setup.js` exposes an explicit `setup` command that installs agent integrations.
  • `dist/setup/install.js` writes Claude skill files and can append/replace a marked block in `AGENTS.md`.
  • `dist/cli/commands/agent-setup.js` similarly exposes explicit `agent-setup --codex/--global` mutation.
Evidence against
  • `package.json` has only `prepublishOnly`; no install-time lifecycle hook.
  • No outbound-network imports, fetch calls, shell execution, eval, or VM execution found in `dist/**/*.js`.
  • `dist/setup/install.js` is activated only by an explicit CLI command, not module import or package installation.
  • `dist/config.js` uses environment variables only for local configuration and stores files with restrictive permissions.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemShell
Supply chain
HighEntropyStrings
Manifest
NoLicense
scanned 58 file(s), 391 KB of source

Source & flagged code

3 flagged · loading source
dist/cli/commands/setup.jsView file
Published source reference
Medium
Ai Review Evidence

`dist/cli/commands/setup.js` exposes an explicit `setup` command that installs agent integrations.

dist/cli/commands/setup.jsView on unpkg
dist/setup/install.jsView file
Published source reference
Medium
Ai Review Evidence

`dist/setup/install.js` writes Claude skill files and can append/replace a marked block in `AGENTS.md`.

dist/setup/install.jsView on unpkg
dist/cli/commands/agent-setup.jsView file
Published source reference
Medium
Ai Review Evidence

`dist/cli/commands/agent-setup.js` similarly exposes explicit `agent-setup --codex/--global` mutation.

dist/cli/commands/agent-setup.jsView on unpkg

Findings

4 Medium5 Low
MediumEnvironment Vars
MediumAi Review Evidencedist/cli/commands/setup.js
MediumAi Review Evidencedist/setup/install.js
MediumAi Review Evidencedist/cli/commands/agent-setup.js
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowNo License