AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. No install-time attack behavior is present. An explicit `praxisjs ai add` command can install first-party AI-agent configuration, including a Claude MCP command that later resolves `@praxisjs/mcp` through npx.
Static reason
No blocking static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs `praxisjs ai add` and selects Claude Code or Codex.
Impact
Changes the selected project's AI-agent extension surface; the Claude configuration can later execute the separately resolved `@praxisjs/mcp` package.
Mechanism
Interactive project-local AI skill and MCP configuration installation.
Rationale
Source inspection found explicit user-command AI-agent configuration and no malicious install-time or exfiltration chain. Warn because the package provisions a first-party MCP/skill integration that expands an AI-agent control surface.
Evidence
package.jsondist/index.mjsdist/lib.mjsplugins/claude-skill/dot-claude/settings.jsonplugins/codex-skill/AGENTS.md.claude/skills/praxisjs.claude/settings.json.agents/skills/praxisjsAGENTS.md
Network endpoints1
registry.npmjs.org/<package>/latest
Decision evidence
public snapshotAI called this Suspicious at 91.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
- `dist/index.mjs` runs only through the `praxisjs` CLI.
- `praxisjs ai add` interactively selects an AI integration and copies project files.
- Claude setup writes `.claude/settings.json` that invokes `npx -y @praxisjs/mcp`.
- Codex setup installs a first-party skill under `.agents/skills/praxisjs`.
- `upgrade` fetches only `https://registry.npmjs.org/<package>/latest` for `@praxisjs/*` dependencies.
Evidence against
- `package.json` has no preinstall, install, postinstall, or prepare lifecycle hook.
- No credential, environment, home-directory, or SSH harvesting found.
- No exfiltration endpoint, obfuscated payload, eval, dynamic loading, or shell execution found.
- `execFileSync` is limited to the user-invoked `upgrade` package-manager install.
- AI integration removal requires an explicit confirmation.
Behavioral surface
ChildProcessFilesystemNetworkShell
HighEntropyStringsUrlStrings
NoLicense
Source & flagged code
1 flagged · loading sourcedist/index.mjsView file
•matchType = previous_version_dangerous_delta
matchedPackage = praxisjs@0.1.0
matchedIdentity = npm:cHJheGlzanM:0.1.0
similarity = 0.500
summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta
This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/index.mjsView on unpkgFindings
1 High1 Medium5 Low
HighPrevious Version Dangerous Deltadist/index.mjs
MediumNetwork
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License