registry  /  praxisjs  /  1.0.0

praxisjs@1.0.0

CLI for maintaining existing PraxisJS projects

AI Security Review

scanned 2h ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. No install-time attack behavior is present. An explicit `praxisjs ai add` command can install first-party AI-agent configuration, including a Claude MCP command that later resolves `@praxisjs/mcp` through npx.

Static reason
No blocking static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs `praxisjs ai add` and selects Claude Code or Codex.
Impact
Changes the selected project's AI-agent extension surface; the Claude configuration can later execute the separately resolved `@praxisjs/mcp` package.
Mechanism
Interactive project-local AI skill and MCP configuration installation.
Rationale
Source inspection found explicit user-command AI-agent configuration and no malicious install-time or exfiltration chain. Warn because the package provisions a first-party MCP/skill integration that expands an AI-agent control surface.
Evidence
package.jsondist/index.mjsdist/lib.mjsplugins/claude-skill/dot-claude/settings.jsonplugins/codex-skill/AGENTS.md.claude/skills/praxisjs.claude/settings.json.agents/skills/praxisjsAGENTS.md
Network endpoints1
registry.npmjs.org/<package>/latest

Decision evidence

public snapshot
AI called this Suspicious at 91.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `dist/index.mjs` runs only through the `praxisjs` CLI.
  • `praxisjs ai add` interactively selects an AI integration and copies project files.
  • Claude setup writes `.claude/settings.json` that invokes `npx -y @praxisjs/mcp`.
  • Codex setup installs a first-party skill under `.agents/skills/praxisjs`.
  • `upgrade` fetches only `https://registry.npmjs.org/<package>/latest` for `@praxisjs/*` dependencies.
Evidence against
  • `package.json` has no preinstall, install, postinstall, or prepare lifecycle hook.
  • No credential, environment, home-directory, or SSH harvesting found.
  • No exfiltration endpoint, obfuscated payload, eval, dynamic loading, or shell execution found.
  • `execFileSync` is limited to the user-invoked `upgrade` package-manager install.
  • AI integration removal requires an explicit confirmation.
Behavioral surface
Source
ChildProcessFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
Manifest
NoLicense
scanned 2 file(s), 14.7 KB of source, external domains: registry.npmjs.org

Source & flagged code

1 flagged · loading source
dist/index.mjsView file
matchType = previous_version_dangerous_delta matchedPackage = praxisjs@0.1.0 matchedIdentity = npm:cHJheGlzanM:0.1.0 similarity = 0.500 summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/index.mjsView on unpkg

Findings

1 High1 Medium5 Low
HighPrevious Version Dangerous Deltadist/index.mjs
MediumNetwork
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License