registry  /  projectops  /  4.0.4

projectops@4.0.4

ProjectOps — 완전 자동화 GitHub 프로젝트 관리 템플릿 통합 CLI (구 SUH-DEVOPS-TEMPLATE 마법사)

AI Security Review

scanned 2h ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. User-invoked CLI can install or update package-owned IDE/agent extensions and copy project templates. This is not install-time behavior, but it does touch AI-agent control surfaces when the user runs skills mode.

Static reason
No blocking static signals were detected.
Trigger
user runs projectops, especially --mode skills with --force or interactive apply
Impact
Warn-level lifecycle risk from agent extension/config mutation; no confirmed malicious payload or exfiltration
Mechanism
explicit CLI-driven template integration and IDE/agent extension setup
Rationale
Source inspection shows explicit user-command agent extension/config mutation, which merits a warning under the provided policy, but no concrete malicious chain. The risky operations are package-aligned and activated through CLI modes rather than npm install/import side effects.
Evidence
package.jsonbin/projectops.jssrc/index.jssrc/core/assets.jssrc/core/breaking-check.jssrc/commands/skills.jssrc/core/ide/adapters/cursor.jssrc/core/ide/adapters/pi-common.jssrc/core/ide/adapters/claude.jssrc/core/ide/adapters/codex.jssrc/core/ide/adapters/gemini.jsversion.ymlREADME.md.github/workflows/*.github/config/*.github/ISSUE_TEMPLATE/*.github/DISCUSSION_TEMPLATE/*.cursor/skills/*.pi/agent/settings.json.agents/skills/cassiiopeia.claude/plugins/data/cassiiopeia@cassiiopeia-marketplace
Network endpoints3
github.com/Cassiiopeia/projectops.gitraw.githubusercontent.com/Cassiiopeia/projectops/main/.github/config/breaking-changes.jsongithub.com/Cassiiopeia/projectops

Decision evidence

public snapshot
AI called this Suspicious at 82.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • src/commands/skills.js applies IDE adapters in noninteractive skills mode
  • src/core/ide/adapters/cursor.js copies skills into ~/.cursor/skills and writes meta
  • src/core/ide/adapters/pi-common.js can add/remove harness loader in ~/.pi/agent/settings.json
  • src/core/ide/adapters/claude.js, gemini.js, codex.js invoke agent/IDE CLIs to install/update package-owned extensions
Evidence against
  • package.json has no preinstall/install/postinstall hooks
  • bin/projectops.js only version-checks then imports src/index.js on CLI execution
  • Network URLs are package-aligned GitHub repo/raw URLs
  • No credential harvesting, exfiltration, eval/vm, obfuscated payload, or stealth persistence found
Behavioral surface
Source
ChildProcessDynamicRequireEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 49 file(s), 173 KB of source, external domains: coderabbit.ai, github.com, raw.githubusercontent.com

Source & flagged code

1 flagged · loading source
bin/projectops.jsView file
14const indexPath = join(here, "..", "src", "index.js"); L15: const { run } = await import(pathToFileURL(indexPath).href); L16:
Medium
Dynamic Require

Package source references dynamic require/import behavior.

bin/projectops.jsView on unpkg · L14

Findings

3 Medium4 Low
MediumDynamic Requirebin/projectops.js
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings