registry  /  projectops  /  4.2.12

projectops@4.2.12

ProjectOps — 완전 자동화 GitHub 프로젝트 관리 템플릿 통합 CLI

AI Security Review

scanned 3h ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. No install-time attack surface is present. Explicit skills setup can modify user-scoped AI-agent integration state and invoke package-aligned remote extension/template sources.

Static reason
No blocking static signals were detected.
Trigger
User runs `projectops --mode skills` or accepts the interactive skills prompt.
Impact
Can install or update first-party agent extensions and copy projectops-owned skill files into user agent directories.
Mechanism
Explicit IDE plugin, extension, skills, and harness setup.
Rationale
No concrete malicious chain was found. The explicit first-party AI-agent extension lifecycle behavior warrants a warning under the stated policy, not a block.
Evidence
package.jsonbin/projectops.jssrc/commands/skills.jssrc/core/ide/adapters/cursor.jssrc/core/ide/adapters/codex.jssrc/core/ide/adapters/pi-harness.jssrc/core/assets.js~/.cursor/skills~/.agents/skills/projectops~/.projectops/config/config.jsonPI settings.json
Network endpoints3
github.com/Cassiiopeia/projectopsgithub.com/Cassiiopeia/projectops.gitraw.githubusercontent.com/Cassiiopeia/projectops/main

Decision evidence

public snapshot
AI called this Suspicious at 90.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `src/commands/skills.js` applies IDE integrations in noninteractive mode.
  • `src/core/ide/adapters/cursor.js` copies skills into `~/.cursor/skills`.
  • `src/core/ide/adapters/codex.js` registers a Codex marketplace and removes legacy native skills.
  • `src/core/ide/adapters/pi-harness.js` enables a PI settings extension.
  • `src/core/assets.js` clones the package-aligned GitHub template at runtime.
Evidence against
  • `package.json` has no preinstall, install, postinstall, or prepare hook.
  • `bin/projectops.js` only starts the CLI after explicit execution.
  • Agent integration runs only through `--mode skills` or an interactive opt-in.
  • Network URLs are package-aligned GitHub endpoints.
  • No credential harvesting, exfiltration, eval, or hidden payload execution was found.
Behavioral surface
Source
ChildProcessDynamicRequireEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 58 file(s), 241 KB of source, external domains: ai.suhsaechan.kr, coderabbit.ai, github.com, raw.githubusercontent.com

Source & flagged code

1 flagged · loading source
bin/projectops.jsView file
14const indexPath = join(here, "..", "src", "index.js"); L15: const { run } = await import(pathToFileURL(indexPath).href); L16:
Medium
Dynamic Require

Package source references dynamic require/import behavior.

bin/projectops.jsView on unpkg · L14

Findings

3 Medium4 Low
MediumDynamic Requirebin/projectops.js
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings