registry  /  proofloop  /  0.3.0

proofloop@0.3.0

NodeProof makes coding agents prove the app works. Portable proof-supervisor CLI: gate + hooks + tool-use contracts + kickoff prompt. Zero runtime dependencies.

AI Security Review

scanned 2h ago · by lpm-firewall-ai

Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.

Static reason
No blocking static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs `proofloop agents setup`, `proofloop hooks install`, agent launch commands, or `proofloop providers setup`.
Impact
Can alter local AI-agent hook settings and execute user-selected agent commands within the selected project.
Mechanism
explicit agent-hook setup, command launch, and configured provider connectivity checks
Rationale
Source inspection found explicit user-command AI-agent configuration mutation and command-launch capability, but no malicious lifecycle execution or concrete exfiltration chain. Per policy, this is a warn-level AI-agent capability risk rather than a publish-blocking malicious package.
Evidence
package.jsondist/cli.jsdist/proofloopHooks.jsdist/agentAdapters.jsdist/providerSetup.jsdist/gate.js.proofloop/hooks/config.json.proofloop/hooks/stop-gate.mjs.proofloop/hooks/pretooluse-guard.mjs.proofloop/hooks/posttooluse-log.mjs.claude/settings.json.claude/settings.local.json.codex/hooks.json.proofloop/setup/providers/<provider>.json
Network endpoints2
api.daytona.ioapi.tokenfactory.nebius.com/v1

Decision evidence

public snapshot
AI called this Suspicious at 90.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `dist/proofloopHooks.js` writes generated hooks and merges entries into `.claude/settings*.json` or `.codex/hooks.json`.
  • `dist/agentAdapters.js` invokes hook setup only through explicit `proofloop agents setup` commands.
  • `dist/agentAdapters.js` launches configured agent commands with `shell:true` when explicitly requested.
  • `dist/providerSetup.js` can send configured provider credentials in explicit live health checks.
Evidence against
  • `package.json` has no preinstall, install, or postinstall lifecycle hook; only `prepublishOnly` builds.
  • `dist/cli.js` dispatches setup, launch, provider, and hosted behavior only from user-invoked CLI commands.
  • `dist/proofloopHooks.js` defaults hook gating to local check-only state reads, not network execution.
  • No dynamic code loading, eval/vm use, native loading, or covert network client was found.
  • `dist/providerSetup.js` targets user-configured provider URLs and records setup receipts locally.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 30 file(s), 479 KB of source, external domains: api.daytona.io, api.tokenfactory.nebius.com, app.example, docs.claude.com, dora.dev, vega.github.io, www.bls.gov, www.w3.org

Source & flagged code

1 flagged · loading source
dist/cli.jsView file
matchType = previous_version_dangerous_delta matchedPackage = proofloop@0.2.0 matchedIdentity = npm:cHJvb2Zsb29w:0.2.0 similarity = 0.467 summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/cli.jsView on unpkg

Findings

1 High2 Medium5 Low
HighPrevious Version Dangerous Deltadist/cli.js
MediumNetwork
MediumEnvironment Vars
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings