registry  /  rea-agents  /  0.4.0

rea-agents@0.4.0

Reverse engineer anything from your terminal or coding agent with one CLI and MCP server.

AI Security Review

scanned 21h ago · by lpm-firewall-ai

Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.

Static reason
No blocking static signals were detected.
Trigger
User runs `rea setup`; Hopper installation requires `--yes` when absent.
Impact
Adds a persistent local MCP command registration; no stealth, credential exfiltration, remote payload execution, or destructive behavior was found.
Mechanism
Explicit coding-agent MCP configuration and approved analysis-tool installation.
Rationale
Warn because explicit setup mutates third-party AI-agent configuration, creating persistent MCP registrations. Source inspection does not establish malicious behavior or an unconsented install-time control-surface mutation.
Evidence
package.jsonscripts/rea.mjsdist/cli.jsdist/application/Setup.jsdist/application/Uninstall.jsdist/application/LinuxHopper.jsinstall.shbridge/hopper_bridge.pydist/hopper/BridgeLauncher.jsdist/native/CommandRunner.js
Network endpoints5
www.hopperapp.com/include/files-api.php?request=releases&public=truewww.hopperapp.com:443/downloader/public/raw.githubusercontent.com/Homebrew/install/HEAD/install.shnodejs.org/dist/v${NODE_VERSION}api.github.com/repos/$REPOSITORY/releases/latest

Decision evidence

public snapshot
AI called this Suspicious at 88.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `dist/application/Setup.js` writes an REA MCP registration into detected Claude, Codex, Cursor, Gemini, Windsurf, and Claude Desktop configs.
  • `dist/cli.js` exposes this as the explicit `rea setup` command.
  • `dist/application/LinuxHopper.js` can download and install Hopper after user setup approval.
Evidence against
  • `package.json` has no preinstall/install/postinstall hook; `prepare` only invokes Husky.
  • `scripts/rea.mjs` only dispatches user-invoked CLI/MCP modes.
  • `dist/application/Setup.js` uses the package's own `rea`/`npx -y rea-agents mcp` registration and backs up/readbacks configs.
  • `dist/application/Uninstall.js` removes only registrations matching REA ownership and package-owned paths.
  • Reviewed network use targets Hopper, Homebrew, Node.js, GitHub, or loopback; no credential harvesting or exfiltration found.
  • Child-process use is explicit tooling/package installation without shell evaluation in analysis paths.
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShellWebSocket
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 125 file(s), 669 KB of source, external domains: 127.0.0.1, raw.githubusercontent.com, www.hopperapp.com

Source & flagged code

3 flagged · loading source
dist/application/BinarySession.jsView file
90importEvidenceBundle(bundle) { L91: return this.#evidence.import(bundle); L92: }
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/application/BinarySession.jsView on unpkg · L90
dist/application/LinuxHopper.jsView file
1import { createHash } from "node:crypto"; L2: import { execFile } from "node:child_process"; L3: import { access, mkdtemp, readFile, rm, writeFile } from "node:fs/promises"; ... L8: const execFileAsync = promisify(execFile); L9: const RELEASES_URL = "https://www.hopperapp.com/include/files-api.php?request=releases&public=true"; L10: const DOWNLOAD_PREFIX = "https://www.hopperapp.com:443/downloader/public/"; ... L104: ok: response.ok, L105: bytes: new Uint8Array(await response.arrayBuffer()), L106: }; ... L114: const linked = await execFileAsync("ldd", [path]); L115: return linuxSharedLibrariesAvailable(`${linked.stdout}\n${linked.stderr}`); L116: }
Low
Weak Crypto

Package source references weak cryptographic algorithms.

dist/application/LinuxHopper.jsView on unpkg · L1
bridge/hopper_bridge.pyView file
path = bridge/hopper_bridge.py kind = build_helper sizeBytes = 31181 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

bridge/hopper_bridge.pyView on unpkg

Findings

5 Medium6 Low
MediumDynamic Requiredist/application/BinarySession.js
MediumNetwork
MediumEnvironment Vars
MediumShips Build Helperbridge/hopper_bridge.py
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowWeak Cryptodist/application/LinuxHopper.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings