registry  /  roadmapped  /  0.2.0

roadmapped@0.2.0

Project management as flat files in your repo — YAML tasks, a computed roadmap, driven by your AI agent through a CLI and a Claude skill. No database, no SaaS, no account.

AI Security Review

scanned 3h ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. Explicit initialization mutates the host repository’s Claude and MCP integration files. Launching the dashboard may background-update the package from its GitHub repository after a remote-head check. No install-time execution or credential-exfiltration path was found.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs `roadmapped init`, `roadmapped upgrade`, or `roadmapped dashboard`.
Impact
The package can add persistent project-scoped agent hooks/instructions and replace its own code through a detached package-manager install.
Mechanism
First-party AI-agent integration setup plus automatic GitHub-based runtime update.
Rationale
Source inspection does not establish malicious theft, destructive behavior, or unconsented install-time control-surface mutation. The package nevertheless has real explicit agent-extension setup and automatic self-update capability, so it warrants a warning rather than a clean verdict.
Evidence
package.jsonbin/roadmapped.mjsscripts/install.mjsscripts/mcp-server.mjssrc/lib/updateNotifier.tssrc/server/api.ts.mcp.json.claude/settings.json.claude/skills/roadmappedCLAUDE.md.git/hooks/pre-commitroadmapped.config.json.roadmapped/uv/uv
Network endpoints2
github.com/5e1y/roadmapped.gitgithub.com/astral-sh/uv/releases/download/0.9.20

Decision evidence

public snapshot
AI called this Suspicious at 90.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `scripts/install.mjs` invoked by explicit `roadmapped init`/`upgrade` merges a `roadmapped` server into host `.mcp.json`.
  • `scripts/install.mjs` writes a Claude `SessionStart` command hook in host `.claude/settings.json` and copies a skill to `.claude/skills/roadmapped`.
  • `scripts/install.mjs` appends/updates host `CLAUDE.md` instructions that direct agents to run `npx roadmapped dashboard`.
  • `bin/roadmapped.mjs` calls `autoUpdate` on `roadmapped dashboard`; `src/lib/updateNotifier.ts` can detached-spawn `npm install github:5e1y/roadmapped && npx roadmapped upgrade`.
  • `scripts/install.mjs` can download a pinned `uv` release, verifies its SHA-256, extracts it, and writes it under the host configuration path.
Evidence against
  • `package.json` has no `preinstall`, `install`, or `postinstall` lifecycle hook.
  • Agent configuration writes are reached only through explicit `roadmapped init` or `roadmapped upgrade`, not package installation or import.
  • The MCP entry targets the package-owned `scripts/mcp-server.mjs`; source inspection found no credential harvesting or exfiltration.
  • CLI dynamic imports resolve package-local paths, and dashboard probing/API serve only `localhost`.
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsMinifiedObfuscatedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 83 file(s), 2.07 MB of source, external domains: base-ui.com, github.com, graphify.net, reactjs.org, www.w3.org

Source & flagged code

6 flagged · loading source
bin/roadmapped.mjsView file
20L21: const { spawnSync } = await import('node:child_process') L22: const { fileURLToPath, pathToFileURL } = await import('node:url')
High
Child Process

Package source references child process execution.

bin/roadmapped.mjsView on unpkg · L20
20Manifest entrypoint (manifest.bin) carries capability families absent from dist/build output: environment+network, execution+network L20: L21: const { spawnSync } = await import('node:child_process') L22: const { fileURLToPath, pathToFileURL } = await import('node:url') ... L78: const { findHostRoot } = await importPkg('src/lib/paths.ts') L79: const envRoot = process.env.ROADMAPPED_ROOT L80: const hostRoot = envRoot && envRoot.trim() !== '' ? resolve(envRoot) : findHostRoot() ... L101: try { L102: const res = await fetch(`http://localhost:${p}/api/tree`, { signal: AbortSignal.timeout(500) }) L103: const body = res.ok ? await res.json().catch(() => null) : null L104: return body && typeof body.ok === 'boolean' && body.hostRoot === hostRoot ? p : null
High
Entrypoint Build Divergence

Manifest entrypoint contains risky behavior absent from dist/build output.

bin/roadmapped.mjsView on unpkg · L20
20L21: const { spawnSync } = await import('node:child_process') L22: const { fileURLToPath, pathToFileURL } = await import('node:url')
Medium
Dynamic Require

Package source references dynamic require/import behavior.

bin/roadmapped.mjsView on unpkg · L20
src/lib/updateNotifier.tsView file
123const child = spawn(`npm install github:${REPO} && npx roadmapped upgrade`, { L124: cwd: hostRoot, detached: true, stdio: 'ignore', shell: true, L125: })
High
Shell

Package source references shell execution.

src/lib/updateNotifier.tsView on unpkg · L123
122function runUpdate(hostRoot: string): void { L123: const child = spawn(`npm install github:${REPO} && npx roadmapped upgrade`, { L124: cwd: hostRoot, detached: true, stdio: 'ignore', shell: true,
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

src/lib/updateNotifier.tsView on unpkg · L122
scripts/install.mjsView file
matchType = previous_version_dangerous_delta matchedPackage = roadmapped@0.1.0 matchedIdentity = npm:cm9hZG1hcHBlZA:0.1.0 similarity = 0.781 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

scripts/install.mjsView on unpkg

Findings

1 Critical4 High4 Medium5 Low
CriticalPrevious Version Dangerous Deltascripts/install.mjs
HighChild Processbin/roadmapped.mjs
HighShellsrc/lib/updateNotifier.ts
HighEntrypoint Build Divergencebin/roadmapped.mjs
HighRuntime Package Installsrc/lib/updateNotifier.ts
MediumDynamic Requirebin/roadmapped.mjs
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings