registry  /  shrimps  /  0.2.2

shrimps@0.2.2

AI Security Review

scanned 3h ago · by lpm-firewall-ai

No confirmed malicious install-time behavior is present. The unresolved risk is explicit CLI-driven remote component fetching plus unescaped shell execution of remotely supplied dependency names.

Static reason
One or more suspicious static signals were detected.
Trigger
User runs `shrimps add <component>` or `shrimps init`.
Impact
Could write UI files and install dependencies; malicious remote registry dependency strings could become shell execution.
Mechanism
Runtime fetch/write plus package-manager execSync
Rationale
This is not malicious by source inspection because activation is explicit CLI use and there is no lifecycle hook, exfiltration, persistence, or stealth behavior. It merits a warning because remote registry data flows into shell execution without sanitization.
Evidence
package.jsonbin/index.jssrc/add.jssrc/fetch.jssrc/write.jssrc/components/ui/<name>.tsxcomponents/ui/<name>.tsxsrc/app/globals.cssapp/globals.css
Network endpoints1
raw.githubusercontent.com/Cyrexart/shrimps-cn/main/packages/ui

Decision evidence

public snapshot
AI called this Suspicious at 86.0% confidence as Critical Vulnerability with medium false-positive risk.
Evidence for warning
  • src/add.js builds package-manager shell commands from remote registry dependencies with deps.join(" ") and execSync.
  • src/fetch.js fetches registry/components from raw.githubusercontent.com at runtime.
  • src/write.js overwrites project component files and globals.css during explicit CLI commands.
Evidence against
  • package.json has no preinstall/install/postinstall lifecycle hooks.
  • bin/index.js only exposes user-invoked `add <component>` and `init` commands.
  • No credential/env harvesting, persistence, destructive filesystem traversal, or exfiltration logic found.
  • Network endpoint is package-aligned component registry content, not an unrelated collector.
Behavioral surface
Source
ChildProcessFilesystemNetworkShell
Supply chain
UrlStrings
Manifest
NoLicense
scanned 4 file(s), 4.33 KB of source, external domains: raw.githubusercontent.com

Source & flagged code

2 flagged · loading source
src/add.jsView file
1import { execSync } from "child_process"; L2: import { fetchComponent } from "./fetch.js";
High
Child Process

Package source references child process execution.

src/add.jsView on unpkg · L1
6try { L7: execSync("pnpm --version", { stdio: "ignore" }); L8: return "pnpm"; ... L19: const cmd = { L20: pnpm: `pnpm add ${deps.join(" ")}`, L21: yarn: `yarn add ${deps.join(" ")}`,
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

src/add.jsView on unpkg · L6

Findings

3 High1 Medium4 Low
HighChild Processsrc/add.js
HighShell
HighRuntime Package Installsrc/add.js
MediumNetwork
LowScripts Present
LowFilesystem
LowUrl Strings
LowNo License