registry  /  strikethroo  /  3.10.0

strikethroo@3.10.0

Task management for AI coding assistants

AI Security Review

scanned 2h ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. No install-time attack surface is confirmed. Explicit AI-skill execution can launch a selected locally installed AI CLI using task-controlled frontmatter.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User installs the package skills and invokes a bundled task-execution dispatcher.
Impact
A malicious project task could cause an authenticated installed AI CLI to process its task prompt in that workspace.
Mechanism
Task-directed external AI CLI process launch
Rationale
Source inspection found no malicious lifecycle behavior, credential harvesting, exfiltration, hidden payload loader, or foreign control-surface mutation. The shipped templates contain an explicit external AI-agent dispatch capability that merits a warning under the firewall policy.
Evidence
package.jsondist/cli.jsdist/index.jstemplates/harness/skills/st-execute-blueprint/SKILL.mdtemplates/harness/skills/st-execute-blueprint/scripts/dispatch-task-execution.cjs

Decision evidence

public snapshot
AI called this Suspicious at 86.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `templates/harness/skills/st-execute-blueprint/scripts/dispatch-task-execution.cjs` spawns installed AI CLI executables.
  • Task frontmatter can select an external harness/model before explicit skill execution.
  • The dispatcher passes task markdown and workspace paths to the selected external CLI.
Evidence against
  • `package.json` has no preinstall/install/postinstall hook; `prepare` only runs Husky.
  • `dist/cli.js` exposes only explicit `init` and `serve` commands.
  • `dist/index.js` writes templates only after user-invoked `init`.
  • Dispatcher uses fixed harness names, `shell: false`, PATH availability, and auth-status checks.
  • No package runtime HTTP/network module or exfiltration endpoint was found.
  • Flagged eval/New Function is bundled `gray-matter`/`js-yaml` dependency code, not a hidden loader.
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsEvalFilesystemNetworkShell
Supply chain
HighEntropyStringsMinifiedObfuscatedProtestwareTelemetryUrlStrings
ManifestNo manifest risk signals triggered.
scanned 219 file(s), 5.58 MB of source, external domains: base-ui.com, chevrotain.io, en.wikipedia.org, github.com, jquery.org, langium.org, lodash.com, openjsf.org, reactjs.org, strikethroo.canpicasoft.com, tldrlegal.com, underscorejs.org, www.w3.org

Source & flagged code

4 flagged · loading source
templates/harness/skills/st-full-workflow/scripts/dispatch-task-execution.cjsView file
283function createSection() { L284: return { key: "", data: "", content: "" }; L285: } ... L752: if (ch === "_") continue; L753: if (!isHexCode(data.charCodeAt(index))) return false; L754: hasDigits = true; ... L1371: if (ast.body[0].expression.body.type === "BlockStatement") { L1372: return new Function(params, source.slice(body[0] + 1, body[1] - 1)); L1373: } ... L3612: } L3613: var executableOnPath = (executable) => (process.env.PATH ?? "").split(path.delimiter).some((directory) => { L3614: if (!directory) return false;
High
Obfuscated Payload Loader

Source contains an obfuscator-style string-array loader that reconstructs and executes hidden code.

templates/harness/skills/st-full-workflow/scripts/dispatch-task-execution.cjsView on unpkg · L283
1371if (ast.body[0].expression.body.type === "BlockStatement") { L1372: return new Function(params, source.slice(body[0] + 1, body[1] - 1)); L1373: }
Low
Eval

Package source references a known benign dynamic code generation pattern.

templates/harness/skills/st-full-workflow/scripts/dispatch-task-execution.cjsView on unpkg · L1371
dist/prompts.jsView file
13exports.promptForConflicts = promptForConflicts; L14: const inquirer_1 = __importDefault(require("inquirer")); L15: const diff_1 = require("diff");
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/prompts.jsView on unpkg · L13
templates/harness/skills/st-execute-blueprint/scripts/dispatch-task-execution.cjsView file
matchType = previous_version_dangerous_delta matchedPackage = strikethroo@3.7.0 matchedIdentity = npm:c3RyaWtldGhyb28:3.7.0 similarity = 0.908 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

templates/harness/skills/st-execute-blueprint/scripts/dispatch-task-execution.cjsView on unpkg

Findings

1 Critical1 High5 Medium8 Low
CriticalPrevious Version Dangerous Deltatemplates/harness/skills/st-execute-blueprint/scripts/dispatch-task-execution.cjs
HighObfuscated Payload Loadertemplates/harness/skills/st-full-workflow/scripts/dispatch-task-execution.cjs
MediumDynamic Requiredist/prompts.js
MediumNetwork
MediumEnvironment Vars
MediumProtestware
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowEvaltemplates/harness/skills/st-full-workflow/scripts/dispatch-task-execution.cjs
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowTelemetry
LowUrl Strings