registry  /  strikethroo  /  3.14.0

strikethroo@3.14.0

Task management for AI coding assistants

AI Security Review

scanned 3h ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. Explicit initialization installs first-party agent prompt files into selected AI-harness directories. User-invoked workflow templates can launch local harness binaries and a local server can launch `self-review` for validated plan files; no unconsented install-time mutation or exfiltration is established.

Static reason
One or more suspicious static signals were detected.; source matched previously finalized malicious package; routed for review; previous stored version diff introduced dangerous source
Trigger
User runs `strikethroo init --harnesses ...`, installs/runs bundled skills, or calls the local serve API.
Impact
Can modify selected project-local agent configuration and invoke locally installed review/harness tools.
Mechanism
Explicit AI-agent extension setup and local CLI orchestration.
Rationale
The package has explicit project-local AI-agent configuration and local process-launch capabilities, warranting a warning under the extension-lifecycle policy. Source inspection found no unconsented lifecycle mutation, network exfiltration, remote code loading, credential theft, or destructive behavior.
Evidence
package.jsondist/index.jsdist/harnesses/agent-adapter.jsdist/utils.jsdist/serve/self-review.jstemplates/harness/skills/st-full-workflow/scripts/dispatch-task-execution.cjs.ai/strikethroo.codex/agents.claude/agents.github/agents.gemini/agents.cursor/agents.opencode/agents

Decision evidence

public snapshot
AI called this Suspicious at 90.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `dist/index.js` `init` copies templates after explicit `strikethroo init`.
  • `dist/harnesses/agent-adapter.js` writes agent files to selected harness directories.
  • `dist/utils.js` targets `.codex/agents`, `.claude/agents`, `.github/agents`, and peers.
  • `templates/harness/skills/st-full-workflow/scripts/dispatch-task-execution.cjs` can launch selected local harness CLIs when a skill is run.
  • `dist/serve/self-review.js` launches PATH-resolved `self-review` from a local POST endpoint.
Evidence against
  • `package.json` has no `preinstall`, `install`, or `postinstall` hook.
  • `prepare` only invokes `husky`; published files omit a `.husky` directory.
  • Init requires an explicit CLI command and selected `--harnesses` values.
  • No credential harvesting, HTTP client, remote payload download, or exfiltration was found.
  • Server endpoints bind to `localhost`; path validation confines self-review inputs to workspace plans/archive.
  • Dispatcher uses argv-based process spawning; bundled `eval`/`Function` occur in vendored parsing code.
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsEvalFilesystemNetworkShell
Supply chain
HighEntropyStringsMinifiedObfuscatedProtestwareTelemetryUrlStrings
ManifestNo manifest risk signals triggered.
scanned 224 file(s), 6.16 MB of source, external domains: base-ui.com, chevrotain.io, en.wikipedia.org, github.com, jquery.org, langium.org, lodash.com, openjsf.org, reactjs.org, strikethroo.canpicasoft.com, tldrlegal.com, underscorejs.org, www.w3.org

Source & flagged code

8 flagged · loading source
dist/serve/server.jsView file
59const path = __importStar(require("path")); L60: const child_process_1 = require("child_process"); L61: const url_1 = require("url");
High
Child Process

Package source references child process execution.

dist/serve/server.jsView on unpkg · L59
templates/harness/skills/st-full-workflow/scripts/dispatch-task-execution.cjsView file
288Cross-file remote execution chain: templates/harness/skills/st-full-workflow/scripts/dispatch-task-execution.cjs spawns dist/index.js; helper contains network access plus dynamic code execution. L288: function createSection() { L289: return { key: "", data: "", content: "" }; L290: } ... L757: if (ch === "_") continue; L758: if (!isHexCode(data.charCodeAt(index))) return false; L759: hasDigits = true; ... L1376: if (ast.body[0].expression.body.type === "BlockStatement") { L1377: return new Function(params, source.slice(body[0] + 1, body[1] - 1)); L1378: } ... L3548: const nodeScript = /\.(?:cjs|mjs|js)$/.test(scriptPath); L3549: const stdout = nodeScript ? (0, import_child_process.execFileSync)(process.execPath, [scriptPath], { L3550: input,
High
Cross File Remote Execution Context

Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.

templates/harness/skills/st-full-workflow/scripts/dispatch-task-execution.cjsView on unpkg · L288
1376if (ast.body[0].expression.body.type === "BlockStatement") { L1377: return new Function(params, source.slice(body[0] + 1, body[1] - 1)); L1378: }
Low
Eval

Package source references a known benign dynamic code generation pattern.

templates/harness/skills/st-full-workflow/scripts/dispatch-task-execution.cjsView on unpkg · L1376
dist/prompts.jsView file
13exports.promptForConflicts = promptForConflicts; L14: const inquirer_1 = __importDefault(require("inquirer")); L15: const diff_1 = require("diff");
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/prompts.jsView on unpkg · L13
dist-web/assets/cytoscape.esm-BHYC38rz.jsView file
matchType = normalized_sha256 matchedPackage = @yancyyu/agentcli@1.9.14 matchedPath = dist-renderer/assets/cytoscape.esm-DsxaTqgk.js matchedIdentity = npm:QHlhbmN5eXUvYWdlbnRjbGk:1.9.14 similarity = 1.000 summary = normalized source hash matched finalized malicious source
High
Known Malware Source Similarity

Source file is highly similar to a previously finalized malicious package; route for source-aware review.

dist-web/assets/cytoscape.esm-BHYC38rz.jsView on unpkg
dist-web/assets/sql-D0XecflT.jsView file
matchType = normalized_sha256 matchedPackage = @yancyyu/agentcli@1.9.14 matchedPath = dist-renderer/assets/sql-D0XecflT.js matchedIdentity = npm:QHlhbmN5eXUvYWdlbnRjbGk:1.9.14 similarity = 1.000 summary = normalized source hash matched finalized malicious source
High
Known Malware Source Similarity

Source file is highly similar to a previously finalized malicious package; route for source-aware review.

dist-web/assets/sql-D0XecflT.jsView on unpkg
dist-web/assets/vbscript-BuJXcnF6.jsView file
matchType = normalized_sha256 matchedPackage = @yancyyu/agentcli@1.9.14 matchedPath = dist-renderer/assets/vbscript-BuJXcnF6.js matchedIdentity = npm:QHlhbmN5eXUvYWdlbnRjbGk:1.9.14 similarity = 1.000 summary = normalized source hash matched finalized malicious source
High
Known Malware Source Similarity

Source file is highly similar to a previously finalized malicious package; route for source-aware review.

dist-web/assets/vbscript-BuJXcnF6.jsView on unpkg
templates/harness/skills/st-full-workflow/scripts/route-task-execution.cjsView file
matchType = previous_version_dangerous_delta matchedPackage = strikethroo@3.13.0 matchedIdentity = npm:c3RyaWtldGhyb28:3.13.0 similarity = 0.958 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

templates/harness/skills/st-full-workflow/scripts/route-task-execution.cjsView on unpkg

Findings

1 Critical6 High5 Medium8 Low
CriticalPrevious Version Dangerous Deltatemplates/harness/skills/st-full-workflow/scripts/route-task-execution.cjs
HighChild Processdist/serve/server.js
HighShell
HighCross File Remote Execution Contexttemplates/harness/skills/st-full-workflow/scripts/dispatch-task-execution.cjs
HighKnown Malware Source Similaritydist-web/assets/cytoscape.esm-BHYC38rz.js
HighKnown Malware Source Similaritydist-web/assets/sql-D0XecflT.js
HighKnown Malware Source Similaritydist-web/assets/vbscript-BuJXcnF6.js
MediumDynamic Requiredist/prompts.js
MediumNetwork
MediumEnvironment Vars
MediumProtestware
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowEvaltemplates/harness/skills/st-full-workflow/scripts/dispatch-task-execution.cjs
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowTelemetry
LowUrl Strings