AI Security Review
scanned 2h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Static reason
One or more suspicious static signals were detected.
Trigger
Running `syrax-audit` interactively and accepting Husky or Premium Autofix prompts.
Impact
Can persist a project Git hook and cause an external AI CLI to modify the current project using remotely supplied audit prompts.
Mechanism
explicit Git-hook setup and AI-agent control-file/CLI execution
Rationale
The package exposes real, remotely influenced AI-agent and Git-hook mutation capabilities, but they require explicit interactive user choices and are not hidden lifecycle behavior. This is a warning-level dangerous capability rather than confirmed malicious execution.
Evidence
package.jsonbin/index.js.env.husky/pre-commit.husky/pre-pushsyrax-report.json.cursorrules
Network endpoints2
localhost:5173syrax-analyzer.moisesvalero.es/api/web-audit/cli-analyze
Decision evidence
public snapshotAI called this Suspicious at 90.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
- `bin/index.js` POSTs audited local HTML and optional Syrax API key to `syrax-analyzer.moisesvalero.es`.
- Interactive setup can install Husky and create executable `.husky/pre-commit` or `.husky/pre-push` hooks.
- Explicit Autofix writes `.cursorrules` directing AI agents to consume remote-supplied issue prompts.
- Claude Autofix runs `npx @anthropic-ai/claude-code` with instructions to modify the current codebase.
Evidence against
- `package.json` has no preinstall, install, postinstall, or prepare lifecycle hook.
- All hook and Autofix mutations are behind interactive user confirmations and agent selection.
- Source reads only `SYRAX_API_KEY` from `.env`; no general credential harvesting found.
- No eval, VM, binary loading, obfuscation, or hidden package files found.
Behavioral surface
ChildProcessEnvironmentVarsFilesystemNetworkShell
UrlStrings
Source & flagged code
3 flagged · loading sourcebin/index.jsView file
4import path from 'path';
L5: import { execSync } from 'child_process';
L6: import prompts from 'prompts';
High
141launchedProcess = spawn(`${packageManager} run dev`, [], {
L142: shell: true,
L143: stdio: 'pipe'
High
324const installCmd =
L325: packageManager === 'pnpm' ? 'pnpm add -D husky' : 'npm install --save-dev husky';
L326: execSync(installCmd, { stdio: 'ignore' });
L327: execSync('npx husky init', { stdio: 'ignore' });
High
Runtime Package Install
Package source invokes a package manager install command at runtime.
bin/index.jsView on unpkg · L324Findings
3 High2 Medium3 Low
HighChild Processbin/index.js
HighShellbin/index.js
HighRuntime Package Installbin/index.js
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowUrl Strings