registry  /  telodocs  /  0.2.2

telodocs@0.2.2

Documentation MCP server and docs site — content in docs/, telodocs runs the rest

AI Security Review

scanned 2h ago · by lpm-firewall-ai

Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs `telodocs new <project-name>`.
Impact
Downstream coding agents may follow the first-party documentation workflow; default API-key use is weak if gated auth is enabled unchanged.
Mechanism
User-invoked scaffold writes project templates, including `AGENTS.md` and `.env`.
Rationale
Source inspection finds no concrete malicious behavior. Per policy, the explicit CLI scaffold's AI-agent instruction-file write is a warn-level capability risk rather than a block.
Evidence
package.jsondist/cli/commands/new.jstemplate/AGENTS.mdtemplate/.env.exampledist/cli/commands/serve.jsdist/server/search/search.service.js

Decision evidence

public snapshot
AI called this Suspicious at 84.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `telodocs new` copies `template/AGENTS.md` into the user-selected project.
  • The scaffold writes `.env` with a known default API key.
Evidence against
  • `package.json` has only `prepublishOnly`; install does not execute package code.
  • `new` is an explicit CLI command, validates the target, and only scaffolds selected project files.
  • `serve` starts the packaged server via explicit `dev`/`start` commands; no runtime package-manager install occurs.
  • Search spawns bundled ripgrep only for requested docs searches and constrains paths to `docs/`.
  • No source evidence of secret harvesting, exfiltration, remote payload loading, eval, or destructive actions.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystem
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 55 file(s), 113 KB of source, external domains: cdnjs.cloudflare.com

Source & flagged code

3 flagged · loading source
dist/server/search/search.service.jsView file
55const fast_glob_1 = __importDefault(require("fast-glob")); L56: const node_child_process_1 = require("node:child_process"); L57: const config_schema_1 = require("../core/config/config.schema");
High
Child Process

Package source references child process execution.

dist/server/search/search.service.jsView on unpkg · L55
dist/cli/commands/serve.jsView file
20const entry = resolveServerEntry(packageRoot); L21: const child = (0, node_child_process_1.spawn)(process.platform === "win32" ? "npx.cmd" : "npx", ["tsx", "watch", entry], { L22: cwd: process.cwd(),
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

dist/cli/commands/serve.jsView on unpkg · L20
dist/cli/commands/new.jsView file
matchType = previous_version_dangerous_delta matchedPackage = telodocs@0.2.1 matchedIdentity = npm:dGVsb2RvY3M:0.2.1 similarity = 0.982 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/cli/commands/new.jsView on unpkg

Findings

1 Critical2 High2 Medium5 Low
CriticalPrevious Version Dangerous Deltadist/cli/commands/new.js
HighChild Processdist/server/search/search.service.js
HighRuntime Package Installdist/cli/commands/serve.js
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings