registry  /  tokencap  /  1.2.0

tokencap@1.2.0

Self-Loading Universal Context Layer for AI Coding Agents. Stop teaching every AI your codebase. TokenCap makes project intelligence self-discoverable.

AI Security Review

scanned 2h ago · by lpm-firewall-ai

Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.

Static reason
No blocking static signals were detected.
Trigger
User runs `tokencap agent` in a project workspace.
Impact
Can alter repository AI-agent guidance if the user invokes the command.
Mechanism
Explicit AI-agent instruction and context-file generation.
Rationale
No concrete malicious chain was found. The explicit overwrite of a recognized AI-agent instruction file is a real, non-blocking capability that warrants warning under the stated policy.
Evidence
package.jsonbin/tokencap.jssrc/agent/buildAgent.jssrc/agent/buildExecutionContract.jssrc/extension.jsAGENTS.md.tokencap/agent/agent.json.tokencap/agent/START_HERE.md.tokencap/agent/model-instructions.md

Decision evidence

public snapshot
AI called this Suspicious at 91.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `bin/tokencap.js` writes workspace-root `AGENTS.md` under explicit `tokencap agent`.
  • `src/agent/buildAgent.js` creates AI-oriented instructions under `.tokencap/agent/`.
  • `package.json` activates the VS Code extension on startup; save events can regenerate project-context files.
Evidence against
  • `package.json` has no preinstall, install, or postinstall lifecycle hook.
  • No HTTP client, credential harvesting, environment-secret access, or data exfiltration was found.
  • Process execution is limited to local git inspection and an explicit local-file browser opener.
  • Agent-control write is not performed by install or automatic extension activation.
Behavioral surface
Source
ChildProcessFilesystem
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 100 file(s), 757 KB of source, external domains: d3js.org, fonts.googleapis.com, unpkg.com

Source & flagged code

3 flagged · loading source
bin/tokencap.jsView file
Published source reference
Medium
Ai Review Evidence

`bin/tokencap.js` writes workspace-root `AGENTS.md` under explicit `tokencap agent`.

bin/tokencap.jsView on unpkg
src/agent/buildAgent.jsView file
Published source reference
Medium
Ai Review Evidence

`src/agent/buildAgent.js` creates AI-oriented instructions under `.tokencap/agent/`.

src/agent/buildAgent.jsView on unpkg
package.jsonView file
Published source reference
Medium
Ai Review Evidence

`package.json` activates the VS Code extension on startup; save events can regenerate project-context files.

package.jsonView on unpkg

Findings

3 Medium5 Low
MediumAi Review Evidencebin/tokencap.js
MediumAi Review Evidencesrc/agent/buildAgent.js
MediumAi Review Evidencepackage.json
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings