registry  /  tracepulse  /  0.9.29

tracepulse@0.9.29

Runtime feedback MCP server for AI coding agents. ViewGraph sees the UI - TracePulse feels the backend.

AI Security Review

scanned 2h ago · by lpm-firewall-ai

Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.

Static reason
No blocking static signals were detected.
Trigger
User runs `tracepulse init --claude` or another explicit init client option.
Impact
Can steer or block an AI coding agent's shell workflow until bypassed or removed.
Mechanism
Explicit AI-agent configuration and shell-command gating.
Rationale
Source inspection confirms an explicit-user-command AI-agent configuration capability, not concrete malware behavior. Flag as warn because the installed global rule and hook can alter agent behavior, while installation itself is inert.
Evidence
package.jsondist/cli.jsdist/init-command-QPC4IKM5.jsdist/manifest-registration-4Y6IBOFP.jsskills/claude-hooks/tracepulse-gate.shskills/claude-rules/tracepulse.md~/.claude/rules/tracepulse.md.claude/hooks/tracepulse-gate.sh.claude/mcp.json.kiro/settings/mcp.json.cursor/mcp.json.mcp.json
Network endpoints2
registry.npmjs.org/tracepulse/latest${DASHBOARD_URL}/api/v1/manifests

Decision evidence

public snapshot
AI called this Suspicious at 92.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `dist/init-command-QPC4IKM5.js` writes `~/.claude/rules/tracepulse.md`, described as auto-loaded every session.
  • Explicit `tracepulse init --claude` installs a Claude PreToolUse Bash hook that denies test/build/lint commands unless bypassed.
  • Explicit init also writes MCP configs and Kiro hooks/prompts in the selected project.
Evidence against
  • `package.json` has no preinstall/install/postinstall lifecycle hook; `prepublishOnly` only builds before publishing.
  • Agent-control writes are reachable only through the explicit `init` CLI command, not import or installation.
  • Network use is limited to an npm update check and optional `DASHBOARD_URL` manifest registration; no credential harvesting or remote code loading found.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
Manifest
CopyleftLicense
scanned 15 file(s), 342 KB of source, external domains: 127.0.0.1, registry.npmjs.org

Source & flagged code

1 flagged · loading source
bin/tracepulse.cmdView file
path = bin/tracepulse.cmd kind = build_helper sizeBytes = 143 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

bin/tracepulse.cmdView on unpkg

Findings

4 Medium6 Low
MediumNetwork
MediumEnvironment Vars
MediumShips Build Helperbin/tracepulse.cmd
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowCopyleft License