registry  /  tribenest  /  0.2.0

tribenest@0.2.0

tribenest — local dev CLI + MCP server for TribeNest code websites

AI Security Review

scanned 2h ago · by lpm-firewall-ai

Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.

Static reason
No blocking static signals were detected.
Trigger
User runs `tribenest clone` or `tribenest pull`; agent capability activates when the user runs `tribenest mcp`.
Impact
A fetched project can influence coding-agent instructions and dependency installation within the user-selected checkout; no unconsented install-time mutation is present.
Mechanism
User-invoked remote project scaffolding plus MCP configuration.
Rationale
The package contains no automatic install hook or concrete malicious chain. Its explicit commands modify agent-control files and install remotely sourced project dependencies, so the policy calls for a warning rather than a clean or block verdict.
Evidence
package.jsondist/index.jsREADME.md~/.tribenest/config.json<selected-project>/.env<selected-project>/tribenest.json<selected-project>/CLAUDE.md<selected-project>/AGENTS.md<selected-project>/.mcp.json
Network endpoints3
api.tribenest.coadmin.tribenest.co127.0.0.1

Decision evidence

public snapshot
AI called this Suspicious at 87.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `clone`/`pull` write `CLAUDE.md`, `AGENTS.md`, and `.mcp.json` into the selected project.
  • Generated agent instructions include server-supplied `context.guidanceRules`.
  • `clone` runs `npm install` on the fetched project after scaffolding it.
  • The MCP command exposes authenticated platform actions to a coding agent.
Evidence against
  • `package.json` has no install, postinstall, or preinstall lifecycle hook.
  • The agent configuration writes occur only after explicit `tribenest clone` or `pull` commands.
  • Auth tokens are stored in `~/.tribenest/config.json` with mode 0600.
  • Network calls target the declared TribeNest API and use the user-created PAT; no hidden exfiltration path was found.
  • No eval, VM execution, obfuscated payload, broad credential harvesting, or destructive behavior was found.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
Manifest
CopyleftLicenseWildcardDependency
scanned 1 file(s), 65.7 KB of source, external domains: 127.0.0.1, admin.tribenest.co, api.tribenest.co

Source & flagged code

0 flagged
No flagged code excerpts are attached to this scan.

Findings

6 Medium6 Low
MediumNetwork
MediumEnvironment Vars
MediumWildcard Dependency
MediumAi Review Evidence
MediumAi Review Evidence
MediumAi Review Evidence
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowCopyleft License