registry  /  usrcp-obsidian  /  0.2.2

usrcp-obsidian@0.2.2

Obsidian capture adapter for USRCP — watches a local vault and appends note edits to the ledger

AI Security Review

scanned 2h ago · by lpm-firewall-ai

No confirmed malicious attack surface. The install hook is a native dependency rebuild workaround, while runtime behavior is a user-launched Obsidian vault watcher that records note edits to the local USRCP ledger.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
npm install for rebuild hook; user runs usrcp-obsidian for watcher
Impact
Configured markdown notes may be read and stored in the local ledger when the user runs the watcher
Mechanism
local file watcher and ledger append
Rationale
Source inspection shows package-aligned local Obsidian capture behavior and a noisy but explainable postinstall rebuild command. I found no credential harvesting, network exfiltration, persistence, destructive behavior beyond deleting native build artifacts for rebuild, or AI-agent control-surface mutation.
Evidence
package.jsondist/index.jsdist/config.jsdist/setup.jsdist/capture.jsdist/parse.jsREADME.mdnode_modules/better-sqlite3/buildnode_modules/usrcp-core/node_modules/better-sqlite3/buildnode_modules/usrcp-stream/node_modules/better-sqlite3/build~/.usrcp/obsidian-config.jsonconfigured vault_path/**/*.md

Decision evidence

public snapshot
AI called this Clean at 90.0% confidence as Benign with low false-positive risk.
Evidence for block
  • package.json postinstall removes better-sqlite3 build dirs and runs npm rebuild better-sqlite3 at install time
  • dist/index.js imports child_process and execSync, but only for user-invoked --reset-config
  • dist/index.js reads configured vault markdown files and env USRCP_PASSPHRASE at runtime
Evidence against
  • No install-time writes to AI-agent control surfaces, shell startup, VCS hooks, or persistence files found
  • No package runtime network calls or exfiltration endpoints found
  • dist/config.js writes only package config ~/.usrcp/obsidian-config.json with mode 0600 during setup
  • dist/capture.js appends parsed note content to local usrcp-core Ledger under user config
  • README.md describes the vault watcher and local ledger behavior consistently
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystem
Supply chainNo supply-chain packaging signals triggered.
ManifestNo manifest risk signals triggered.
scanned 5 file(s), 36.5 KB of source

Source & flagged code

2 flagged · loading source
package.jsonView file
scripts.postinstall = node -e "const fs=require(\"fs\"); for (const p of [\"node_modules/better-sqlite3/build\",\"node_modules/usrcp-core/node_modules/better-sqlite3/build\",\"node_modules/usrcp-stream/...
Critical
Red Install Lifecycle Script

Install-time lifecycle script matches a deterministic static-gate block pattern.

package.jsonView on unpkg
scripts.postinstall = node -e "const fs=require(\"fs\"); for (const p of [\"node_modules/better-sqlite3/build\",\"node_modules/usrcp-core/node_modules/better-sqlite3/build\",\"node_modules/usrcp-stream/...
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg

Findings

1 Critical1 High1 Medium2 Low
CriticalRed Install Lifecycle Scriptpackage.json
HighInstall Time Lifecycle Scriptspackage.json
MediumEnvironment Vars
LowScripts Present
LowFilesystem