registry  /  usrcp-obsidian  /  0.2.1

usrcp-obsidian@0.2.1

Obsidian capture adapter for USRCP — watches a local vault and appends note edits to the ledger

AI Security Review

scanned 3d ago · by lpm-firewall-ai

No confirmed malicious attack surface. The package is a CLI Obsidian adapter that watches a user-configured local vault and appends markdown note edits to a local USRCP ledger.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
npm install postinstall; user runs usrcp-obsidian or usrcp-obsidian --reset-config
Impact
Install-time rebuild touches dependency build artifacts; runtime captures configured markdown notes into local ledger.
Mechanism
local file watcher and local ledger capture
Rationale
Static source inspection shows risky primitives are package-aligned: postinstall rebuilds better-sqlite3 and runtime reads user-selected Obsidian notes into a local ledger. No network exfiltration, credential harvesting, persistence, destructive behavior outside dependency build cleanup, or AI-agent control-surface mutation was found.
Evidence
package.jsondist/index.jsdist/config.jsdist/setup.jsdist/capture.jsdist/parse.jsREADME.mdnode_modules/better-sqlite3/buildnode_modules/usrcp-core/node_modules/better-sqlite3/buildnode_modules/usrcp-stream/node_modules/better-sqlite3/build~/.usrcp/obsidian-config.jsonconfigured vault *.md files

Decision evidence

public snapshot
AI called this Clean at 90.0% confidence as Benign with low false-positive risk.
Evidence for block
  • package.json postinstall deletes better-sqlite3 build dirs under node_modules and runs npm rebuild better-sqlite3.
  • dist/index.js imports child_process and execSync, but only for user-invoked --reset-config.
Evidence against
  • dist/index.js starts watcher only at CLI runtime, not import-time, and reads configured vault markdown files.
  • dist/capture.js writes parsed note content to local usrcp-core ledger via appendEvent; no exfiltration code found.
  • dist/config.js stores/loads ~/.usrcp/obsidian-config.json with mode 0600 and validates configured vault_path.
  • rg found no fetch/http client, remote endpoints, eval/vm/Function, native binary loader, persistence, or credential harvesting.
  • process.env use is limited to USRCP_PASSPHRASE for local ledger encryption.
  • README.md describes the same Obsidian capture adapter behavior.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystem
Supply chainNo supply-chain packaging signals triggered.
ManifestNo manifest risk signals triggered.
scanned 5 file(s), 36.5 KB of source

Source & flagged code

2 flagged · loading source
package.jsonView file
scripts.postinstall = node -e "const fs=require(\"fs\"); for (const p of [\"node_modules/better-sqlite3/build\",\"node_modules/usrcp-core/node_modules/better-sqlite3/build\",\"node_modules/usrcp-stream/...
Critical
Red Install Lifecycle Script

Install-time lifecycle script matches a deterministic static-gate block pattern.

package.jsonView on unpkg
scripts.postinstall = node -e "const fs=require(\"fs\"); for (const p of [\"node_modules/better-sqlite3/build\",\"node_modules/usrcp-core/node_modules/better-sqlite3/build\",\"node_modules/usrcp-stream/...
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg

Findings

1 Critical1 High1 Medium2 Low
CriticalRed Install Lifecycle Scriptpackage.json
HighInstall Time Lifecycle Scriptspackage.json
MediumEnvironment Vars
LowScripts Present
LowFilesystem