registry  /  usrcp-stream  /  0.2.1

usrcp-stream@0.2.1

Cross-surface conversation layer for USRCP - encrypted local capture, embeddings, thread stitching, active-surface presence

AI Security Review

scanned 3d ago · by lpm-firewall-ai

No confirmed malicious attack surface was found. Risky behavior is package-aligned: a native dependency rebuild at install, user-invoked MCP/CLI capture, opt-in embeddings, and user-specified cloud sync.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
npm install for rebuild; user runs usrcp-stream init/serve/sync for runtime features
Impact
Stores user-provided conversation events locally and can sync encrypted events or request embeddings when explicitly configured
Mechanism
declared encrypted local memory and sync tooling
Rationale
Static inspection shows declared CLI/MCP functionality for encrypted conversation capture, embeddings, and optional sync; suspicious primitives are user-invoked or install-time dependency maintenance rather than covert collection or exfiltration. The postinstall hook is undesirable but narrowly scoped to rebuilding better-sqlite3 and does not establish malicious intent by itself.
Evidence
package.jsonREADME.mddist/index.jsdist/sync.jsdist/config-io.jsdist/embeddings/openai.jsdist/embeddings/voyage.jsdist/embeddings/ollama.jsdist/capture/ingest.jsnode_modules/better-sqlite3/buildnode_modules/usrcp-core/node_modules/better-sqlite3/buildnode_modules/usrcp-stream/node_modules/better-sqlite3/buildstream-config.tomlstream.db
Network endpoints5
localhost:11434api.openai.com/v1/embeddingsapi.voyageai.com/v1/embeddings/v1/stream/push/v1/stream/pull

Decision evidence

public snapshot
AI called this Clean at 86.0% confidence as Benign with medium false-positive risk.
Evidence for block
  • package.json has postinstall deleting better-sqlite3 build dirs and running npm rebuild better-sqlite3
  • dist/sync.js can push encrypted local stream events to a user-supplied --endpoint
  • dist/embeddings/openai.js and voyage.js send plaintext text to vendor APIs after configured consent
Evidence against
  • dist/index.js commands are CLI-invoked; import only dispatches CLI main, no hidden payload beyond declared bin behavior
  • postinstall is narrow to better-sqlite3 build folders for native rebuild, not credential/file harvesting or persistence
  • dist/config-io.js stores vendor API key inside encrypted stream-config.toml
  • README.md documents local encrypted capture, opt-in vendor embedding providers, and explicit cloud sync endpoints
  • rg found no child_process, eval, Function, native payload loading, prompt injection, or AI-agent control-surface writes in dist
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetwork
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 32 file(s), 115 KB of source, external domains: api.openai.com, api.voyageai.com

Source & flagged code

2 flagged · loading source
package.jsonView file
scripts.postinstall = node -e "const fs=require(\"fs\"); for (const p of [\"node_modules/better-sqlite3/build\",\"node_modules/usrcp-core/node_modules/better-sqlite3/build\",\"node_modules/usrcp-stream/...
Critical
Red Install Lifecycle Script

Install-time lifecycle script matches a deterministic static-gate block pattern.

package.jsonView on unpkg
scripts.postinstall = node -e "const fs=require(\"fs\"); for (const p of [\"node_modules/better-sqlite3/build\",\"node_modules/usrcp-core/node_modules/better-sqlite3/build\",\"node_modules/usrcp-stream/...
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg

Findings

1 Critical1 High2 Medium4 Low
CriticalRed Install Lifecycle Scriptpackage.json
HighInstall Time Lifecycle Scriptspackage.json
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings