registry  /  wizz-method  /  1.3.0

wizz-method@1.3.0

Wizz Method — método de agência orientado por IA em PT-BR (fork independente do BMad Method)

AI Security Review

scanned 3d ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. No confirmed malicious attack surface by static inspection. The package is an AI-agent methodology installer with user-invoked project-local skill, MCP, and optional CLI setup, which creates agent control-surface artifacts only as the package's documented function.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs wizz install or wizz-method install
Impact
Installs Wizz skills/config into selected project directories and may add selected MCP server placeholders or run selected CLI install commands
Mechanism
user-invoked agent skill/IDE installer with optional MCP and CLI dependency setup
Rationale
The risky primitives are aligned with a user-invoked AI-agent platform installer and are guarded by explicit command/options/prompts rather than npm lifecycle delivery. Because it installs package-owned skills and can configure agent/MCP surfaces, it carries agent extension lifecycle risk but not concrete malicious behavior.
Evidence
package.jsontools/installer/wizz-cli.jstools/installer/commands/install.jstools/installer/core/installer.jstools/installer/modules/mcp-config.jstools/installer/modules/cli-config.jstools/installer/ide/_config-driven.jstools/installer/ide/platform-codes.yaml_wizz/<project>/.mcp.json<project>/.claude/skills<project>/.agents/skills<project>/.github/agents
Network endpoints6
api.github.comgithub.commethod.wizzcomms.comfonts.googleapis.comfonts.gstatic.comunpkg.com

Decision evidence

public snapshot
AI called this Suspicious at 86.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • package.json exposes a user-invoked wizz CLI and a prepare hook that only runs husky if present
  • tools/installer/core/installer.js can install package skills into project IDE dirs and optionally merge selected MCP entries into project .mcp.json
  • tools/installer/modules/cli-config.js can run registry-defined npm/curl install commands, but comments and command flow indicate caller-selected CLI install
Evidence against
  • No npm install/import-time execution of installer; prepare is limited to husky setup
  • tools/installer/commands/install.js routes writes through explicit install command/options/prompts
  • tools/installer/ide/platform-codes.yaml documents project-local target_dir and says global_target_dir is not used by code
  • tools/installer/modules/mcp-config.js merges additively, does not overwrite existing MCP servers, and uses placeholder env values
  • tools/installer/wizz-cli.js npm view update check is best-effort package-aligned network use
  • Pagefind wasm blob and test fixture are shipped assets, not invoked by lifecycle or entrypoint
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsMinifiedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 80 file(s), 1.05 MB of source, external domains: api.github.com, bmadcode.com, example.com, github.com, harrymkt.github.io, method.wizzcomms.com, openspeech.bytedance.com, registry.npmjs.org, www.w3.org, yekta.dev

Source & flagged code

10 flagged · loading source
tools/bundle-web-bundles.jsView file
15const path = require('node:path'); L16: const { execSync, execFileSync } = require('node:child_process'); L17:
High
Child Process

Package source references child process execution.

tools/bundle-web-bundles.jsView on unpkg · L15
13L14: const fs = require('node:fs'); L15: const path = require('node:path');
Medium
Dynamic Require

Package source references dynamic require/import behavior.

tools/bundle-web-bundles.jsView on unpkg · L13
src/skills-lib/huashu-design/scripts/tts-doubao.mjsView file
14* L15: * env(自动从 skill 根目录 .env 读取,也可走 process.env 覆盖): L16: * DOUBAO_TTS_API_KEY 必填 ... L18: * DOUBAO_TTS_CLUSTER 默认 volcano_icl L19: * DOUBAO_TTS_ENDPOINT 默认 https://openspeech.bytedance.com/api/v1/tts L20: */ ... L23: import path from 'node:path'; L24: import { execFileSync } from 'node:child_process'; L25: import { fileURLToPath } from 'node:url';
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

src/skills-lib/huashu-design/scripts/tts-doubao.mjsView on unpkg · L14
tools/installer/yaml-format.jsView file
145// Use yaml-lint for additional validation L146: execSync(`npx yaml-lint "${filePath}"`, { stdio: 'pipe' }); L147: return true;
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

tools/installer/yaml-format.jsView on unpkg · L145
tools/validate-svg-changes.shView file
path = tools/validate-svg-changes.sh kind = build_helper sizeBytes = 11240 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

tools/validate-svg-changes.shView on unpkg
build/site/pagefind/wasm.unknown.pagefindView file
path = build/site/pagefind/wasm.unknown.pagefind kind = high_entropy_blob sizeBytes = 52697 magicHex = [redacted]
High
Ships High Entropy Blob

Package ships high-entropy non-source blobs.

build/site/pagefind/wasm.unknown.pagefindView on unpkg
path = build/site/pagefind/wasm.unknown.pagefind kind = compressed_blob sizeBytes = 52697 magicHex = [redacted]
Medium
Ships Compressed Blob

Package ships compressed or archive-like blobs.

build/site/pagefind/wasm.unknown.pagefindView on unpkg
src/bmm-skills/3-solutioning/wizz-architecture/scripts/tests/test_lint_spine.pyView file
path = src/bmm-skills/3-solutioning/wizz-architecture/scripts/tests/test_lint_spine.py kind = payload_in_excluded_dir sizeBytes = 9932 magicHex = [redacted]
High
Payload In Excluded Dir

Package hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.

src/bmm-skills/3-solutioning/wizz-architecture/scripts/tests/test_lint_spine.pyView on unpkg
tools/installer/core/installer.jsView file
matchType = previous_version_dangerous_delta matchedPackage = wizz-method@1.2.2 matchedIdentity = npm:d2l6ei1tZXRob2Q:1.2.2 similarity = 0.987 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

tools/installer/core/installer.jsView on unpkg
src/skills-lib/graphify/SKILL.mdView file
527patternName = generic_password severity = medium line = 527 matchedText = result =...ies)
Medium
Secret Pattern

Hardcoded password in src/skills-lib/graphify/SKILL.md

src/skills-lib/graphify/SKILL.mdView on unpkg · L527

Findings

1 Critical6 High7 Medium5 Low
CriticalPrevious Version Dangerous Deltatools/installer/core/installer.js
HighChild Processtools/bundle-web-bundles.js
HighShell
HighSame File Env Network Executionsrc/skills-lib/huashu-design/scripts/tts-doubao.mjs
HighRuntime Package Installtools/installer/yaml-format.js
HighShips High Entropy Blobbuild/site/pagefind/wasm.unknown.pagefind
HighPayload In Excluded Dirsrc/bmm-skills/3-solutioning/wizz-architecture/scripts/tests/test_lint_spine.py
MediumDynamic Requiretools/bundle-web-bundles.js
MediumNetwork
MediumEnvironment Vars
MediumShips Build Helpertools/validate-svg-changes.sh
MediumShips Compressed Blobbuild/site/pagefind/wasm.unknown.pagefind
MediumStructural Risk Force Deep Review
MediumSecret Patternsrc/skills-lib/graphify/SKILL.md
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings