registry  /  wizz-method  /  1.3.1

wizz-method@1.3.1

Wizz Method — método de agência orientado por IA em PT-BR (fork independente do BMad Method)

AI Security Review

scanned 1d ago · by lpm-firewall-ai

No confirmed malicious attack surface was established. The package is an explicit Wizz Method agent/skill installer with guarded project-local IDE skill setup and opt-in MCP/CLI dependency configuration.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User invokes the wizz CLI install/update commands or maintainer build utilities.
Impact
Expected agent-platform setup behavior; no unconsented lifecycle hijack, exfiltration, persistence, or destructive action identified.
Mechanism
User-selected installer copies Wizz assets/skills and may optionally merge MCP entries or run dependency install commands.
Rationale
Source inspection shows scanner hits are package-aligned installer and maintainer capabilities gated behind explicit CLI use, with noninteractive mode avoiding MCP writes and CLI installs. There is no install-time unconsented AI-agent control-surface mutation, credential theft, exfiltration, persistence, or destructive behavior.
Evidence
package.jsontools/installer/wizz-cli.jstools/installer/ui.jstools/installer/core/installer.jstools/installer/modules/mcp-config.jstools/installer/modules/cli-config.jstools/installer/ide/_config-driven.jstools/installer/ide/platform-codes.yamlskills-registry.yamlbuild/site/pagefind/wasm.unknown.pagefind
Network endpoints6
method.wizzcomms.comgit+https://github.com/wizzcomms/wizz-method.gitapi.github.comgithub.com/barefootford/buttercut.gitgithub.com/jamiepine/voicebox.gitraw.githubusercontent.com/rtk-ai/rtk/refs/heads/master/install.sh

Decision evidence

public snapshot
AI called this Clean at 91.0% confidence as Benign with low false-positive risk.
Evidence for block
  • package.json prepare is husky-only and exits cleanly if husky is absent; no install/postinstall hook runs package installer code.
  • tools/installer/wizz-cli.js is the bin/main entry and only runs on explicit CLI invocation; npm view version check is best-effort.
  • tools/installer/ui.js makes MCP writes explicit via interactive selection or --mcps; --yes recommends MCPs without writing .mcp.json.
  • tools/installer/ui.js makes CLI installs explicit via interactive selection or --clis; --yes recommends without running installs.
  • tools/installer/ide/_config-driven.js writes selected Wizz skills into project-local IDE skill dirs from platform-codes.yaml, not user-home defaults.
  • build/site/pagefind/wasm.unknown.pagefind is gzip data for Pagefind wasm, a docs search asset.
Evidence against
  • No credential/env harvesting or exfiltration found in inspected installer and entrypoint code.
  • No lifecycle-triggered mutation of Claude/Codex/Cursor/MCP or other broad AI-agent surfaces found.
  • MCP env values in skills-registry.yaml are placeholders like ${MAGIC_API_KEY}, not collected secrets.
  • No eval/vm/Function or native addon loading found in inspected hot files.
  • Network-capable actions are package-aligned version checks, optional GitHub/module resolution, or explicit user-selected dependency installs.
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsMinifiedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 80 file(s), 1.06 MB of source, external domains: api.github.com, bmadcode.com, example.com, github.com, harrymkt.github.io, method.wizzcomms.com, openspeech.bytedance.com, registry.npmjs.org, www.w3.org, yekta.dev

Source & flagged code

10 flagged · loading source
tools/bundle-web-bundles.jsView file
15const path = require('node:path'); L16: const { execSync, execFileSync } = require('node:child_process'); L17:
High
Child Process

Package source references child process execution.

tools/bundle-web-bundles.jsView on unpkg · L15
13L14: const fs = require('node:fs'); L15: const path = require('node:path');
Medium
Dynamic Require

Package source references dynamic require/import behavior.

tools/bundle-web-bundles.jsView on unpkg · L13
src/skills-lib/huashu-design/scripts/tts-doubao.mjsView file
14* L15: * env(自动从 skill 根目录 .env 读取,也可走 process.env 覆盖): L16: * DOUBAO_TTS_API_KEY 必填 ... L18: * DOUBAO_TTS_CLUSTER 默认 volcano_icl L19: * DOUBAO_TTS_ENDPOINT 默认 https://openspeech.bytedance.com/api/v1/tts L20: */ ... L23: import path from 'node:path'; L24: import { execFileSync } from 'node:child_process'; L25: import { fileURLToPath } from 'node:url';
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

src/skills-lib/huashu-design/scripts/tts-doubao.mjsView on unpkg · L14
tools/installer/yaml-format.jsView file
145// Use yaml-lint for additional validation L146: execSync(`npx yaml-lint "${filePath}"`, { stdio: 'pipe' }); L147: return true;
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

tools/installer/yaml-format.jsView on unpkg · L145
tools/validate-svg-changes.shView file
path = tools/validate-svg-changes.sh kind = build_helper sizeBytes = 11240 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

tools/validate-svg-changes.shView on unpkg
build/site/pagefind/wasm.unknown.pagefindView file
path = build/site/pagefind/wasm.unknown.pagefind kind = high_entropy_blob sizeBytes = 52697 magicHex = [redacted]
High
Ships High Entropy Blob

Package ships high-entropy non-source blobs.

build/site/pagefind/wasm.unknown.pagefindView on unpkg
path = build/site/pagefind/wasm.unknown.pagefind kind = compressed_blob sizeBytes = 52697 magicHex = [redacted]
Medium
Ships Compressed Blob

Package ships compressed or archive-like blobs.

build/site/pagefind/wasm.unknown.pagefindView on unpkg
src/bmm-skills/3-solutioning/wizz-architecture/scripts/tests/test_lint_spine.pyView file
path = src/bmm-skills/3-solutioning/wizz-architecture/scripts/tests/test_lint_spine.py kind = payload_in_excluded_dir sizeBytes = 9932 magicHex = [redacted]
High
Payload In Excluded Dir

Package hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.

src/bmm-skills/3-solutioning/wizz-architecture/scripts/tests/test_lint_spine.pyView on unpkg
tools/installer/core/installer.jsView file
matchType = previous_version_dangerous_delta matchedPackage = wizz-method@1.3.0 matchedIdentity = npm:d2l6ei1tZXRob2Q:1.3.0 similarity = 0.975 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

tools/installer/core/installer.jsView on unpkg
src/skills-lib/graphify/SKILL.mdView file
527patternName = generic_password severity = medium line = 527 matchedText = result =...ies)
Medium
Secret Pattern

Hardcoded password in src/skills-lib/graphify/SKILL.md

src/skills-lib/graphify/SKILL.mdView on unpkg · L527

Findings

1 Critical6 High7 Medium5 Low
CriticalPrevious Version Dangerous Deltatools/installer/core/installer.js
HighChild Processtools/bundle-web-bundles.js
HighShell
HighSame File Env Network Executionsrc/skills-lib/huashu-design/scripts/tts-doubao.mjs
HighRuntime Package Installtools/installer/yaml-format.js
HighShips High Entropy Blobbuild/site/pagefind/wasm.unknown.pagefind
HighPayload In Excluded Dirsrc/bmm-skills/3-solutioning/wizz-architecture/scripts/tests/test_lint_spine.py
MediumDynamic Requiretools/bundle-web-bundles.js
MediumNetwork
MediumEnvironment Vars
MediumShips Build Helpertools/validate-svg-changes.sh
MediumShips Compressed Blobbuild/site/pagefind/wasm.unknown.pagefind
MediumStructural Risk Force Deep Review
MediumSecret Patternsrc/skills-lib/graphify/SKILL.md
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings