AI Security Review
scanned 11d ago · by lpm-firewall-aiNo confirmed malicious attack surface established. The package is a WordPress Studio CLI that manages local sites, optional AI agent workflows, MCP tools, updates, telemetry, and WordPress.com sync through user-invoked commands.
Decision evidence
public snapshot- dist/cli/main.mjs registers user-invoked `studio code`/`ai` agent and `studio mcp` commands with tool access.
- dist/cli/create-Clni08rR.mjs copies AGENTS.md/CLAUDE.md/STUDIO.md into managed site roots and selected skills into .agents/.claude paths during site creation.
- dist/cli/tos-notice-DYaFPFHN.mjs can auto-install Playwright Chromium when MCP browser tools are invoked.
- package.json has no install/postinstall hook; only prepublishOnly build script.
- dist/cli/main.mjs exposes bin `studio` and command handlers; no import-time credential harvesting or exfiltration found.
- AI/MCP capabilities are explicit product features for WordPress Studio and activated by user commands, not unconsented lifecycle mutation.
- Network endpoints are WordPress/Automattic/npm/Anthropic/OpenAI-aligned update, telemetry, auth, AI proxy, preview, and WordPress API endpoints.
- Scanner eval hit is browser injection of bundled inspector script for annotation tool; dynamic import/require are bundler/runtime patterns.
- Bundled large WordPress/phpMyAdmin/font assets match a local WordPress development CLI distribution.
Source & flagged code
11 flagged · loading sourcePackage contains a possible secret pattern.
dist/cli/wp-files/latest/wordpress/wp-admin/js/auth-app.jsView on unpkg · L84This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/cli/tos-notice-DYaFPFHN.mjsView on unpkgPackage source references child process execution.
dist/cli/tos-notice-DYaFPFHN.mjsView on unpkg · L38Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
dist/cli/tos-notice-DYaFPFHN.mjsView on unpkg · L38Package source references dynamic require/import behavior.
dist/cli/tos-notice-DYaFPFHN.mjsView on unpkg · L1Package source references a known benign dynamic code generation pattern.
dist/cli/tos-notice-DYaFPFHN.mjsView on unpkg · L6973Package ships high-entropy non-source blobs.
dist/cli/wp-files/phpmyadmin/vendor/tecnickcom/tcpdf/fonts/dejavusansb.zView on unpkgPackage contains source files above the static scanner size ceiling.
dist/cli/wp-files/latest/wordpress/wp-includes/js/dist/editor.jsView on unpkgHardcoded password in dist/cli/wp-files/phpmyadmin/js/vendor/zxcvbn-ts.js
dist/cli/wp-files/phpmyadmin/js/vendor/zxcvbn-ts.jsView on unpkg · L1917Hardcoded password in dist/cli/wp-files/latest/wordpress/wp-admin/js/auth-app.min.js
dist/cli/wp-files/latest/wordpress/wp-admin/js/auth-app.min.jsView on unpkg · L2