registry  /  @aeon-ai-pay/aigateway  /  0.4.9

@aeon-ai-pay/aigateway@0.4.9

⚠ Under review

AI Agents discover, invoke, and settle paid LLMs, APIs, and Skills — starting with Skill Boss. No manual key setup. No prepayment. Pay-per-call via x402 or Agent Card.

Static Scan Results

scanned 2h ago · by rust-scanner

Static analysis flagged 16 finding(s) at 93.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
High-risk behavior combination matched malicious policy.; previous stored version diff introduced dangerous source

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 28 file(s), 200 KB of source, external domains: 127.0.0.1, ai-api-dev.aeon.xyz, bsc-dataseed.binance.org, cdn.jsdelivr.net, github.com, nodejs.org, raw.githubusercontent.com, www.w3.org, xlayerrpc.okx.com

Source & flagged code

9 flagged · loading source
package.jsonView file
scripts.postinstall = node scripts/postinstall.mjs
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node scripts/postinstall.mjs
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
scripts/postinstall.mjsView file
9Install-time AI-agent control hijack evidence: L9: L10: import { cpSync, existsSync, mkdirSync } from 'node:fs'; L11: import { join, dirname } from 'node:path'; ... L36: // Fallback: copy manually into Claude Code L37: const dest = join(homedir(), '.claude', 'skills', 'aigateway'); L38: mkdirSync(dirname(dest), { recursive: true }); L39: cpSync(skillSrc, dest, { recursive: true, force: true }); L40: console.log(`✔ aigateway skill installed to ${dest} (fallback)`); Payload evidence from templates/codex/AGENTS.md: L11: L12: `wallet-init` returns an envelope on stdout; `envelope.data.ready === true` means ready. If `envelope.data.needsTopup === true`, run `wallet-topup` next. L13: ... L64: L65: - **Never** prompt for private keys. The CLI auto-generates a local session wallet. L66: - **Never** hard-code model ids in prompts — vendors rename. Always pull from `aigateway sb tools` first.
Critical
Ai Agent Control Hijack

Install-time source drops package-supplied AI-agent/MCP control files or instructions.

scripts/postinstall.mjsView on unpkg · L9
12import { homedir } from 'node:os'; L13: import { execFileSync } from 'node:child_process'; L14: import { fileURLToPath } from 'node:url';
High
Child Process

Package source references child process execution.

scripts/postinstall.mjsView on unpkg · L12
3/** L4: * After `npm install -g`, automatically install the skill into every detected AI coding tool. L5: * ... L12: import { homedir } from 'node:os'; L13: import { execFileSync } from 'node:child_process'; L14: import { fileURLToPath } from 'node:url';
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

scripts/postinstall.mjsView on unpkg · L3
src/okx-wallet.mjsView file
matchType = previous_version_dangerous_delta matchedPackage = @aeon-ai-pay/aigateway@0.4.4 matchedIdentity = npm:QGFlb24tYWktcGF5L2FpZ2F0ZXdheQ:0.4.4 similarity = 0.393 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

src/okx-wallet.mjsView on unpkg
63const [cmd, ...args] = isWin L64: ? ['powershell', '-Command', 'irm https://raw.githubusercontent.com/okx/onchainos-skills/main/install.ps1 | iex'] L65: : ['sh', '-c', 'curl -sSL https://raw.githubusercontent.com/okx/onchainos-skills/main/install.sh | sh'];
High
Shell

Package source references shell execution.

src/okx-wallet.mjsView on unpkg · L63
7*/ L8: import { execFile, spawn } from 'node:child_process'; L9: import { promisify } from 'node:util'; ... L15: const config = loadConfig(); L16: const env = { ...process.env }; L17: if (config.okxApiKey && !env.OKX_API_KEY) env.OKX_API_KEY = config.okxApiKey; ... L24: try { L25: const { stdout } = await execFileAsync('onchainos', args, { L26: env: buildEnv(), ... L30: try { L31: return JSON.parse(text); L32: } catch {
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

src/okx-wallet.mjsView on unpkg · L7
src/assets/fonts/sf-pro-display_medium_500.woff2View file
path = src/assets/fonts/sf-pro-display_medium_500.woff2 kind = high_entropy_blob sizeBytes = 231128 magicHex = [redacted]
High
Ships High Entropy Blob

Package ships high-entropy non-source blobs.

src/assets/fonts/sf-pro-display_medium_500.woff2View on unpkg

Findings

2 Critical6 High4 Medium4 Low
CriticalAi Agent Control Hijackscripts/postinstall.mjs
CriticalPrevious Version Dangerous Deltasrc/okx-wallet.mjs
HighInstall Time Lifecycle Scriptspackage.json
HighChild Processscripts/postinstall.mjs
HighShellsrc/okx-wallet.mjs
HighSandbox Evasion Gated Capabilitysrc/okx-wallet.mjs
HighRuntime Package Installscripts/postinstall.mjs
HighShips High Entropy Blobsrc/assets/fonts/sf-pro-display_medium_500.woff2
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings