registry  /  @agentworkforce/deploy  /  4.1.20

@agentworkforce/deploy@4.1.20

AI Security Review

scanned 6m ago · by lpm-firewall-ai

No install-time or import-time execution is established. Shell, filesystem, and network actions are explicit deployment-mode behavior for staging and running a user agent; no hidden harvesting, exfiltration, persistence, or foreign AI-agent control-surface writes were found.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
Caller invokes deploy or a selected dev/sandbox/cloud launcher.
Impact
User-authorized deployment can run the supplied agent and transmit deployment credentials/bundle data to the configured service.
Mechanism
Stages a user agent, optionally deploys it to a configured cloud or sandbox, and executes its generated runner.
Rationale
The flagged primitives are aligned with an explicit agent-deployment package: local runner launch, sandbox provisioning, bundle upload, and cloud API calls. Source inspection found no lifecycle trigger or concrete malicious chain.
Evidence
package.jsondist/bundle.jsdist/deploy.jsdist/modes/dev.jsdist/modes/sandbox.jsdist/modes/sandbox-client.jsdist/modes/cloud/index.jsdist/login.js
Network endpoints2
cloud.agentworkforce.comagentrelay.com/cloud

Decision evidence

public snapshot
AI called this Clean at 94.0% confidence as Benign with low false-positive risk.
Evidence for block
    Evidence against
    • package.json has no preinstall/install/postinstall hooks.
    • dist/modes/dev.js only spawns the generated local runner after explicit launch.
    • dist/modes/sandbox.js explicitly deploys a bundle, then runs node runner.mjs in a sandbox.
    • dist/modes/sandbox-client.js runs npm install only inside the user-requested sandbox bundle.
    • dist/deploy.js sends workspace credentials only to configured cloud workspace APIs.
    • dist/bundle.js writes declared deployment artifacts to the caller-selected staging directory.
    Behavioral surface
    Source
    ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
    Supply chain
    HighEntropyStringsUrlStrings
    Manifest
    NoLicense
    scanned 33 file(s), 495 KB of source, external domains: active.example.test, agentrelay.cloud, agentrelay.com, cloud.agentworkforce.com, cloud.example.com, cloud.example.test, connect.example.test, docs.agentworkforce.com, env.example.test, flag.example.test, legacy-env.example.test, origin-preview-pr-113.agentrelay.cloud, origin.agentrelay.cloud, persona.example.test, preview-pr-113.agentrelay.cloud, relayfile.test, some-other-tenant.example.com, staging.agentrelay.cloud

    Source & flagged code

    4 flagged · loading source
    dist/modes/sandbox-client.jsView file
    39}, L40: async exec(handle, command, options) { L41: const internal = handle;
    High
    Child Process

    Package source references child process execution.

    dist/modes/sandbox-client.jsView on unpkg · L39
    32await internal.sandbox.fs.uploadFiles(files); L33: // Same offline-friendly npm install pattern as the proxy path so L34: // the bundle's runtime dep resolves consistently across modes. ... L39: }, L40: async exec(handle, command, options) { L41: const internal = handle;
    High
    Runtime Package Install

    Package source invokes a package manager install command at runtime.

    dist/modes/sandbox-client.jsView on unpkg · L32
    dist/bundle.test.jsView file
    9import { runtimeContextEnv } from './runtime-context.js'; L10: const require = createRequire(import.meta.url); L11: function persona(overrides = {}) {
    Medium
    Dynamic Require

    Package source references dynamic require/import behavior.

    dist/bundle.test.jsView on unpkg · L9
    dist/modes/dev.jsView file
    matchType = previous_version_dangerous_delta matchedPackage = @agentworkforce/deploy@4.1.18 matchedIdentity = npm:QGFnZW50d29ya2ZvcmNlL2RlcGxveQ:4.1.18 similarity = 0.867 summary = stored previous version shares package body but lacks this dangerous source file
    Critical
    Previous Version Dangerous Delta

    This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

    dist/modes/dev.jsView on unpkg

    Findings

    1 Critical3 High4 Medium5 Low
    CriticalPrevious Version Dangerous Deltadist/modes/dev.js
    HighChild Processdist/modes/sandbox-client.js
    HighShell
    HighRuntime Package Installdist/modes/sandbox-client.js
    MediumDynamic Requiredist/bundle.test.js
    MediumNetwork
    MediumEnvironment Vars
    MediumStructural Risk Force Deep Review
    LowScripts Present
    LowFilesystem
    LowHigh Entropy Strings
    LowUrl Strings
    LowNo License