registry  /  @ankhorage/studio  /  0.1.1

@ankhorage/studio@0.1.1

Studio authoring package for Ankhorage apps

AI Security Review

scanned 1d ago · by lpm-firewall-ai

No confirmed malicious attack surface. The package provides explicit local studio CLI/host workflows that write managed projects, install workspace dependencies, and run generated project infrastructure scripts.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
Explicit `ankh studio` command or local host API action
Impact
Intended modifications and command execution within the caller-managed workspace
Mechanism
User-invoked local project scaffolding and infrastructure orchestration
Rationale
Scanner findings map to package-aligned local studio functionality. Source inspection found no lifecycle execution, credential exfiltration, remote payload loading, stealth persistence, or AI-agent control-surface mutation.
Evidence
package.jsondist/cli/index.jsdist/host/orchestrator/workspaceRuntime.jsdist/host/orchestrator/infraRuntime.jsdist/host/orchestrator/projectPaths.jsdist/host/modules/runtime/LocalFsTargetAdapter.jsdist/host/layout/templates/auth/adapter.jsdist/host/http/security.jsdist/host/http/server.js

Decision evidence

public snapshot
AI called this Clean at 94.0% confidence as Benign with low false-positive risk.
Evidence for block
    Evidence against
    • `package.json` has no preinstall, install, postinstall, or prepare lifecycle hook.
    • `dist/cli/index.js` exposes `workspace install` and project operations as explicit CLI commands.
    • `dist/host/orchestrator/projectPaths.js` validates IDs and confines projects under `<workspace>/apps/<id>`.
    • `dist/host/orchestrator/workspaceRuntime.js` runs only `bun install` in the host workspace when explicitly invoked.
    • `dist/host/orchestrator/infraRuntime.js` runs named generated project infra scripts with no remote payload retrieval.
    • `dist/host/http/server.js` defaults to `127.0.0.1`; `security.js` restricts browser origins to local/private-network origins.
    Behavioral surface
    Source
    ChildProcessEnvironmentVarsFilesystemNetworkShell
    Supply chain
    HighEntropyStringsUrlStrings
    ManifestNo manifest risk signals triggered.
    scanned 93 file(s), 354 KB of source, external domains: 127.0.0.1

    Source & flagged code

    5 flagged · loading source
    dist/host/layout/templates/auth/adapter.jsView file
    1patternName = supabase_service_key severity = critical line = 1 matchedText = const DE...FY';
    Critical
    Critical Secret

    Package contains a critical-looking secret pattern.

    dist/host/layout/templates/auth/adapter.jsView on unpkg · L1
    1patternName = supabase_service_key severity = critical line = 1 matchedText = const DE...FY';
    Critical
    Secret Pattern

    Supabase service role key (JWT) in dist/host/layout/templates/auth/adapter.js

    dist/host/layout/templates/auth/adapter.jsView on unpkg · L1
    dist/host/modules/runtime/LocalFsTargetAdapter.jsView file
    1import { execFile as execFileCb } from 'child_process'; L2: import { promises as fs } from 'fs';
    High
    Child Process

    Package source references child process execution.

    dist/host/modules/runtime/LocalFsTargetAdapter.jsView on unpkg · L1
    dist/host/orchestrator/workspaceRuntime.jsView file
    1import { spawn } from 'child_process'; L2: const BUN_INSTALL_SPAWN_TIMEOUT_MS = 30_000; ... L13: const spawnTimeout = setTimeout(() => { L14: rejectWithTimeout(`bun install did not start within ${BUN_INSTALL_SPAWN_TIMEOUT_MS}ms`); L15: }, BUN_INSTALL_SPAWN_TIMEOUT_MS);
    High
    Runtime Package Install

    Package source invokes a package manager install command at runtime.

    dist/host/orchestrator/workspaceRuntime.jsView on unpkg · L1
    dist/host/orchestrator/infraRuntime.jsView file
    matchType = previous_version_dangerous_delta matchedPackage = @ankhorage/studio@0.0.21 matchedIdentity = npm:QGFua2hvcmFnZS9zdHVkaW8:0.0.21 similarity = 0.977 summary = stored previous version shares package body but lacks this dangerous source file
    Critical
    Previous Version Dangerous Delta

    This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

    dist/host/orchestrator/infraRuntime.jsView on unpkg

    Findings

    3 Critical3 High3 Medium4 Low
    CriticalCritical Secretdist/host/layout/templates/auth/adapter.js
    CriticalPrevious Version Dangerous Deltadist/host/orchestrator/infraRuntime.js
    CriticalSecret Patterndist/host/layout/templates/auth/adapter.js
    HighChild Processdist/host/modules/runtime/LocalFsTargetAdapter.js
    HighShell
    HighRuntime Package Installdist/host/orchestrator/workspaceRuntime.js
    MediumNetwork
    MediumEnvironment Vars
    MediumStructural Risk Force Deep Review
    LowScripts Present
    LowFilesystem
    LowHigh Entropy Strings
    LowUrl Strings