registry  /  @astrasyncai/verification-gateway  /  3.7.0

@astrasyncai/verification-gateway@3.7.0

AstraSync KYA Platform SDK — counterparty verification gateway (verify incoming requests) + agent registration (register AI agents with the KYA backend).

AI Security Review

scanned 13h ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. The package includes an explicit local guard CLI that can install AstraSync-managed git and Claude Code hooks. This is a guarded agent-control integration risk, but not install-time hijacking or confirmed malware.

Static reason
No blocking static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs astrasync guard install-hooks or astrasync guard install-claude-code.
Impact
Adds first-party AstraSync guard hooks that can ask/deny agent tool actions or run checks before git operations.
Mechanism
explicit CLI hook installation and local policy enforcement
Rationale
Source inspection shows explicit, first-party agent guard setup that mutates Claude Code/git control surfaces only when the user invokes the CLI. Under the policy this warrants a warning for agent extension lifecycle risk, not a publish block.
Evidence
package.jsondist/bin/astrasync-guard.jsdist/bin/astrasync-claude-hook.jsdist/git-trigger/git-hooks.jsdist/claude-code/claude-code-adapter.jsdist/cli/index.jsdist/registration/index.js.git/hooks/pre-push.claude/settings.json.astrasync/policy.yaml.astrasync/guard.json.astrasync/configlocal-policy.yaml
Network endpoints4
astrasync.aiastrasync.ai/apiapi.astrasync.aistaging.astrasync.ai/api

Decision evidence

public snapshot
AI called this Suspicious at 86.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • dist/bin/astrasync-guard.js exposes explicit user commands install-hooks and install-claude-code that write git hooks and Claude Code PreToolUse hooks.
  • dist/bin/astrasync-guard.js can write ~/.claude/settings.json or project .claude/settings.json and .astrasync policy/config files when invoked.
  • dist/git-trigger/git-hooks.js writes .git/hooks/pre-push with an npx astrasync guard check command and uses git diff via execSync during hook checks.
Evidence against
  • package.json has no preinstall/install/postinstall hooks; only prepublishOnly build steps.
  • Claude hook setup is explicit CLI action, not automatic install-time mutation.
  • dist/bin/astrasync-claude-hook.js evaluates tool payloads against local policy and emits deny/ask decisions; no credential harvesting or exfiltration seen.
  • Network calls target package-aligned AstraSync endpoints such as https://astrasync.ai and configured apiBaseUrl verification endpoints.
  • No obfuscated payload, eval/new Function, native binary loading, or destructive persistence found in inspected entrypoints.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 45 file(s), 2.85 MB of source, external domains: api.astrasync.ai, astrasync.ai, mcp.visa.com, placeholder.invalid, staging.astrasync.ai

Source & flagged code

1 flagged · loading source
dist/bin/astrasync-guard.jsView file
matchType = previous_version_dangerous_delta matchedPackage = @astrasyncai/verification-gateway@3.5.0 matchedIdentity = npm:[redacted]:3.5.0 similarity = 0.732 summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/bin/astrasync-guard.jsView on unpkg

Findings

1 High2 Medium5 Low
HighPrevious Version Dangerous Deltadist/bin/astrasync-guard.js
MediumNetwork
MediumEnvironment Vars
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings