registry  /  @cat-factory/kernel  /  0.89.0

@cat-factory/kernel@0.89.0

Shared vocabulary, pure logic, and port interfaces for the Agent Architecture Board.

AI Security Review

scanned 4h ago · by lpm-firewall-ai

No confirmed malicious attack surface was established. The package is a compiled ESM library of domain types, pure logic, registries, and port interfaces.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
Importing @cat-factory/kernel and calling exported helpers.
Impact
No credential harvesting, persistence, destructive behavior, or unconsented agent control-surface mutation found.
Mechanism
Pure helpers and explicit in-memory registries; no install-time execution.
Rationale
Static inspection shows no lifecycle hooks and no import-time code beyond exports; the scanner's Unicode finding maps to an optional BOM matcher in Markdown front-matter stripping. The package-aligned registries and model endpoint constants are user/deployment-invoked library surfaces, not a concrete attack chain.
Evidence
package.jsondist/index.jsdist/domain/doc-quality-logic.jsdist/domain/provider-registry.jsdist/domain/gate-registry.jsdist/domain/models.jsdist/shared/redact-secrets.logic.jsdist/shared/atlassian.logic.jsdist/shared/ip-host.logic.js
Network endpoints3
api.z.ai/api/anthropicapi.moonshot.ai/anthropicapi.deepseek.com/anthropic

Decision evidence

public snapshot
AI called this Clean at 94.0% confidence as Benign with low false-positive risk.
Evidence for block
    Evidence against
    • package.json has no preinstall/install/postinstall lifecycle hooks or bin entry.
    • dist/index.js only re-exports domain logic, ports, registries, and shared helpers.
    • dist/domain/doc-quality-logic.js is pure Markdown structure analysis with no I/O, execution, or network calls.
    • The invisible U+FEFF-like character appears as an optional BOM in a front-matter regex, not as a Trojan Source control-flow trick.
    • No child_process/eval/dynamic require/native binaries were found in inspected runtime JS.
    • Network URLs found are declarative model/provider catalog base URLs, not contacted at import/install time.
    Behavioral surface
    Source
    ChildProcess
    Supply chain
    HighEntropyStringsUrlStrings
    Manifest
    NoLicense
    scanned 119 file(s), 182 KB of source, external domains: api.deepseek.com, api.moonshot.ai, api.z.ai

    Source & flagged code

    2 flagged · loading source
    dist/domain/doc-quality-logic.jsView file
    9contains invisible/control Unicode U+FEFF (zero width no-break space) const m = content.match(/^<U+FEFF>?---[ \t]*\r?\n[\s\S]*?\r?\n---[ \t]*(?:\r?\n|$)/);
    Critical
    Trojan Source Unicode

    Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.

    dist/domain/doc-quality-logic.jsView on unpkg · L9
    Trigger-reachable chain: manifest.main -> dist/index.js -> dist/domain/doc-quality-logic.js Reachable file contains a blocking source-risk pattern.
    Critical
    Trigger Reachable Dangerous Capability

    A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.

    dist/domain/doc-quality-logic.jsView on unpkg

    Findings

    2 Critical1 Medium4 Low
    CriticalTrojan Source Unicodedist/domain/doc-quality-logic.js
    CriticalTrigger Reachable Dangerous Capabilitydist/domain/doc-quality-logic.js
    MediumStructural Risk Force Deep Review
    LowScripts Present
    LowHigh Entropy Strings
    LowUrl Strings
    LowNo License