registry  /  @dv.nghiem/flowdeck  /  0.6.0

@dv.nghiem/flowdeck@0.6.0

⚠ Under review

FlowDeck — structured planning and execution workflows for OpenCode

Static Scan Results

scanned 12d ago · by rust-scanner

Static analysis flagged 21 finding(s) at 86.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
High-risk behavior combination matched malicious policy.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 3 file(s), 402 KB of source, external domains: api.githubcopilot.com, expressjs.com, github.com, mcp.context7.com, mcp.exa.ai, mcp.grep.app, opencode.ai, rustup.rs, sh.rustup.rs, win.rustup.rs, zod.dev

Source & flagged code

13 flagged · loading source
package.jsonView file
scripts.postinstall = node postinstall.mjs
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node postinstall.mjs
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
dist/index.jsView file
7412import { fileURLToPath } from "url"; L7413: import { execFileSync } from "node:child_process"; L7414:
High
Child Process

Package source references child process execution.

dist/index.jsView on unpkg · L7412
1003patternName = generic_password severity = medium line = 1003 matchedText = const in...' };
Medium
Secret Pattern

Package contains a possible secret pattern.

dist/index.jsView on unpkg · L1003
1060npx jest # jest L1061: npm test # package.json test script L1062: \`\`\` ... L1153: // ✅ OK L1154: const API_KEY = process.env.API_KEY; L1155: \`\`\` ... L1343: ✅ Correct citation format: L1344: - \`express@4.18\` — \`res.json()\` automatically sets Content-Type to application/json L1345: Source: https://expressjs.com/en/api.html#res.json L1346: ... L4291: function getGlobalConfigDir() { L4292: return process.env.OPENCODE_CONFIG_DIR || (process.env.XDG_CONFIG_HOME ? join2(process.env.XDG_CONFIG_HOME, "opencode") : join2(homedir(), ".config", "opencode"));
Medium
Install Persistence

Source writes installer persistence such as shell profile or service configuration.

dist/index.jsView on unpkg · L1060
1060npx jest # jest L1061: npm test # package.json test script L1062: \`\`\` ... L1153: // ✅ OK L1154: const API_KEY = process.env.API_KEY; L1155: \`\`\` ... L1343: ✅ Correct citation format: L1344: - \`express@4.18\` — \`res.json()\` automatically sets Content-Type to application/json L1345: Source: https://expressjs.com/en/api.html#res.json L1346: ... L4291: function getGlobalConfigDir() { L4292: return process.env.OPENCODE_CONFIG_DIR || (process.env.XDG_CONFIG_HOME ? join2(process.env.XDG_CONFIG_HOME, "opencode") : join2(homedir(), ".config", "opencode"));
Low
Weak Crypto

Package source references weak cryptographic algorithms.

dist/index.jsView on unpkg · L1060
postinstall.mjsView file
1Install-time AI-agent control hijack evidence: L4: L5: import { readFileSync, writeFileSync, existsSync, mkdirSync, unlinkSync, createWriteStream } from "node:fs"; L6: import { join, dirname } from "node:path"; ... L53: return ( L54: process.env.OPENCODE_CONFIG_DIR || L55: (process.env.XDG_CONFIG_HOME ... L85: try { L86: mkdirSync(dirname(FLOWDECK_INSTALL_DIR), { recursive: true }); L87: execSync(`git clone --depth 1 --quiet "${FLOWDECK_REPO_URL}" "${FLOWDECK_INSTALL_DIR}"`, { ... L315: L316: mkdirSync(configDir, { recursive: true }); L317: Payload evidence from src/skills/plan-task/SKILL.md: L1: --- L2: name: plan-task
Critical
Ai Agent Control Hijack

Install-time source drops package-supplied AI-agent/MCP control files or instructions.

postinstall.mjsView on unpkg · L1
241stdio: ["pipe", "pipe", "pipe"], L242: shell: true, L243: timeout: 300_000,
High
Shell

Package source references shell execution.

postinstall.mjsView on unpkg · L241
8import { fileURLToPath } from "node:url"; L9: import { execSync, execFileSync } from "node:child_process"; L10: import { get as httpsGet } from "node:https"; L11: import { createInterface } from "node:readline"; ... L16: const FLOWDECK_REPO_URL = "https://github.com/DVNghiem/FlowDeck.git"; L17: const FLOWDECK_INSTALL_DIR = process.env.FLOWDECK_INSTALL_DIR || join(homedir(), ".local", "share", "flowdeck"); L18:
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

postinstall.mjsView on unpkg · L8
8import { fileURLToPath } from "node:url"; L9: import { execSync, execFileSync } from "node:child_process"; L10: import { get as httpsGet } from "node:https"; L11: import { createInterface } from "node:readline"; L12: L13: const __dirname = dirname(fileURLToPath(import.meta.url)); L14: ... L16: const FLOWDECK_REPO_URL = "https://github.com/DVNghiem/FlowDeck.git"; L17: const FLOWDECK_INSTALL_DIR = process.env.FLOWDECK_INSTALL_DIR || join(homedir(), ".local", "share", "flowdeck"); L18: ... L93: } catch (err) { L94: console.warn("⚠️ Failed to clone FlowDeck repo:", String(err.stderr || err.message || err).split("\n")[0]);
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

postinstall.mjsView on unpkg · L8
src/rules/common/testing.mdView file
51patternName = generic_password severity = medium line = 51 matchedText = const in...' };
Medium
Secret Pattern

Hardcoded password in src/rules/common/testing.md

src/rules/common/testing.mdView on unpkg · L51
src/skills/django-tdd/SKILL.mdView file
66patternName = generic_password severity = medium line = 66 matchedText = password...123'
Medium
Secret Pattern

Hardcoded password in src/skills/django-tdd/SKILL.md

src/skills/django-tdd/SKILL.mdView on unpkg · L66
115patternName = generic_password severity = medium line = 115 matchedText = self.cli...23')
Medium
Secret Pattern

Hardcoded password in src/skills/django-tdd/SKILL.md

src/skills/django-tdd/SKILL.mdView on unpkg · L115

Findings

1 Critical5 High9 Medium6 Low
CriticalAi Agent Control Hijackpostinstall.mjs
HighInstall Time Lifecycle Scriptspackage.json
HighChild Processdist/index.js
HighShellpostinstall.mjs
HighSame File Env Network Executionpostinstall.mjs
HighSandbox Evasion Gated Capabilitypostinstall.mjs
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumSecret Patterndist/index.js
MediumNetwork
MediumEnvironment Vars
MediumInstall Persistencedist/index.js
MediumStructural Risk Force Deep Review
MediumSecret Patternsrc/rules/common/testing.md
MediumSecret Patternsrc/skills/django-tdd/SKILL.md
MediumSecret Patternsrc/skills/django-tdd/SKILL.md
LowNon Install Lifecycle Scripts
LowScripts Present
LowWeak Cryptodist/index.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings