registry  /  @eborja/synapse  /  0.1.4

@eborja/synapse@0.1.4

Synapse — the context-vault engine: a manifest-driven, role-based knowledge-graph renderer with semantic recall, SQL records tooling, linting, and a pluggable agent CLI. Package-agnostic; consumers keep their own vault + context.manifest.json.

AI Security Review

scanned 2h ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. The explicit `synapse install --write` command persists a package-owned shell/Claude Code integration. The explicit `synapse setup --write` command may download and execute Ollama's Linux installer.

Static reason
High-risk behavior combination matched malicious policy.; previous stored version diff introduced dangerous source
Trigger
User runs `synapse install --write` or `synapse setup --write`/`--yes`.
Impact
Changes shell and Claude Code configuration; Linux setup may execute a remote installer.
Mechanism
Opt-in agent integration persistence and opt-in runtime provisioning.
Rationale
Source inspection does not support a malicious verdict, but the package has explicit user-invoked persistence and remote-installer capabilities affecting AI-agent tooling. Warn rather than block under the stated lifecycle policy.
Evidence
package.jsonbin/synapse.mjslib/install.mjslib/setup.mjslib/gen-embeddings.mjsagents.sh~/.bash_profile~/.bashrc~/.zshrc~/.claude/settings.json~/.claude/CLAUDE.md
Network endpoints2
localhost:11434ollama.com/install.sh

Decision evidence

public snapshot
AI called this Suspicious at 91.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `lib/install.mjs` persists shell startup sourcing and modifies `~/.claude/settings.json` plus `~/.claude/CLAUDE.md` when explicitly run with `synapse install --write`.
  • `lib/setup.mjs` can execute `curl -fsSL https://ollama.com/install.sh | sh` on Linux, but only after an interactive confirmation or explicit `--write`/`--yes`.
  • `agents.sh` provides persistent AI-agent launch and gate controls once the user sources it.
Evidence against
  • `package.json` has no npm lifecycle hooks, so installation does not execute package code.
  • `lib/install.mjs` defaults to a printed dry run; its writes require explicit `--write`.
  • `lib/setup.mjs` is advisory off-TTY and prompts by default before installing Ollama or pulling a model.
  • Embedding traffic defaults to local Ollama at `http://localhost:11434`; no credential harvesting or exfiltration was found.
  • CLI dynamic import is restricted to a fixed command-to-file map in `bin/synapse.mjs`.
Behavioral surface
Source
ChildProcessDynamicRequireEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 15 file(s), 99.8 KB of source, external domains: ollama.com

Source & flagged code

7 flagged · loading source
lib/augment.mjsView file
34import { fileURLToPath } from "node:url"; L35: import { spawnSync } from "node:child_process"; L36: import {
High
Child Process

Package source references child process execution.

lib/augment.mjsView on unpkg · L34
bin/synapse.mjsView file
74process.argv = [process.argv[0], join(LIB, file), ...rest]; L75: await import(join(LIB, file));
Medium
Dynamic Require

Package source references dynamic require/import behavior.

bin/synapse.mjsView on unpkg · L74
lib/setup.mjsView file
48let ollamaOnPath = false; L49: try { execSync("command -v ollama", { stdio: "ignore", shell: process.env.SHELL || "/bin/sh" }); ollamaOnPath = true; } catch { /* not found */ } L50: ... L53: if (process.platform === "darwin") return { cmd: "brew install ollama", run: () => spawnSync("brew", ["install", "ollama"], { stdio: "inherit" }) }; L54: if (process.platform === "linux") return { cmd: "curl -fsSL https://ollama.com/install.sh | sh", run: () => spawnSync("sh", ["-c", "curl -fsSL https://ollama.com/install.sh | sh"],... L55: return { cmd: "see https://ollama.com/download", run: null };
Critical
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution with blocking evidence.

lib/setup.mjsView on unpkg · L48
17L18: import { execSync, spawnSync } from "node:child_process"; L19: import { createInterface } from "node:readline"; ... L36: if (!interactive) return false; // non-TTY / --no-input → advisory (don't act) L37: const rl = createInterface({ input: process.stdin, output: process.stdout }); L38: try { ... L48: let ollamaOnPath = false; L49: try { execSync("command -v ollama", { stdio: "ignore", shell: process.env.SHELL || "/bin/sh" }); ollamaOnPath = true; } catch { /* not found */ } L50: ... L52: // Returns { cmd, run } for the current platform — `run` executes it inheriting stdio. L53: if (process.platform === "darwin") return { cmd: "brew install ollama", run: () => spawnSync("brew", ["install", "ollama"], { stdio: "inherit" }) }; L54: if (process.platform === "linux") return { cmd: "curl -fsSL https://ollama.com/install.sh | sh", run: () => spawnSync("sh", ["-c", "curl -fsSL https://ollama.com/install.sh | sh"],...
Critical
Download Execute

Source downloads or fetches remote code and executes it.

lib/setup.mjsView on unpkg · L17
17L18: import { execSync, spawnSync } from "node:child_process"; L19: import { createInterface } from "node:readline"; ... L36: if (!interactive) return false; // non-TTY / --no-input → advisory (don't act) L37: const rl = createInterface({ input: process.stdin, output: process.stdout }); L38: try { ... L48: let ollamaOnPath = false; L49: try { execSync("command -v ollama", { stdio: "ignore", shell: process.env.SHELL || "/bin/sh" }); ollamaOnPath = true; } catch { /* not found */ } L50: ... L52: // Returns { cmd, run } for the current platform — `run` executes it inheriting stdio. L53: if (process.platform === "darwin") return { cmd: "brew install ollama", run: () => spawnSync("brew", ["install", "ollama"], { stdio: "inherit" }) }; L54: if (process.platform === "linux") return { cmd: "curl -fsSL https://ollama.com/install.sh | sh", run: () => spawnSync("sh", ["-c", "curl -fsSL https://ollama.com/install.sh | sh"],...
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

lib/setup.mjsView on unpkg · L17
agents.shView file
path = agents.sh kind = build_helper sizeBytes = 48200 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

agents.shView on unpkg
lib/install.mjsView file
matchType = previous_version_dangerous_delta matchedPackage = @eborja/synapse@0.1.1 matchedIdentity = npm:QGVib3JqYS9zeW5hcHNl:0.1.1 similarity = 0.867 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

lib/install.mjsView on unpkg

Findings

3 Critical3 High5 Medium4 Low
CriticalSame File Env Network Executionlib/setup.mjs
CriticalDownload Executelib/setup.mjs
CriticalPrevious Version Dangerous Deltalib/install.mjs
HighChild Processlib/augment.mjs
HighShell
HighSandbox Evasion Gated Capabilitylib/setup.mjs
MediumDynamic Requirebin/synapse.mjs
MediumNetwork
MediumEnvironment Vars
MediumShips Build Helperagents.sh
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings