registry  /  @eborja/synapse  /  0.1.7

@eborja/synapse@0.1.7

Synapse — the context-vault engine: a manifest-driven, role-based knowledge-graph renderer with semantic recall, SQL records tooling, linting, and a pluggable agent CLI. Package-agnostic; consumers keep their own vault + context.manifest.json.

AI Security Review

scanned 2h ago · by lpm-firewall-ai

Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
User runs `synapse install --write`, `synapse gate off`, or `synapse setup --write`/`--yes`.
Impact
Adds a sourced package shell helper, grants Claude Code access to the selected vault repo, and can disable the package-defined vault gate; optional setup executes Ollama's install command.
Mechanism
Explicit shell/AI-agent configuration mutation and optional Ollama provisioning.
Rationale
The package contains real, privileged AI-agent and shell setup features, so it warrants a warning under the explicit-user-command agent-config policy. Source inspection found no unconsented lifecycle execution or concrete malicious behavior.
Evidence
package.jsonbin/synapse.mjslib/install.mjslib/setup.mjslib/gen-embeddings.mjsagents.sh$HOME/.zshrc$HOME/.bashrc$HOME/.bash_profile$HOME/.claude/settings.json$HOME/.claude/CLAUDE.md$HOME/.claude/vault-gate-off
Network endpoints4
ollama.com/install.shlocalhost:11434/api/tagslocalhost:11434/api/embedlocalhost:11434/api/embeddings

Decision evidence

public snapshot
AI called this Suspicious at 94.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `lib/install.mjs` explicitly writes shell RC and Claude configuration only with `synapse install --write`.
  • `lib/install.mjs` adds the resolved repo to `~/.claude/settings.json` additional directories and appends `~/.claude/CLAUDE.md`.
  • `agents.sh` defines `vault-gate off`, which writes `$HOME/.claude/vault-gate-off` when explicitly invoked.
  • `lib/setup.mjs` can pipe `https://ollama.com/install.sh` to `sh`, but only after an interactive confirmation or explicit `--write`/`--yes`.
Evidence against
  • `package.json` has no preinstall, install, postinstall, or prepare lifecycle hook.
  • `bin/synapse.mjs` dynamically imports only a fixed allowlisted command-to-file map.
  • Embedding traffic targets local Ollama by default (`http://localhost:11434`) and sends vault text only to the configured Ollama base.
  • No credential harvesting, remote payload import, stealth persistence, destructive deletion, or network exfiltration was found.
  • `synapse install` is dry-run unless the user supplies `--write`; setup is advisory off a TTY by default.
Behavioral surface
Source
ChildProcessDynamicRequireEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 15 file(s), 99.8 KB of source, external domains: ollama.com

Source & flagged code

6 flagged · loading source
lib/augment.mjsView file
34import { fileURLToPath } from "node:url"; L35: import { spawnSync } from "node:child_process"; L36: import {
High
Child Process

Package source references child process execution.

lib/augment.mjsView on unpkg · L34
bin/synapse.mjsView file
74process.argv = [process.argv[0], join(LIB, file), ...rest]; L75: await import(join(LIB, file));
Medium
Dynamic Require

Package source references dynamic require/import behavior.

bin/synapse.mjsView on unpkg · L74
lib/setup.mjsView file
48let ollamaOnPath = false; L49: try { execSync("command -v ollama", { stdio: "ignore", shell: process.env.SHELL || "/bin/sh" }); ollamaOnPath = true; } catch { /* not found */ } L50: ... L53: if (process.platform === "darwin") return { cmd: "brew install ollama", run: () => spawnSync("brew", ["install", "ollama"], { stdio: "inherit" }) }; L54: if (process.platform === "linux") return { cmd: "curl -fsSL https://ollama.com/install.sh | sh", run: () => spawnSync("sh", ["-c", "curl -fsSL https://ollama.com/install.sh | sh"],... L55: return { cmd: "see https://ollama.com/download", run: null };
Critical
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution with blocking evidence.

lib/setup.mjsView on unpkg · L48
17L18: import { execSync, spawnSync } from "node:child_process"; L19: import { createInterface } from "node:readline"; ... L36: if (!interactive) return false; // non-TTY / --no-input → advisory (don't act) L37: const rl = createInterface({ input: process.stdin, output: process.stdout }); L38: try { ... L48: let ollamaOnPath = false; L49: try { execSync("command -v ollama", { stdio: "ignore", shell: process.env.SHELL || "/bin/sh" }); ollamaOnPath = true; } catch { /* not found */ } L50: ... L52: // Returns { cmd, run } for the current platform — `run` executes it inheriting stdio. L53: if (process.platform === "darwin") return { cmd: "brew install ollama", run: () => spawnSync("brew", ["install", "ollama"], { stdio: "inherit" }) }; L54: if (process.platform === "linux") return { cmd: "curl -fsSL https://ollama.com/install.sh | sh", run: () => spawnSync("sh", ["-c", "curl -fsSL https://ollama.com/install.sh | sh"],...
Critical
Download Execute

Source downloads or fetches remote code and executes it.

lib/setup.mjsView on unpkg · L17
17L18: import { execSync, spawnSync } from "node:child_process"; L19: import { createInterface } from "node:readline"; ... L36: if (!interactive) return false; // non-TTY / --no-input → advisory (don't act) L37: const rl = createInterface({ input: process.stdin, output: process.stdout }); L38: try { ... L48: let ollamaOnPath = false; L49: try { execSync("command -v ollama", { stdio: "ignore", shell: process.env.SHELL || "/bin/sh" }); ollamaOnPath = true; } catch { /* not found */ } L50: ... L52: // Returns { cmd, run } for the current platform — `run` executes it inheriting stdio. L53: if (process.platform === "darwin") return { cmd: "brew install ollama", run: () => spawnSync("brew", ["install", "ollama"], { stdio: "inherit" }) }; L54: if (process.platform === "linux") return { cmd: "curl -fsSL https://ollama.com/install.sh | sh", run: () => spawnSync("sh", ["-c", "curl -fsSL https://ollama.com/install.sh | sh"],...
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

lib/setup.mjsView on unpkg · L17
agents.shView file
path = agents.sh kind = build_helper sizeBytes = 51204 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

agents.shView on unpkg

Findings

2 Critical3 High5 Medium4 Low
CriticalSame File Env Network Executionlib/setup.mjs
CriticalDownload Executelib/setup.mjs
HighChild Processlib/augment.mjs
HighShell
HighSandbox Evasion Gated Capabilitylib/setup.mjs
MediumDynamic Requirebin/synapse.mjs
MediumNetwork
MediumEnvironment Vars
MediumShips Build Helperagents.sh
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings