registry  /  @fased/fased  /  0.1.13

@fased/fased@0.1.13

Fased Agent self-hosted AI gateway with channels, tools, plugins, and operator modules

AI Security Review

scanned 4d ago · by lpm-firewall-ai

No confirmed malicious attack surface was established. Risky primitives are aligned with a self-hosted AI gateway and messaging CLI: configured provider auth, Discord sending, and audio conversion.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
User runs the fased CLI or explicit npm prepare in a git worktree
Impact
No unauthorized exfiltration or destructive effect confirmed by source inspection
Mechanism
package-aligned CLI, onboarding, messaging, and media conversion features
Rationale
Scanner findings map to legitimate CLI capabilities: Discord messaging, provider credential onboarding, local browser relay, and media conversion. The prepare hook is questionable packaging hygiene but only sets a local git hooks path when run inside a git worktree, with no confirmed malicious payload or exfiltration.
Evidence
package.jsonfased.mjsscripts/run-node.mjsdist/index.jsdist/send-pgDAogV8.jsdist/auth-choice-DT4p5QVd.jsdist/paths-CcTInsz7.js
Network endpoints3
discord.com/api/v10discord.com/api/v10/webhooks/github.com/login/oauth/access_token

Decision evidence

public snapshot
AI called this Clean at 86.0% confidence as Benign with medium false-positive risk.
Evidence for block
  • package.json has a prepare hook that runs git config core.hooksPath git-hooks when inside a git worktree.
  • dist/send-pgDAogV8.js can send Discord messages/webhooks and upload media to Discord under runtime options.
  • dist/send-pgDAogV8.js invokes ffprobe/ffmpeg for user-requested Discord voice message conversion.
Evidence against
  • fased.mjs only bootstraps dist entry and warning filter; no install-time exfiltration observed.
  • dist/index.js import-time work loads dotenv, normalizes env, builds CLI, and only parses commands when run as main.
  • dist/auth-choice-DT4p5QVd.js handles explicit onboarding secrets/OAuth and stores configured auth profiles, not ambient credential harvesting.
  • Discord network endpoints in dist/send-pgDAogV8.js are package-aligned messaging features using configured tokens/targets.
  • No evidence of hidden payload download, persistence, destructive behavior, or unauthorized AI-agent control-surface mutation.
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsEvalFilesystemNativeBindingsNetworkShellWebSocket
Supply chain
HighEntropyStringsMinifiedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 1,513 file(s), 36.4 MB of source, external domains: 127.0.0.1, 192.168.1.100, 192.168.1.5, accounts.google.com, agent.example.com, ai-gateway.vercel.sh, aistudio.google.com, albumart.url, api.anthropic.com, api.botframework.com, api.chutes.ai, api.devnet.solana.com, api.elevenlabs.io, api.example.com, api.firecrawl.dev, api.github.com, api.individual.githubcopilot.com, api.jup.ag, api.kimi.com, api.mainnet-beta.solana.com, api.minimax.io, api.minimaxi.com, api.mistral.ai, api.moonshot.ai, api.moonshot.cn, api.openai.com, api.perplexity.ai, api.plivo.com, api.push.apple.com, api.sandbox.push.apple.com, api.synthetic.new, api.telegram.org, api.telnyx.com, api.together.xyz, api.twilio.com, api.venice.ai, api.voyageai.com, api.x.ai, api.xiaomimimo.com, api.z.ai, ark.ap-southeast.bytepluses.com, ark.cn-beijing.volces.com, arweave.net, auth.x.ai, autopush-cloudcode-pa.sandbox.googleapis.com, bot-api.zaloplatforms.com, bot.zaloplatforms.com, brave.com, brew.sh, bun.sh
Oversized source lightweight scan
dist/auth-Ba9Dk7FX.js4.38 MB file, sampled 256 KB
FilesystemNetworkChildProcessEnvironmentVarsCryptoShellWebSocketUrlStringsapi.telegram.orgdocs.fased.ai
dist/model-catalog-hjXNofhs.js4.48 MB file, sampled 256 KB
FilesystemNetworkChildProcessEnvironmentVarsCryptoShellWebSocketHighEntropyStringsUrlStringsapi.elevenlabs.ioapi.openai.comapi.telegram.org
dist/pi-embedded-BvqQUzWN.js4.38 MB file, sampled 256 KB
FilesystemNetworkChildProcessEnvironmentVarsCryptoShellWebSocketHighEntropyStringsUrlStringsapi.anthropic.comapi.elevenlabs.ioapi.openai.comchatgpt.comdocs.fased.aigithub.comopenrouter.ai
dist/pi-embedded-F3Zt8ed6.js4.38 MB file, sampled 256 KB
FilesystemNetworkChildProcessEnvironmentVarsCryptoShellWebSocketHighEntropyStringsUrlStringsapi.anthropic.comapi.elevenlabs.ioapi.openai.comchatgpt.comdocs.fased.aigithub.comopenrouter.ai
dist/plugin-sdk/reply-DQvYSWCp.js4.39 MB file, sampled 256 KB
FilesystemNetworkChildProcessEnvironmentVarsCryptoShellWebSocketHighEntropyStringsUrlStringsdocs.fased.aiexample.com
dist/plugin-sdk/status-KYehxhnn.js4.38 MB file, sampled 256 KB
FilesystemNetworkChildProcessEnvironmentVarsCryptoShellWebSocketHighEntropyStringsUrlStrings127.0.0.1arweave.netipfs.iolite-api.jup.ag
dist/reply-Baz1gE0S.js4.48 MB file, sampled 256 KB
FilesystemNetworkChildProcessEnvironmentVarsCryptoShellWebSocketHighEntropyStringsUrlStrings127.0.0.1api.devnet.solana.comapi.mainnet-beta.solana.comapi.minimax.ioexample.com

Source & flagged code

41 flagged · loading source
dist/paths-CcTInsz7.jsView file
8import { createHmac } from "node:crypto"; L9: import { execFileSync, spawn } from "node:child_process"; L10: import { createServer } from "node:http";
High
Child Process

Package source references child process execution.

dist/paths-CcTInsz7.jsView on unpkg · L8
extensions/acpx/src/runtime-internals/process.tsView file
33args: params.args, L34: shell: true, L35: };
High
Shell

Package source references shell execution.

extensions/acpx/src/runtime-internals/process.tsView on unpkg · L33
dist/query-expansion-aFF5iDSy.jsView file
84//#region src/memory/sqlite.ts L85: const require = createRequire(import.meta.url); L86: function requireNodeSqlite() {
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/query-expansion-aFF5iDSy.jsView on unpkg · L84
extensions/voice-call/src/webhook-security.tsView file
76* L77: * @see https://www.twilio.[redacted]-security L78: */ ... L82: url: string, L83: params: URLSearchParams, L84: ): boolean { ... L90: L91: // HMAC-SHA1 with auth token, then base64 encode L92: const expectedSignature = crypto
Low
Weak Crypto

Package source references weak cryptographic algorithms.

extensions/voice-call/src/webhook-security.tsView on unpkg · L76
dist/completion-cli-BS5owZSW.jsView file
1import { t as __exportAll } from "./rolldown-runtime-Cbj13DAv.js"; L2: import { gu as routeLogsToStderr } from "./env-DZf2YiRU.js"; L3: import { H as theme, _ as pathExists } from "./agent-paths-DUHGyU1s.js"; ... L52: "bash", L53: "powershell", L54: "fish" ... L58: } L59: function resolveShellFromEnv(env = process.env) { L60: const shellPath = env.SHELL?.trim() ?? ""; ... L73: function resolveCompletionCacheDir(env = process.env) { L74: const stateDir = resolveStateDir(env, os.homedir); L75: return path.join(stateDir, "completions");
Medium
Install Persistence

Source writes installer persistence such as shell profile or service configuration.

dist/completion-cli-BS5owZSW.jsView on unpkg · L1
dist/auth-choice-DT4p5QVd.jsView file
1import { $r as XIAOMI_DEFAULT_MODEL_ID, $s as VERCEL_AI_GATEWAY_MODEL_REFS, Bc as [redacted], Bi as parseOAuthCallbackInput, Bs as ZAI_MODEL_REFS, Cc as LITE... L2: import { n as resolveFasedAgentAgentDir } from "./agent-paths-DUHGyU1s.js"; ... L16: import { loginAnthropic, loginOpenAICodex } from "@mariozechner/pi-ai"; L17: import { createServer } from "node:http"; L18: import { intro, note, outro, spinner } from "@clack/prompts"; ... L84: params.spin.stop("OAuth URL ready"); L85: manualCodePromise = params.prompter.text({ L86: message: [ ... L244: if (!fallbackEnvVar) throw new Error(`No default environment variable mapping found for provider "${params.provider}". Set a provider-specific env var, or re-run onboarding in an i... L245: const value = process.env[fallbackEnvVar]?.trim(); L246: if (!value) throw new Error(`Environment variable "${fallbackEnvVar}" is required for --secret-input-mode ref in non-interactive onboarding.`); ... L520: if (process.env.REMOTE_CONTAINERS || process.env.CODESPACES) return true;
Critical
Credential Exfiltration

Source appears to send environment or credential material to an external endpoint.

dist/auth-choice-DT4p5QVd.jsView on unpkg · L1
dist/send-pgDAogV8.jsView file
15import crypto from "node:crypto"; L16: import { execFile } from "node:child_process"; L17: import { Button, ChannelSelectMenu, CheckboxGroup, Container, Embed, File, Label, LinkButton, MediaGallery, MentionableSelectMenu, Modal, RadioGroup, RequestClient, RoleSelectMenu,... ... L130: //#region src/discord/api.ts L131: const DISCORD_API_BASE = "https://discord.com/api/v10"; L132: const DISCORD_API_RETRY_DEFAULTS = { ... L141: try { L142: const payload = JSON.parse(trimmed); L143: if (payload && typeof payload === "object") return payload; ... L543: for (const guild of guilds) { L544: const paramsObj = new URLSearchParams({ L545: query,
Critical
Command Output Exfiltration

Source executes local commands and sends command output to an external endpoint.

dist/send-pgDAogV8.jsView on unpkg · L15
15Trigger-reachable chain: manifest.main -> dist/index.js -> dist/send-pgDAogV8.js L15: import crypto from "node:crypto"; L16: import { execFile } from "node:child_process"; L17: import { Button, ChannelSelectMenu, CheckboxGroup, Container, Embed, File, Label, LinkButton, MediaGallery, MentionableSelectMenu, Modal, RadioGroup, RequestClient, RoleSelectMenu,... ... L130: //#region src/discord/api.ts L131: const DISCORD_API_BASE = "https://discord.com/api/v10"; L132: const DISCORD_API_RETRY_DEFAULTS = { ... L141: try { L142: const payload = JSON.parse(trimmed); L143: if (payload && typeof payload === "object") return payload; ... L543: for (const guild of guilds) { L544: const paramsObj = new URLSearchParams({ L545: query,
Critical
Trigger Reachable Dangerous Capability

A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.

dist/send-pgDAogV8.jsView on unpkg · L15
scripts/start-managed.shView file
path = scripts/start-managed.sh kind = build_helper sizeBytes = 56771 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

scripts/start-managed.shView on unpkg
dist/model-catalog-hjXNofhs.jsView file
path = dist/model-catalog-hjXNofhs.js kind = oversized_source_file sizeBytes = 4696375 magicHex = [redacted]
High
Oversized Source File

Package contains source files above the static scanner size ceiling.

dist/model-catalog-hjXNofhs.jsView on unpkg
docs/zh-CN/gateway/tailscale.mdView file
80patternName = generic_password severity = medium line = 80 matchedText = auth: { ..." },
Medium
Secret Pattern

Hardcoded password in docs/zh-CN/gateway/tailscale.md

docs/zh-CN/gateway/tailscale.mdView on unpkg · L80
docs/zh-CN/gateway/configuration.mdView file
3027patternName = generic_password severity = medium line = 3027 matchedText = password...rd",
Medium
Secret Pattern

Hardcoded password in docs/zh-CN/gateway/configuration.md

docs/zh-CN/gateway/configuration.mdView on unpkg · L3027
docs/zh-CN/channels/bluebubbles.mdView file
43patternName = generic_password severity = medium line = 43 matchedText = password...rd",
Medium
Secret Pattern

Hardcoded password in docs/zh-CN/channels/bluebubbles.md

docs/zh-CN/channels/bluebubbles.mdView on unpkg · L43
docs/gateway/tailscale.mdView file
128patternName = generic_password severity = medium line = 128 matchedText = auth: { ..." },
Medium
Secret Pattern

Hardcoded password in docs/gateway/tailscale.md

docs/gateway/tailscale.mdView on unpkg · L128
docs/gateway/configuration-reference.mdView file
629patternName = generic_password severity = medium line = 629 matchedText = password...D}",
Medium
Secret Pattern

Hardcoded password in docs/gateway/configuration-reference.md

docs/gateway/configuration-reference.mdView on unpkg · L629
2371patternName = generic_password severity = medium line = 2371 matchedText = // passw...WORD
Medium
Secret Pattern

Hardcoded password in docs/gateway/configuration-reference.md

docs/gateway/configuration-reference.mdView on unpkg · L2371
2398patternName = generic_password severity = medium line = 2398 matchedText = // passw...rd",
Medium
Secret Pattern

Hardcoded password in docs/gateway/configuration-reference.md

docs/gateway/configuration-reference.mdView on unpkg · L2398
docs/channels/bluebubbles.mdView file
51patternName = generic_password severity = medium line = 51 matchedText = password...rd",
Medium
Secret Pattern

Hardcoded password in docs/channels/bluebubbles.md

docs/channels/bluebubbles.mdView on unpkg · L51
extensions/irc/src/client.test.tsView file
39patternName = generic_password severity = medium line = 39 matchedText = password...ad",
Medium
Secret Pattern

Hardcoded password in extensions/irc/src/client.test.ts

extensions/irc/src/client.test.tsView on unpkg · L39
extensions/bluebubbles/src/attachments.test.tsView file
90patternName = generic_password severity = medium line = 90 matchedText = password...rd",
Medium
Secret Pattern

Hardcoded password in extensions/bluebubbles/src/attachments.test.ts

extensions/bluebubbles/src/attachments.test.tsView on unpkg · L90
100patternName = generic_password severity = medium line = 100 matchedText = password...rd",
Medium
Secret Pattern

Hardcoded password in extensions/bluebubbles/src/attachments.test.ts

extensions/bluebubbles/src/attachments.test.tsView on unpkg · L100
132patternName = generic_password severity = medium line = 132 matchedText = password...rd",
Medium
Secret Pattern

Hardcoded password in extensions/bluebubbles/src/attachments.test.ts

extensions/bluebubbles/src/attachments.test.tsView on unpkg · L132
154patternName = generic_password severity = medium line = 154 matchedText = password...rd",
Medium
Secret Pattern

Hardcoded password in extensions/bluebubbles/src/attachments.test.ts

extensions/bluebubbles/src/attachments.test.tsView on unpkg · L154
260patternName = generic_password severity = medium line = 260 matchedText = password...rd",
Medium
Secret Pattern

Hardcoded password in extensions/bluebubbles/src/attachments.test.ts

extensions/bluebubbles/src/attachments.test.tsView on unpkg · L260
extensions/bluebubbles/src/send.test.tsView file
733patternName = generic_password severity = medium line = 733 matchedText = password...ss",
Medium
Secret Pattern

Hardcoded password in extensions/bluebubbles/src/send.test.ts

extensions/bluebubbles/src/send.test.tsView on unpkg · L733
extensions/bluebubbles/src/monitor.test.tsView file
303patternName = generic_password severity = medium line = 303 matchedText = password...rd",
Medium
Secret Pattern

Hardcoded password in extensions/bluebubbles/src/monitor.test.ts

extensions/bluebubbles/src/monitor.test.tsView on unpkg · L303
563patternName = generic_password severity = medium line = 563 matchedText = const ac... });
Medium
Secret Pattern

Hardcoded password in extensions/bluebubbles/src/monitor.test.ts

extensions/bluebubbles/src/monitor.test.tsView on unpkg · L563
599patternName = generic_password severity = medium line = 599 matchedText = const ac... });
Medium
Secret Pattern

Hardcoded password in extensions/bluebubbles/src/monitor.test.ts

extensions/bluebubbles/src/monitor.test.tsView on unpkg · L599
639patternName = generic_password severity = medium line = 639 matchedText = const ac... });
Medium
Secret Pattern

Hardcoded password in extensions/bluebubbles/src/monitor.test.ts

extensions/bluebubbles/src/monitor.test.tsView on unpkg · L639
674patternName = generic_password severity = medium line = 674 matchedText = const ac... });
Medium
Secret Pattern

Hardcoded password in extensions/bluebubbles/src/monitor.test.ts

extensions/bluebubbles/src/monitor.test.tsView on unpkg · L674
675patternName = generic_password severity = medium line = 675 matchedText = const ac... });
Medium
Secret Pattern

Hardcoded password in extensions/bluebubbles/src/monitor.test.ts

extensions/bluebubbles/src/monitor.test.tsView on unpkg · L675
728patternName = generic_password severity = medium line = 728 matchedText = const ac... });
Medium
Secret Pattern

Hardcoded password in extensions/bluebubbles/src/monitor.test.ts

extensions/bluebubbles/src/monitor.test.tsView on unpkg · L728
782patternName = generic_password severity = medium line = 782 matchedText = const ac... });
Medium
Secret Pattern

Hardcoded password in extensions/bluebubbles/src/monitor.test.ts

extensions/bluebubbles/src/monitor.test.tsView on unpkg · L782
3088patternName = generic_password severity = medium line = 3088 matchedText = ...creat... }),
Medium
Secret Pattern

Hardcoded password in extensions/bluebubbles/src/monitor.test.ts

extensions/bluebubbles/src/monitor.test.tsView on unpkg · L3088
3092patternName = generic_password severity = medium line = 3092 matchedText = ...creat... }),
Medium
Secret Pattern

Hardcoded password in extensions/bluebubbles/src/monitor.test.ts

extensions/bluebubbles/src/monitor.test.tsView on unpkg · L3092
extensions/bluebubbles/src/actions.test.tsView file
54patternName = generic_password severity = medium line = 54 matchedText = password...rd",
Medium
Secret Pattern

Hardcoded password in extensions/bluebubbles/src/actions.test.ts

extensions/bluebubbles/src/actions.test.tsView on unpkg · L54
95patternName = generic_password severity = medium line = 95 matchedText = password...rd",
Medium
Secret Pattern

Hardcoded password in extensions/bluebubbles/src/actions.test.ts

extensions/bluebubbles/src/actions.test.tsView on unpkg · L95
109patternName = generic_password severity = medium line = 109 matchedText = password...rd",
Medium
Secret Pattern

Hardcoded password in extensions/bluebubbles/src/actions.test.ts

extensions/bluebubbles/src/actions.test.tsView on unpkg · L109
128patternName = generic_password severity = medium line = 128 matchedText = password...rd",
Medium
Secret Pattern

Hardcoded password in extensions/bluebubbles/src/actions.test.ts

extensions/bluebubbles/src/actions.test.tsView on unpkg · L128
207patternName = generic_password severity = medium line = 207 matchedText = password...rd",
Medium
Secret Pattern

Hardcoded password in extensions/bluebubbles/src/actions.test.ts

extensions/bluebubbles/src/actions.test.tsView on unpkg · L207
226patternName = generic_password severity = medium line = 226 matchedText = password...rd",
Medium
Secret Pattern

Hardcoded password in extensions/bluebubbles/src/actions.test.ts

extensions/bluebubbles/src/actions.test.tsView on unpkg · L226

Findings

3 Critical3 High37 Medium7 Low
CriticalCredential Exfiltrationdist/auth-choice-DT4p5QVd.js
CriticalCommand Output Exfiltrationdist/send-pgDAogV8.js
CriticalTrigger Reachable Dangerous Capabilitydist/send-pgDAogV8.js
HighChild Processdist/paths-CcTInsz7.js
HighShellextensions/acpx/src/runtime-internals/process.ts
HighOversized Source Filedist/model-catalog-hjXNofhs.js
MediumDynamic Requiredist/query-expansion-aFF5iDSy.js
MediumNetwork
MediumEnvironment Vars
MediumInstall Persistencedist/completion-cli-BS5owZSW.js
MediumShips Build Helperscripts/start-managed.sh
MediumStructural Risk Force Deep Review
MediumSecret Patterndocs/zh-CN/gateway/tailscale.md
MediumSecret Patterndocs/zh-CN/gateway/configuration.md
MediumSecret Patterndocs/zh-CN/channels/bluebubbles.md
MediumSecret Patterndocs/gateway/tailscale.md
MediumSecret Patterndocs/gateway/configuration-reference.md
MediumSecret Patterndocs/gateway/configuration-reference.md
MediumSecret Patterndocs/gateway/configuration-reference.md
MediumSecret Patterndocs/channels/bluebubbles.md
MediumSecret Patternextensions/irc/src/client.test.ts
MediumSecret Patternextensions/bluebubbles/src/attachments.test.ts
MediumSecret Patternextensions/bluebubbles/src/attachments.test.ts
MediumSecret Patternextensions/bluebubbles/src/attachments.test.ts
MediumSecret Patternextensions/bluebubbles/src/attachments.test.ts
MediumSecret Patternextensions/bluebubbles/src/attachments.test.ts
MediumSecret Patternextensions/bluebubbles/src/send.test.ts
MediumSecret Patternextensions/bluebubbles/src/monitor.test.ts
MediumSecret Patternextensions/bluebubbles/src/monitor.test.ts
MediumSecret Patternextensions/bluebubbles/src/monitor.test.ts
MediumSecret Patternextensions/bluebubbles/src/monitor.test.ts
MediumSecret Patternextensions/bluebubbles/src/monitor.test.ts
MediumSecret Patternextensions/bluebubbles/src/monitor.test.ts
MediumSecret Patternextensions/bluebubbles/src/monitor.test.ts
MediumSecret Patternextensions/bluebubbles/src/monitor.test.ts
MediumSecret Patternextensions/bluebubbles/src/monitor.test.ts
MediumSecret Patternextensions/bluebubbles/src/monitor.test.ts
MediumSecret Patternextensions/bluebubbles/src/actions.test.ts
MediumSecret Patternextensions/bluebubbles/src/actions.test.ts
MediumSecret Patternextensions/bluebubbles/src/actions.test.ts
MediumSecret Patternextensions/bluebubbles/src/actions.test.ts
MediumSecret Patternextensions/bluebubbles/src/actions.test.ts
MediumSecret Patternextensions/bluebubbles/src/actions.test.ts
LowNon Install Lifecycle Scripts
LowScripts Present
LowEval
LowWeak Cryptoextensions/voice-call/src/webhook-security.ts
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings