registry  /  @fased/fased  /  0.1.14

@fased/fased@0.1.14

Fased Agent self-hosted AI gateway with channels, tools, plugins, and operator modules

AI Security Review

scanned 1d ago · by lpm-firewall-ai

The confirmed issue is lifecycle-time mutation of the installing repository's Git hook path. It can disable or redirect project hooks without user consent during package install/build preparation.

Static reason
High-risk behavior combination matched malicious policy.; previous stored version diff introduced dangerous source
Trigger
npm prepare lifecycle in a git worktree
Impact
Unconsented VCS hook control-surface mutation in the consumer project; can alter future hook execution semantics.
Mechanism
git config core.hooksPath git-hooks
Attack narrative
On lifecycle prepare, the package checks for git and whether the current directory is inside a worktree, then rewrites core.hooksPath to git-hooks. This affects the consumer repository during install/preparation rather than being a user-invoked CLI action, and no packaged git-hooks directory was present to bound the behavior to a documented package-owned hook setup.
Rationale
Source inspection confirms an unguarded prepare hook that mutates Git hook configuration in the installing project; under the provided policy, unconsented lifecycle VCS hook mutation is blockable persistence. Other scanner hits are largely package-aligned Discord/AI gateway functionality, but they do not neutralize the lifecycle hook behavior.
Evidence
package.jsonfased.mjsdist/index.jsdist/send-BfoWn2uU.jsdist/send-pgDAogV8.js.git/configgit-hooks

Decision evidence

public snapshot
AI called this Malicious at 86.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • package.json prepare runs during npm lifecycle and executes git config core.hooksPath git-hooks when installed inside any git worktree.
  • The package file list does not include git-hooks, so lifecycle mutates the consumer repo's VCS hook configuration without shipping a package-owned hook directory.
  • This is unconsented install-time mutation of a project control surface, matching the VCS hook persistence policy.
Evidence against
  • fased.mjs only bootstraps the CLI and imports dist/entry.js; no install-time import execution found there.
  • dist/send-BfoWn2uU.js/dist/send-pgDAogV8.js Discord network and ffmpeg/ffprobe execution are channel-send features, not automatic exfiltration.
  • No evidence of credential harvesting or hardcoded exfiltration endpoint beyond configured service APIs.
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsEvalFilesystemNativeBindingsNetworkShellWebSocket
Supply chain
HighEntropyStringsMinifiedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 1,513 file(s), 36.4 MB of source, external domains: 127.0.0.1, 192.168.1.100, 192.168.1.5, accounts.google.com, agent.example.com, ai-gateway.vercel.sh, aistudio.google.com, albumart.url, api.anthropic.com, api.botframework.com, api.chutes.ai, api.devnet.solana.com, api.elevenlabs.io, api.example.com, api.firecrawl.dev, api.github.com, api.individual.githubcopilot.com, api.jup.ag, api.kimi.com, api.mainnet-beta.solana.com, api.minimax.io, api.minimaxi.com, api.mistral.ai, api.moonshot.ai, api.moonshot.cn, api.openai.com, api.perplexity.ai, api.plivo.com, api.push.apple.com, api.sandbox.push.apple.com, api.synthetic.new, api.telegram.org, api.telnyx.com, api.together.xyz, api.twilio.com, api.venice.ai, api.voyageai.com, api.x.ai, api.xiaomimimo.com, api.z.ai, ark.ap-southeast.bytepluses.com, ark.cn-beijing.volces.com, arweave.net, auth.x.ai, autopush-cloudcode-pa.sandbox.googleapis.com, bot-api.zaloplatforms.com, bot.zaloplatforms.com, brave.com, brew.sh, bun.sh
Oversized source lightweight scan
dist/auth-B7xL5wBQ.js4.38 MB file, sampled 256 KB
FilesystemNetworkChildProcessEnvironmentVarsCryptoShellWebSocketUrlStringsapi.telegram.orgdocs.fased.ai
dist/model-catalog-QdGjCBzQ.js4.48 MB file, sampled 256 KB
FilesystemNetworkChildProcessEnvironmentVarsCryptoShellWebSocketHighEntropyStringsUrlStringsapi.elevenlabs.ioapi.openai.comapi.telegram.org
dist/pi-embedded-D-WBZS6e.js4.38 MB file, sampled 256 KB
FilesystemNetworkChildProcessEnvironmentVarsCryptoShellWebSocketHighEntropyStringsUrlStringsapi.anthropic.comapi.elevenlabs.ioapi.openai.comchatgpt.comdocs.fased.aigithub.comopenrouter.ai
dist/pi-embedded-IqgbZA5l.js4.38 MB file, sampled 256 KB
FilesystemNetworkChildProcessEnvironmentVarsCryptoShellWebSocketHighEntropyStringsUrlStringsapi.anthropic.comapi.elevenlabs.ioapi.openai.comchatgpt.comdocs.fased.aigithub.comopenrouter.ai
dist/plugin-sdk/reply-D9WhCAf0.js4.39 MB file, sampled 256 KB
FilesystemNetworkChildProcessEnvironmentVarsCryptoShellWebSocketHighEntropyStringsUrlStringsdocs.fased.aiexample.com
dist/plugin-sdk/status-BtSfRg0Y.js4.38 MB file, sampled 256 KB
FilesystemNetworkChildProcessEnvironmentVarsCryptoShellWebSocketHighEntropyStringsUrlStrings127.0.0.1arweave.netipfs.iolite-api.jup.ag
dist/reply-CHDxge29.js4.48 MB file, sampled 256 KB
FilesystemNetworkChildProcessEnvironmentVarsCryptoShellWebSocketHighEntropyStringsUrlStrings127.0.0.1api.devnet.solana.comapi.mainnet-beta.solana.comapi.minimax.ioexample.com

Source & flagged code

41 flagged · loading source
dist/paths-CcTInsz7.jsView file
8import { createHmac } from "node:crypto"; L9: import { execFileSync, spawn } from "node:child_process"; L10: import { createServer } from "node:http";
High
Child Process

Package source references child process execution.

dist/paths-CcTInsz7.jsView on unpkg · L8
dist/daemon-cli.jsView file
805const isWindows = process.platform === "win32"; L806: return await execFileUtf8(isWindows ? process.env.ComSpec ?? "cmd.exe" : "launchctl", isWindows ? [ L807: "/d",
High
Shell

Package source references shell execution.

dist/daemon-cli.jsView on unpkg · L805
38import fs$1 from "node:fs/promises"; L39: import { execFile, spawn } from "node:child_process"; L40: import { fileURLToPath } from "node:url"; ... L88: for (const basename of MANAGED_SCRIPT_BASENAMES) { L89: const cwdCandidate = path.resolve(process.cwd(), "scripts", basename); L90: seen.add(cwdCandidate); ... L195: const { execFileSync } = await import("node:child_process"); L196: const cmd = process.platform === "win32" ? "where" : "which"; L197: try { ... L202: } catch { L203: if (binary === "bun") throw new Error("Bun not found in PATH. Install bun: https://bun.sh"); L204: throw new Error("Node not found in PATH. Install Node 22+.");
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

dist/daemon-cli.jsView on unpkg · L38
38import fs$1 from "node:fs/promises"; L39: import { execFile, spawn } from "node:child_process"; L40: import { fileURLToPath } from "node:url"; ... L88: for (const basename of MANAGED_SCRIPT_BASENAMES) { L89: const cwdCandidate = path.resolve(process.cwd(), "scripts", basename); L90: seen.add(cwdCandidate); ... L195: const { execFileSync } = await import("node:child_process"); L196: const cmd = process.platform === "win32" ? "where" : "which"; L197: try { ... L202: } catch { L203: if (binary === "bun") throw new Error("Bun not found in PATH. Install bun: https://bun.sh"); L204: throw new Error("Node not found in PATH. Install Node 22+.");
Medium
Install Persistence

Source writes installer persistence such as shell profile or service configuration.

dist/daemon-cli.jsView on unpkg · L38
dist/query-expansion-aFF5iDSy.jsView file
84//#region src/memory/sqlite.ts L85: const require = createRequire(import.meta.url); L86: function requireNodeSqlite() {
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/query-expansion-aFF5iDSy.jsView on unpkg · L84
extensions/voice-call/src/webhook-security.tsView file
76* L77: * @see https://www.twilio.[redacted]-security L78: */ ... L82: url: string, L83: params: URLSearchParams, L84: ): boolean { ... L90: L91: // HMAC-SHA1 with auth token, then base64 encode L92: const expectedSignature = crypto
Low
Weak Crypto

Package source references weak cryptographic algorithms.

extensions/voice-call/src/webhook-security.tsView on unpkg · L76
dist/send-BfoWn2uU.jsView file
12import fs from "node:fs/promises"; L13: import { execFile } from "node:child_process"; L14: import { promisify } from "node:util"; ... L129: //#region src/discord/api.ts L130: const DISCORD_API_BASE = "https://discord.com/api/v10"; L131: const DISCORD_API_RETRY_DEFAULTS = { ... L140: try { L141: const payload = JSON.parse(trimmed); L142: if (payload && typeof payload === "object") return payload; ... L542: for (const guild of guilds) { L543: const paramsObj = new URLSearchParams({ L544: query,
Critical
Command Output Exfiltration

Source executes local commands and sends command output to an external endpoint.

dist/send-BfoWn2uU.jsView on unpkg · L12
dist/send-pgDAogV8.jsView file
15Trigger-reachable chain: manifest.main -> dist/index.js -> dist/send-pgDAogV8.js L15: import crypto from "node:crypto"; L16: import { execFile } from "node:child_process"; L17: import { Button, ChannelSelectMenu, CheckboxGroup, Container, Embed, File, Label, LinkButton, MediaGallery, MentionableSelectMenu, Modal, RadioGroup, RequestClient, RoleSelectMenu,... ... L130: //#region src/discord/api.ts L131: const DISCORD_API_BASE = "https://discord.com/api/v10"; L132: const DISCORD_API_RETRY_DEFAULTS = { ... L141: try { L142: const payload = JSON.parse(trimmed); L143: if (payload && typeof payload === "object") return payload; ... L543: for (const guild of guilds) { L544: const paramsObj = new URLSearchParams({ L545: query,
Critical
Trigger Reachable Dangerous Capability

A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.

dist/send-pgDAogV8.jsView on unpkg · L15
scripts/start-managed.shView file
path = scripts/start-managed.sh kind = build_helper sizeBytes = 56771 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

scripts/start-managed.shView on unpkg
dist/pi-embedded-IqgbZA5l.jsView file
path = dist/pi-embedded-IqgbZA5l.js kind = oversized_source_file sizeBytes = 4594561 magicHex = [redacted]
High
Oversized Source File

Package contains source files above the static scanner size ceiling.

dist/pi-embedded-IqgbZA5l.jsView on unpkg
dist/node-cli-DniBkXLM.jsView file
matchType = previous_version_dangerous_delta matchedPackage = @fased/fased@0.1.13 matchedIdentity = npm:QGZhc2VkL2Zhc2Vk:0.1.13 similarity = 0.867 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/node-cli-DniBkXLM.jsView on unpkg
docs/zh-CN/gateway/tailscale.mdView file
80patternName = generic_password severity = medium line = 80 matchedText = auth: { ..." },
Medium
Secret Pattern

Hardcoded password in docs/zh-CN/gateway/tailscale.md

docs/zh-CN/gateway/tailscale.mdView on unpkg · L80
docs/zh-CN/gateway/configuration.mdView file
3027patternName = generic_password severity = medium line = 3027 matchedText = password...rd",
Medium
Secret Pattern

Hardcoded password in docs/zh-CN/gateway/configuration.md

docs/zh-CN/gateway/configuration.mdView on unpkg · L3027
docs/zh-CN/channels/bluebubbles.mdView file
43patternName = generic_password severity = medium line = 43 matchedText = password...rd",
Medium
Secret Pattern

Hardcoded password in docs/zh-CN/channels/bluebubbles.md

docs/zh-CN/channels/bluebubbles.mdView on unpkg · L43
docs/gateway/tailscale.mdView file
128patternName = generic_password severity = medium line = 128 matchedText = auth: { ..." },
Medium
Secret Pattern

Hardcoded password in docs/gateway/tailscale.md

docs/gateway/tailscale.mdView on unpkg · L128
docs/gateway/configuration-reference.mdView file
629patternName = generic_password severity = medium line = 629 matchedText = password...D}",
Medium
Secret Pattern

Hardcoded password in docs/gateway/configuration-reference.md

docs/gateway/configuration-reference.mdView on unpkg · L629
2371patternName = generic_password severity = medium line = 2371 matchedText = // passw...WORD
Medium
Secret Pattern

Hardcoded password in docs/gateway/configuration-reference.md

docs/gateway/configuration-reference.mdView on unpkg · L2371
2398patternName = generic_password severity = medium line = 2398 matchedText = // passw...rd",
Medium
Secret Pattern

Hardcoded password in docs/gateway/configuration-reference.md

docs/gateway/configuration-reference.mdView on unpkg · L2398
docs/channels/bluebubbles.mdView file
51patternName = generic_password severity = medium line = 51 matchedText = password...rd",
Medium
Secret Pattern

Hardcoded password in docs/channels/bluebubbles.md

docs/channels/bluebubbles.mdView on unpkg · L51
extensions/irc/src/client.test.tsView file
39patternName = generic_password severity = medium line = 39 matchedText = password...ad",
Medium
Secret Pattern

Hardcoded password in extensions/irc/src/client.test.ts

extensions/irc/src/client.test.tsView on unpkg · L39
extensions/bluebubbles/src/attachments.test.tsView file
90patternName = generic_password severity = medium line = 90 matchedText = password...rd",
Medium
Secret Pattern

Hardcoded password in extensions/bluebubbles/src/attachments.test.ts

extensions/bluebubbles/src/attachments.test.tsView on unpkg · L90
100patternName = generic_password severity = medium line = 100 matchedText = password...rd",
Medium
Secret Pattern

Hardcoded password in extensions/bluebubbles/src/attachments.test.ts

extensions/bluebubbles/src/attachments.test.tsView on unpkg · L100
132patternName = generic_password severity = medium line = 132 matchedText = password...rd",
Medium
Secret Pattern

Hardcoded password in extensions/bluebubbles/src/attachments.test.ts

extensions/bluebubbles/src/attachments.test.tsView on unpkg · L132
154patternName = generic_password severity = medium line = 154 matchedText = password...rd",
Medium
Secret Pattern

Hardcoded password in extensions/bluebubbles/src/attachments.test.ts

extensions/bluebubbles/src/attachments.test.tsView on unpkg · L154
260patternName = generic_password severity = medium line = 260 matchedText = password...rd",
Medium
Secret Pattern

Hardcoded password in extensions/bluebubbles/src/attachments.test.ts

extensions/bluebubbles/src/attachments.test.tsView on unpkg · L260
extensions/bluebubbles/src/send.test.tsView file
733patternName = generic_password severity = medium line = 733 matchedText = password...ss",
Medium
Secret Pattern

Hardcoded password in extensions/bluebubbles/src/send.test.ts

extensions/bluebubbles/src/send.test.tsView on unpkg · L733
extensions/bluebubbles/src/monitor.test.tsView file
303patternName = generic_password severity = medium line = 303 matchedText = password...rd",
Medium
Secret Pattern

Hardcoded password in extensions/bluebubbles/src/monitor.test.ts

extensions/bluebubbles/src/monitor.test.tsView on unpkg · L303
563patternName = generic_password severity = medium line = 563 matchedText = const ac... });
Medium
Secret Pattern

Hardcoded password in extensions/bluebubbles/src/monitor.test.ts

extensions/bluebubbles/src/monitor.test.tsView on unpkg · L563
599patternName = generic_password severity = medium line = 599 matchedText = const ac... });
Medium
Secret Pattern

Hardcoded password in extensions/bluebubbles/src/monitor.test.ts

extensions/bluebubbles/src/monitor.test.tsView on unpkg · L599
639patternName = generic_password severity = medium line = 639 matchedText = const ac... });
Medium
Secret Pattern

Hardcoded password in extensions/bluebubbles/src/monitor.test.ts

extensions/bluebubbles/src/monitor.test.tsView on unpkg · L639
674patternName = generic_password severity = medium line = 674 matchedText = const ac... });
Medium
Secret Pattern

Hardcoded password in extensions/bluebubbles/src/monitor.test.ts

extensions/bluebubbles/src/monitor.test.tsView on unpkg · L674
675patternName = generic_password severity = medium line = 675 matchedText = const ac... });
Medium
Secret Pattern

Hardcoded password in extensions/bluebubbles/src/monitor.test.ts

extensions/bluebubbles/src/monitor.test.tsView on unpkg · L675
728patternName = generic_password severity = medium line = 728 matchedText = const ac... });
Medium
Secret Pattern

Hardcoded password in extensions/bluebubbles/src/monitor.test.ts

extensions/bluebubbles/src/monitor.test.tsView on unpkg · L728
782patternName = generic_password severity = medium line = 782 matchedText = const ac... });
Medium
Secret Pattern

Hardcoded password in extensions/bluebubbles/src/monitor.test.ts

extensions/bluebubbles/src/monitor.test.tsView on unpkg · L782
3088patternName = generic_password severity = medium line = 3088 matchedText = ...creat... }),
Medium
Secret Pattern

Hardcoded password in extensions/bluebubbles/src/monitor.test.ts

extensions/bluebubbles/src/monitor.test.tsView on unpkg · L3088
3092patternName = generic_password severity = medium line = 3092 matchedText = ...creat... }),
Medium
Secret Pattern

Hardcoded password in extensions/bluebubbles/src/monitor.test.ts

extensions/bluebubbles/src/monitor.test.tsView on unpkg · L3092
extensions/bluebubbles/src/actions.test.tsView file
54patternName = generic_password severity = medium line = 54 matchedText = password...rd",
Medium
Secret Pattern

Hardcoded password in extensions/bluebubbles/src/actions.test.ts

extensions/bluebubbles/src/actions.test.tsView on unpkg · L54
95patternName = generic_password severity = medium line = 95 matchedText = password...rd",
Medium
Secret Pattern

Hardcoded password in extensions/bluebubbles/src/actions.test.ts

extensions/bluebubbles/src/actions.test.tsView on unpkg · L95
109patternName = generic_password severity = medium line = 109 matchedText = password...rd",
Medium
Secret Pattern

Hardcoded password in extensions/bluebubbles/src/actions.test.ts

extensions/bluebubbles/src/actions.test.tsView on unpkg · L109
128patternName = generic_password severity = medium line = 128 matchedText = password...rd",
Medium
Secret Pattern

Hardcoded password in extensions/bluebubbles/src/actions.test.ts

extensions/bluebubbles/src/actions.test.tsView on unpkg · L128
207patternName = generic_password severity = medium line = 207 matchedText = password...rd",
Medium
Secret Pattern

Hardcoded password in extensions/bluebubbles/src/actions.test.ts

extensions/bluebubbles/src/actions.test.tsView on unpkg · L207

Findings

3 Critical4 High36 Medium7 Low
CriticalCommand Output Exfiltrationdist/send-BfoWn2uU.js
CriticalTrigger Reachable Dangerous Capabilitydist/send-pgDAogV8.js
CriticalPrevious Version Dangerous Deltadist/node-cli-DniBkXLM.js
HighChild Processdist/paths-CcTInsz7.js
HighShelldist/daemon-cli.js
HighSandbox Evasion Gated Capabilitydist/daemon-cli.js
HighOversized Source Filedist/pi-embedded-IqgbZA5l.js
MediumDynamic Requiredist/query-expansion-aFF5iDSy.js
MediumNetwork
MediumEnvironment Vars
MediumInstall Persistencedist/daemon-cli.js
MediumShips Build Helperscripts/start-managed.sh
MediumStructural Risk Force Deep Review
MediumSecret Patterndocs/zh-CN/gateway/tailscale.md
MediumSecret Patterndocs/zh-CN/gateway/configuration.md
MediumSecret Patterndocs/zh-CN/channels/bluebubbles.md
MediumSecret Patterndocs/gateway/tailscale.md
MediumSecret Patterndocs/gateway/configuration-reference.md
MediumSecret Patterndocs/gateway/configuration-reference.md
MediumSecret Patterndocs/gateway/configuration-reference.md
MediumSecret Patterndocs/channels/bluebubbles.md
MediumSecret Patternextensions/irc/src/client.test.ts
MediumSecret Patternextensions/bluebubbles/src/attachments.test.ts
MediumSecret Patternextensions/bluebubbles/src/attachments.test.ts
MediumSecret Patternextensions/bluebubbles/src/attachments.test.ts
MediumSecret Patternextensions/bluebubbles/src/attachments.test.ts
MediumSecret Patternextensions/bluebubbles/src/attachments.test.ts
MediumSecret Patternextensions/bluebubbles/src/send.test.ts
MediumSecret Patternextensions/bluebubbles/src/monitor.test.ts
MediumSecret Patternextensions/bluebubbles/src/monitor.test.ts
MediumSecret Patternextensions/bluebubbles/src/monitor.test.ts
MediumSecret Patternextensions/bluebubbles/src/monitor.test.ts
MediumSecret Patternextensions/bluebubbles/src/monitor.test.ts
MediumSecret Patternextensions/bluebubbles/src/monitor.test.ts
MediumSecret Patternextensions/bluebubbles/src/monitor.test.ts
MediumSecret Patternextensions/bluebubbles/src/monitor.test.ts
MediumSecret Patternextensions/bluebubbles/src/monitor.test.ts
MediumSecret Patternextensions/bluebubbles/src/monitor.test.ts
MediumSecret Patternextensions/bluebubbles/src/actions.test.ts
MediumSecret Patternextensions/bluebubbles/src/actions.test.ts
MediumSecret Patternextensions/bluebubbles/src/actions.test.ts
MediumSecret Patternextensions/bluebubbles/src/actions.test.ts
MediumSecret Patternextensions/bluebubbles/src/actions.test.ts
LowNon Install Lifecycle Scripts
LowScripts Present
LowEval
LowWeak Cryptoextensions/voice-call/src/webhook-security.ts
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings