registry  /  @fased/fased  /  0.1.17

@fased/fased@0.1.17

Fased Agent self-hosted AI gateway with channels, tools, plugins, and operator modules

AI Security Review

scanned 2h ago · by lpm-firewall-ai

Install-time lifecycle code rewrites the enclosing Git repository hook path. This is an unconsented VCS control-surface mutation during npm lifecycle execution.

Static reason
High-risk behavior combination matched malicious policy.; previous stored version diff introduced dangerous source
Trigger
npm lifecycle prepare during install from a git/local source or other prepare-running install mode inside a Git worktree
Impact
Can redirect or disable project Git hooks and establishes lifecycle-driven persistence/control over VCS hook behavior.
Mechanism
git config core.hooksPath rewrite
Rationale
Source inspection confirms lifecycle-triggered Git configuration mutation rather than a user-invoked CLI operation. The scanner's remote execution label was not confirmed, but the prepare hook is sufficient for a block under the VCS persistence policy. Product guard normalized prepare-only VCS hook persistence to warn-only suspicious because prepare is not a normal registry install trigger without stronger abuse evidence.
Evidence
package.jsonfased.mjsdist/agent-scope-Cb1u7HE7.jsdist/agent-scope-DHrLr5OF.jsdist/register.start-BbpJgyXr.jsdist/daemon-cli.js.git/configgit-hooks

Decision evidence

public snapshot
AI called this Suspicious at 92.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • package.json has lifecycle prepare hook: git config core.hooksPath git-hooks
  • prepare runs git rev-parse from install cwd and can mutate the enclosing consumer repo config
  • No git-hooks directory is shipped, so the hook path rewrite is not a guarded package-owned extension install
Evidence against
  • fased.mjs only bootstraps dist entry on explicit CLI execution
  • dist/agent-scope-Cb1u7HE7.js network/API code appears tied to configured AI providers and OAuth flows
  • Scanner remote-decode hint maps to Buffer.from(base64url) JWT parsing, not confirmed remote code execution
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsEvalFilesystemNativeBindingsNetworkShellWebSocket
Supply chain
HighEntropyStringsMinifiedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 1,513 file(s), 36.5 MB of source, external domains: 127.0.0.1, 192.168.1.100, 192.168.1.5, accounts.google.com, agent.example.com, ai-gateway.vercel.sh, aistudio.google.com, albumart.url, api.anthropic.com, api.botframework.com, api.chutes.ai, api.devnet.solana.com, api.elevenlabs.io, api.example.com, api.firecrawl.dev, api.github.com, api.individual.githubcopilot.com, api.jup.ag, api.kimi.com, api.mainnet-beta.solana.com, api.minimax.io, api.minimaxi.com, api.mistral.ai, api.moonshot.ai, api.moonshot.cn, api.openai.com, api.perplexity.ai, api.plivo.com, api.push.apple.com, api.sandbox.push.apple.com, api.synthetic.new, api.telegram.org, api.telnyx.com, api.together.xyz, api.twilio.com, api.venice.ai, api.voyageai.com, api.x.ai, api.xiaomimimo.com, api.z.ai, ark.ap-southeast.bytepluses.com, ark.cn-beijing.volces.com, arweave.net, auth.x.ai, autopush-cloudcode-pa.sandbox.googleapis.com, bot-api.zaloplatforms.com, bot.zaloplatforms.com, brave.com, brew.sh, bun.sh
Oversized source lightweight scan
dist/auth-CqkGNO1B.js4.38 MB file, sampled 256 KB
FilesystemNetworkChildProcessEnvironmentVarsCryptoShellWebSocketUrlStringsapi.telegram.orgdocs.fased.ai
dist/model-catalog-B3hPEPfU.js4.48 MB file, sampled 256 KB
FilesystemNetworkChildProcessEnvironmentVarsCryptoShellWebSocketHighEntropyStringsUrlStringsapi.elevenlabs.ioapi.openai.comapi.telegram.org
dist/pi-embedded-B-qXRnRI.js4.38 MB file, sampled 256 KB
FilesystemNetworkChildProcessEnvironmentVarsCryptoShellWebSocketHighEntropyStringsUrlStringsapi.anthropic.comapi.elevenlabs.ioapi.openai.comchatgpt.comdocs.fased.aigithub.comopenrouter.ai
dist/pi-embedded-BZv4Mjvw.js4.38 MB file, sampled 256 KB
FilesystemNetworkChildProcessEnvironmentVarsCryptoShellWebSocketHighEntropyStringsUrlStringsapi.anthropic.comapi.elevenlabs.ioapi.openai.comchatgpt.comdocs.fased.aigithub.comopenrouter.ai
dist/plugin-sdk/reply-BlEQIxRB.js4.39 MB file, sampled 256 KB
FilesystemNetworkChildProcessEnvironmentVarsCryptoShellWebSocketHighEntropyStringsUrlStringsdocs.fased.aiexample.com
dist/plugin-sdk/status-C5KavVSM.js4.38 MB file, sampled 256 KB
FilesystemNetworkChildProcessEnvironmentVarsCryptoShellWebSocketHighEntropyStringsUrlStrings127.0.0.1arweave.netipfs.iolite-api.jup.ag
dist/reply-jd1xrxXq.js4.48 MB file, sampled 256 KB
FilesystemNetworkChildProcessEnvironmentVarsCryptoShellWebSocketHighEntropyStringsUrlStrings127.0.0.1api.devnet.solana.comapi.mainnet-beta.solana.comapi.minimax.ioexample.com

Source & flagged code

41 flagged · loading source
dist/register.start-BbpJgyXr.jsView file
10import { i as resolveGatewayStartupMode } from "./daemon-install-helpers-xM3QqMXu.js"; L11: import { spawn } from "node:child_process"; L12:
High
Child Process

Package source references child process execution.

dist/register.start-BbpJgyXr.jsView on unpkg · L10
dist/daemon-cli.jsView file
805const isWindows = process.platform === "win32"; L806: return await execFileUtf8(isWindows ? process.env.ComSpec ?? "cmd.exe" : "launchctl", isWindows ? [ L807: "/d",
High
Shell

Package source references shell execution.

dist/daemon-cli.jsView on unpkg · L805
38import fs$1 from "node:fs/promises"; L39: import { execFile, spawn } from "node:child_process"; L40: import { fileURLToPath } from "node:url"; ... L88: for (const basename of MANAGED_SCRIPT_BASENAMES) { L89: const cwdCandidate = path.resolve(process.cwd(), "scripts", basename); L90: seen.add(cwdCandidate); ... L195: const { execFileSync } = await import("node:child_process"); L196: const cmd = process.platform === "win32" ? "where" : "which"; L197: try { ... L202: } catch { L203: if (binary === "bun") throw new Error("Bun not found in PATH. Install bun: https://bun.sh"); L204: throw new Error("Node not found in PATH. Install Node 22+.");
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

dist/daemon-cli.jsView on unpkg · L38
38import fs$1 from "node:fs/promises"; L39: import { execFile, spawn } from "node:child_process"; L40: import { fileURLToPath } from "node:url"; ... L88: for (const basename of MANAGED_SCRIPT_BASENAMES) { L89: const cwdCandidate = path.resolve(process.cwd(), "scripts", basename); L90: seen.add(cwdCandidate); ... L195: const { execFileSync } = await import("node:child_process"); L196: const cmd = process.platform === "win32" ? "where" : "which"; L197: try { ... L202: } catch { L203: if (binary === "bun") throw new Error("Bun not found in PATH. Install bun: https://bun.sh"); L204: throw new Error("Node not found in PATH. Install Node 22+.");
Medium
Install Persistence

Source writes installer persistence such as shell profile or service configuration.

dist/daemon-cli.jsView on unpkg · L38
dist/agent-scope-Cb1u7HE7.jsView file
14import dotenv from "dotenv"; L15: import { execFile, execFileSync, spawn } from "node:child_process"; L16: import { Readable } from "node:stream"; ... L21: import { getOAuthApiKey, getOAuthProviders } from "@mariozechner/pi-ai"; L22: import { createServer } from "node:http"; L23: import AjvPkg from "ajv"; ... L314: consolePatched: false, L315: forceConsoleToStderr: false, L316: consoleTimestampPrefix: false, ... L325: function resolveEnvLogLevelOverride() { L326: const raw = process.env.FASED_LOG_LEVEL; L327: const trimmed = typeof raw === "string" ? raw.trim() : "";
Critical
Remote Asset Decode Execute

Source fetches a remote non-code asset, decodes its contents, and dynamically executes the decoded payload.

dist/agent-scope-Cb1u7HE7.jsView on unpkg · L14
350const createRequire = typeof moduleNamespace.createRequire === "function" ? moduleNamespace.createRequire : null; L351: return createRequire ? createRequire(metaUrl) : null; L352: } catch {
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/agent-scope-Cb1u7HE7.jsView on unpkg · L350
extensions/voice-call/src/webhook-security.tsView file
76* L77: * @see https://www.twilio.[redacted]-security L78: */ ... L82: url: string, L83: params: URLSearchParams, L84: ): boolean { ... L90: L91: // HMAC-SHA1 with auth token, then base64 encode L92: const expectedSignature = crypto
Low
Weak Crypto

Package source references weak cryptographic algorithms.

extensions/voice-call/src/webhook-security.tsView on unpkg · L76
dist/agent-scope-DHrLr5OF.jsView file
Trigger-reachable chain: manifest.main -> dist/index.js -> dist/agent-scope-DHrLr5OF.js Reachable file contains a blocking source-risk pattern.
Critical
Trigger Reachable Dangerous Capability

A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.

dist/agent-scope-DHrLr5OF.jsView on unpkg
scripts/start-managed.shView file
path = scripts/start-managed.sh kind = build_helper sizeBytes = 56771 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

scripts/start-managed.shView on unpkg
dist/plugin-sdk/reply-BlEQIxRB.jsView file
path = dist/plugin-sdk/reply-BlEQIxRB.js kind = oversized_source_file sizeBytes = 4606286 magicHex = [redacted]
High
Oversized Source File

Package contains source files above the static scanner size ceiling.

dist/plugin-sdk/reply-BlEQIxRB.jsView on unpkg
dist/prompt-select-styled-BFIFk4AL.jsView file
matchType = previous_version_dangerous_delta matchedPackage = @fased/fased@0.1.16 matchedIdentity = npm:QGZhc2VkL2Zhc2Vk:0.1.16 similarity = 0.892 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/prompt-select-styled-BFIFk4AL.jsView on unpkg
docs/zh-CN/gateway/tailscale.mdView file
80patternName = generic_password severity = medium line = 80 matchedText = auth: { ..." },
Medium
Secret Pattern

Hardcoded password in docs/zh-CN/gateway/tailscale.md

docs/zh-CN/gateway/tailscale.mdView on unpkg · L80
docs/zh-CN/gateway/configuration.mdView file
3027patternName = generic_password severity = medium line = 3027 matchedText = password...rd",
Medium
Secret Pattern

Hardcoded password in docs/zh-CN/gateway/configuration.md

docs/zh-CN/gateway/configuration.mdView on unpkg · L3027
docs/zh-CN/channels/bluebubbles.mdView file
43patternName = generic_password severity = medium line = 43 matchedText = password...rd",
Medium
Secret Pattern

Hardcoded password in docs/zh-CN/channels/bluebubbles.md

docs/zh-CN/channels/bluebubbles.mdView on unpkg · L43
docs/gateway/tailscale.mdView file
128patternName = generic_password severity = medium line = 128 matchedText = auth: { ..." },
Medium
Secret Pattern

Hardcoded password in docs/gateway/tailscale.md

docs/gateway/tailscale.mdView on unpkg · L128
docs/gateway/configuration-reference.mdView file
629patternName = generic_password severity = medium line = 629 matchedText = password...D}",
Medium
Secret Pattern

Hardcoded password in docs/gateway/configuration-reference.md

docs/gateway/configuration-reference.mdView on unpkg · L629
2371patternName = generic_password severity = medium line = 2371 matchedText = // passw...WORD
Medium
Secret Pattern

Hardcoded password in docs/gateway/configuration-reference.md

docs/gateway/configuration-reference.mdView on unpkg · L2371
2398patternName = generic_password severity = medium line = 2398 matchedText = // passw...rd",
Medium
Secret Pattern

Hardcoded password in docs/gateway/configuration-reference.md

docs/gateway/configuration-reference.mdView on unpkg · L2398
docs/channels/bluebubbles.mdView file
51patternName = generic_password severity = medium line = 51 matchedText = password...rd",
Medium
Secret Pattern

Hardcoded password in docs/channels/bluebubbles.md

docs/channels/bluebubbles.mdView on unpkg · L51
extensions/irc/src/client.test.tsView file
39patternName = generic_password severity = medium line = 39 matchedText = password...ad",
Medium
Secret Pattern

Hardcoded password in extensions/irc/src/client.test.ts

extensions/irc/src/client.test.tsView on unpkg · L39
extensions/bluebubbles/src/attachments.test.tsView file
90patternName = generic_password severity = medium line = 90 matchedText = password...rd",
Medium
Secret Pattern

Hardcoded password in extensions/bluebubbles/src/attachments.test.ts

extensions/bluebubbles/src/attachments.test.tsView on unpkg · L90
100patternName = generic_password severity = medium line = 100 matchedText = password...rd",
Medium
Secret Pattern

Hardcoded password in extensions/bluebubbles/src/attachments.test.ts

extensions/bluebubbles/src/attachments.test.tsView on unpkg · L100
132patternName = generic_password severity = medium line = 132 matchedText = password...rd",
Medium
Secret Pattern

Hardcoded password in extensions/bluebubbles/src/attachments.test.ts

extensions/bluebubbles/src/attachments.test.tsView on unpkg · L132
154patternName = generic_password severity = medium line = 154 matchedText = password...rd",
Medium
Secret Pattern

Hardcoded password in extensions/bluebubbles/src/attachments.test.ts

extensions/bluebubbles/src/attachments.test.tsView on unpkg · L154
260patternName = generic_password severity = medium line = 260 matchedText = password...rd",
Medium
Secret Pattern

Hardcoded password in extensions/bluebubbles/src/attachments.test.ts

extensions/bluebubbles/src/attachments.test.tsView on unpkg · L260
extensions/bluebubbles/src/send.test.tsView file
733patternName = generic_password severity = medium line = 733 matchedText = password...ss",
Medium
Secret Pattern

Hardcoded password in extensions/bluebubbles/src/send.test.ts

extensions/bluebubbles/src/send.test.tsView on unpkg · L733
extensions/bluebubbles/src/monitor.test.tsView file
303patternName = generic_password severity = medium line = 303 matchedText = password...rd",
Medium
Secret Pattern

Hardcoded password in extensions/bluebubbles/src/monitor.test.ts

extensions/bluebubbles/src/monitor.test.tsView on unpkg · L303
563patternName = generic_password severity = medium line = 563 matchedText = const ac... });
Medium
Secret Pattern

Hardcoded password in extensions/bluebubbles/src/monitor.test.ts

extensions/bluebubbles/src/monitor.test.tsView on unpkg · L563
599patternName = generic_password severity = medium line = 599 matchedText = const ac... });
Medium
Secret Pattern

Hardcoded password in extensions/bluebubbles/src/monitor.test.ts

extensions/bluebubbles/src/monitor.test.tsView on unpkg · L599
639patternName = generic_password severity = medium line = 639 matchedText = const ac... });
Medium
Secret Pattern

Hardcoded password in extensions/bluebubbles/src/monitor.test.ts

extensions/bluebubbles/src/monitor.test.tsView on unpkg · L639
674patternName = generic_password severity = medium line = 674 matchedText = const ac... });
Medium
Secret Pattern

Hardcoded password in extensions/bluebubbles/src/monitor.test.ts

extensions/bluebubbles/src/monitor.test.tsView on unpkg · L674
675patternName = generic_password severity = medium line = 675 matchedText = const ac... });
Medium
Secret Pattern

Hardcoded password in extensions/bluebubbles/src/monitor.test.ts

extensions/bluebubbles/src/monitor.test.tsView on unpkg · L675
728patternName = generic_password severity = medium line = 728 matchedText = const ac... });
Medium
Secret Pattern

Hardcoded password in extensions/bluebubbles/src/monitor.test.ts

extensions/bluebubbles/src/monitor.test.tsView on unpkg · L728
782patternName = generic_password severity = medium line = 782 matchedText = const ac... });
Medium
Secret Pattern

Hardcoded password in extensions/bluebubbles/src/monitor.test.ts

extensions/bluebubbles/src/monitor.test.tsView on unpkg · L782
3088patternName = generic_password severity = medium line = 3088 matchedText = ...creat... }),
Medium
Secret Pattern

Hardcoded password in extensions/bluebubbles/src/monitor.test.ts

extensions/bluebubbles/src/monitor.test.tsView on unpkg · L3088
3092patternName = generic_password severity = medium line = 3092 matchedText = ...creat... }),
Medium
Secret Pattern

Hardcoded password in extensions/bluebubbles/src/monitor.test.ts

extensions/bluebubbles/src/monitor.test.tsView on unpkg · L3092
extensions/bluebubbles/src/actions.test.tsView file
54patternName = generic_password severity = medium line = 54 matchedText = password...rd",
Medium
Secret Pattern

Hardcoded password in extensions/bluebubbles/src/actions.test.ts

extensions/bluebubbles/src/actions.test.tsView on unpkg · L54
95patternName = generic_password severity = medium line = 95 matchedText = password...rd",
Medium
Secret Pattern

Hardcoded password in extensions/bluebubbles/src/actions.test.ts

extensions/bluebubbles/src/actions.test.tsView on unpkg · L95
109patternName = generic_password severity = medium line = 109 matchedText = password...rd",
Medium
Secret Pattern

Hardcoded password in extensions/bluebubbles/src/actions.test.ts

extensions/bluebubbles/src/actions.test.tsView on unpkg · L109
128patternName = generic_password severity = medium line = 128 matchedText = password...rd",
Medium
Secret Pattern

Hardcoded password in extensions/bluebubbles/src/actions.test.ts

extensions/bluebubbles/src/actions.test.tsView on unpkg · L128
207patternName = generic_password severity = medium line = 207 matchedText = password...rd",
Medium
Secret Pattern

Hardcoded password in extensions/bluebubbles/src/actions.test.ts

extensions/bluebubbles/src/actions.test.tsView on unpkg · L207

Findings

3 Critical4 High36 Medium7 Low
CriticalRemote Asset Decode Executedist/agent-scope-Cb1u7HE7.js
CriticalTrigger Reachable Dangerous Capabilitydist/agent-scope-DHrLr5OF.js
CriticalPrevious Version Dangerous Deltadist/prompt-select-styled-BFIFk4AL.js
HighChild Processdist/register.start-BbpJgyXr.js
HighShelldist/daemon-cli.js
HighSandbox Evasion Gated Capabilitydist/daemon-cli.js
HighOversized Source Filedist/plugin-sdk/reply-BlEQIxRB.js
MediumDynamic Requiredist/agent-scope-Cb1u7HE7.js
MediumNetwork
MediumEnvironment Vars
MediumInstall Persistencedist/daemon-cli.js
MediumShips Build Helperscripts/start-managed.sh
MediumStructural Risk Force Deep Review
MediumSecret Patterndocs/zh-CN/gateway/tailscale.md
MediumSecret Patterndocs/zh-CN/gateway/configuration.md
MediumSecret Patterndocs/zh-CN/channels/bluebubbles.md
MediumSecret Patterndocs/gateway/tailscale.md
MediumSecret Patterndocs/gateway/configuration-reference.md
MediumSecret Patterndocs/gateway/configuration-reference.md
MediumSecret Patterndocs/gateway/configuration-reference.md
MediumSecret Patterndocs/channels/bluebubbles.md
MediumSecret Patternextensions/irc/src/client.test.ts
MediumSecret Patternextensions/bluebubbles/src/attachments.test.ts
MediumSecret Patternextensions/bluebubbles/src/attachments.test.ts
MediumSecret Patternextensions/bluebubbles/src/attachments.test.ts
MediumSecret Patternextensions/bluebubbles/src/attachments.test.ts
MediumSecret Patternextensions/bluebubbles/src/attachments.test.ts
MediumSecret Patternextensions/bluebubbles/src/send.test.ts
MediumSecret Patternextensions/bluebubbles/src/monitor.test.ts
MediumSecret Patternextensions/bluebubbles/src/monitor.test.ts
MediumSecret Patternextensions/bluebubbles/src/monitor.test.ts
MediumSecret Patternextensions/bluebubbles/src/monitor.test.ts
MediumSecret Patternextensions/bluebubbles/src/monitor.test.ts
MediumSecret Patternextensions/bluebubbles/src/monitor.test.ts
MediumSecret Patternextensions/bluebubbles/src/monitor.test.ts
MediumSecret Patternextensions/bluebubbles/src/monitor.test.ts
MediumSecret Patternextensions/bluebubbles/src/monitor.test.ts
MediumSecret Patternextensions/bluebubbles/src/monitor.test.ts
MediumSecret Patternextensions/bluebubbles/src/actions.test.ts
MediumSecret Patternextensions/bluebubbles/src/actions.test.ts
MediumSecret Patternextensions/bluebubbles/src/actions.test.ts
MediumSecret Patternextensions/bluebubbles/src/actions.test.ts
MediumSecret Patternextensions/bluebubbles/src/actions.test.ts
LowNon Install Lifecycle Scripts
LowScripts Present
LowEval
LowWeak Cryptoextensions/voice-call/src/webhook-security.ts
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings