registry  /  @jami-studio/core  /  0.92.16

@jami-studio/core@0.92.16

Framework for agent-native application development — where AI agents and UI share SQL state, actions, and context

AI Security Review

scanned 2h ago · by lpm-firewall-ai

Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.

Static reason
High-risk behavior combination matched malicious policy.; previous stored version diff introduced dangerous source
Trigger
User runs `agent-native skills add context-xray` or `agent-native recap setup`.
Impact
User-invoked changes to local AI-agent control surfaces and repository CI configuration.
Mechanism
Explicit agent-control and workflow configuration writes.
Rationale
Source inspection disproves the scanner's install-time credential-exfiltration claim: the workflow uses secret-presence checks and explicit authenticated CLI requests. The explicit agent-configuration installer remains a policy-relevant capability, so warn rather than block.
Evidence
package.jsonbin/agent-native.jsdist/cli/context-xray-local.jsdist/cli/skills.jsdist/cli/recap.jsdist/cli/pr-visual-recap-workflow.js~/.codex/skills/context-xray/SKILL.md~/.claude/skills/context-xray/SKILL.md.github/workflows/pr-visual-recap.yml

Decision evidence

public snapshot
AI called this Suspicious at 90.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `dist/cli/context-xray-local.js` installs executable and agent skill/command files.
  • Explicit `skills add context-xray` can write `~/.codex` or `~/.claude` instructions.
  • `dist/cli/recap.js` explicitly writes a GitHub Actions workflow on `recap setup`.
Evidence against
  • `package.json` has no preinstall/install/postinstall/prepare hook.
  • `bin/agent-native.js` only dispatches CLI code or a local source fallback.
  • Context X-Ray states it reads local transcripts and has no network calls beyond a font URL.
  • Recap network requests are explicit CLI/CI operations to GitHub or the configured plan app.
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsEvalFilesystemNativeBindingsNetworkShellWebSocket
Supply chain
HighEntropyStringsMinifiedTelemetryUrlStrings
ManifestNo manifest risk signals triggered.
scanned 5,017 file(s), 47.9 MB of source, external domains: 127.0.0.1, accounts.google.com, agent-native-artifact.invalid, agent-native.invalid, agent-native.local, aistudio.google.com, amplitude.com, an.invalid, analytics.example.com, analytics.jami.studio, analytics.local, analyticsdata.googleapis.com, api.anthropic.com, api.apollo.io, api.brandfetch.io, api.builder.io, api.commonroom.io, api.dataforseo.com, api.exa.ai, api.example.com, api.figma.com, api.firecrawl.dev, api.github.com, api.gong.io, api.groq.com, api.hubapi.com, api.logo.dev, api.mixpanel.com, api.notion.com, api.openai.com, api.resend.com, api.search.brave.com, api.sendgrid.com, api.slack.com, api.stripe.com, api.tavily.com, api.telegram.org, api.twitterapi.io, api.usepylon.com, api.zoom.us, api2.amplitude.com, apis.google.com, app.apollo.io, app.gong.io, app.posthog.com, app.sendgrid.com, assets.jami.studio, bigquery.googleapis.com, brain.jami.studio, brave.com

Source & flagged code

32 flagged · loading source
dist/server/onboarding-html.jsView file
70patternName = generic_password severity = medium line = 70 matchedText = password...rd",
Medium
Secret Pattern

Package contains a possible secret pattern.

dist/server/onboarding-html.jsView on unpkg · L70
330patternName = generic_password severity = medium line = 330 matchedText = password...ña",
Medium
Secret Pattern

Hardcoded password in dist/server/onboarding-html.js

dist/server/onboarding-html.jsView on unpkg · L330
416patternName = generic_password severity = medium line = 416 matchedText = password...se",
Medium
Secret Pattern

Hardcoded password in dist/server/onboarding-html.js

dist/server/onboarding-html.jsView on unpkg · L416
502patternName = generic_password severity = medium line = 502 matchedText = password...rt",
Medium
Secret Pattern

Hardcoded password in dist/server/onboarding-html.js

dist/server/onboarding-html.jsView on unpkg · L502
932patternName = generic_password severity = medium line = 932 matchedText = password...ور",
Medium
Secret Pattern

Hardcoded password in dist/server/onboarding-html.js

dist/server/onboarding-html.jsView on unpkg · L932
bin/agent-native.jsView file
2L3: import { spawn } from "node:child_process"; L4: import { existsSync, statSync } from "node:fs";
High
Child Process

Package source references child process execution.

bin/agent-native.jsView on unpkg · L2
34if (!shouldUseSourceFallback() && existsSync(distEntry)) { L35: await import(pathToFileURL(distEntry).href); L36: } else {
Medium
Dynamic Require

Package source references dynamic require/import behavior.

bin/agent-native.jsView on unpkg · L34
dist/coding-tools/index.jsView file
307cwd, L308: shell: true, L309: stdio: ["pipe", "pipe", "pipe"],
High
Shell

Package source references shell execution.

dist/coding-tools/index.jsView on unpkg · L307
dist/server/prompts/framework-core.jsView file
35const securityRule = hasDatabaseWrites L36: ? "7. **Security** — Always use `defineAction` with a Zod `schema:` for input validation. Never construct SQL with string concatenation — use parameterized queries via db-query/db-... L37: : hasDatabaseTools
High
Eval

Package source references dynamic code evaluation.

dist/server/prompts/framework-core.jsView on unpkg · L35
corpus/core/src/cli/migrate.tsView file
16const __filename = fileURLToPath(import.meta.url); L17: const __dirname = path.dirname(__filename); L18: ... L32: "COHERE_API_KEY", L33: "BUILDER_PRIVATE_KEY", L34: ]; ... L86: redirects: Array<Record<string, unknown>>; L87: metadata: Record<string, unknown>; L88: }; ... L592: ` App: ${appDir}`, L593: ` URL: http://localhost:${MIGRATION_DEV_PORT}/`, L594: "",
Low
Weak Crypto

Package source references weak cryptographic algorithms.

corpus/core/src/cli/migrate.tsView on unpkg · L16
dist/terminal/pty-server.jsView file
84} L85: export async function createPtyWebSocketServer(options = {}) { L86: const { appDir = process.cwd(), command: defaultCommand = "claude", port = 0, authCheck, logPrefix = "[terminal]", } = options; ... L90: const resolvedAppDir = path.resolve(appDir); L91: const shell = os.platform() === "win32" ? "cmd.exe" : process.env.SHELL || "/bin/zsh"; L92: const server = createHttpServer((req, res) => {
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

dist/terminal/pty-server.jsView on unpkg · L84
dist/cli/pr-visual-recap-workflow.jsView file
7*/ L8: export const PR_VISUAL_RECAP_WORKFLOW_YML = 'name: PR Visual Recap\n\n# Visual code review: a coding agent runs the repo\'s visual-recap skill over the\n# PR diff, publishes a plan... L9: //# sourceMappingURL=pr-visual-recap-workflow.js.map
Critical
Credential Exfiltration

Source appears to send environment or credential material to an external endpoint.

dist/cli/pr-visual-recap-workflow.jsView on unpkg · L7
7Trigger-reachable chain: manifest.exports -> dist/cli/skills.js -> dist/cli/recap.js -> dist/cli/pr-visual-recap-workflow.js L7: */ L8: export const PR_VISUAL_RECAP_WORKFLOW_YML = 'name: PR Visual Recap\n\n# Visual code review: a coding agent runs the repo\'s visual-recap skill over the\n# PR diff, publishes a plan... L9: //# sourceMappingURL=pr-visual-recap-workflow.js.map
Critical
Trigger Reachable Dangerous Capability

A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.

dist/cli/pr-visual-recap-workflow.jsView on unpkg · L7
dist/server/design-token-utils.jsView file
3* L4: * Pure functions for parsing Tailwind configs, CSS files, package.json, L5: * documents, and URLs to extract colors, fonts, spacing, border-radius, ... L129: throw new Error("Could not parse GitHub owner/repo from URL. " + L130: 'Expected format: "https://github.com/org/repo", "org/repo", or "git@github.com:org/repo.git"'); L131: } ... L150: try { L151: const body = (await res.json()); L152: if (typeof body.message === "string") ... L164: } L165: return { ok: false, status: res.status, data: null, message }; L166: }
High
Cloud Metadata Access

Source reaches cloud instance metadata or link-local credential endpoints.

dist/server/design-token-utils.jsView on unpkg · L3
dist/cli/index.jsView file
1Cross-file remote execution chain: dist/cli/index.js spawns dist/deploy/build.js; helper contains network access plus dynamic code execution. L1: #!/usr/bin/env node L2: import { execSync, spawn } from "child_process"; L3: import fs from "fs"; ... L11: try { L12: const __dirname = path.dirname(fileURLToPath(import.meta.url)); L13: // dist/cli/index.js → ../../package.json L14: const pkg = JSON.parse(fs.readFileSync(path.resolve(__dirname, "../../package.json"), "utf-8")); L15: _version = pkg.version; ... L26: console.error(`agent-native requires Node.js ${REQUIRED_NODE_MAJOR} or newer, but you're on Node ${process.versions.node}.\n` + L27: `Upgrade Node (https://nodejs.org) and re-run. With nvm: \`nvm install ${REQUIRED_NODE_MAJOR}\`.`); L28: process.exit(1); ... L113: }
High
Cross File Remote Execution Context

Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.

dist/cli/index.jsView on unpkg · L1
dist/deploy/build.jsView file
matchType = previous_version_dangerous_delta matchedPackage = @jami-studio/core@0.92.13 matchedIdentity = npm:QGphbWktc3R1ZGlvL2NvcmU:0.92.13 similarity = 0.983 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/deploy/build.jsView on unpkg
corpus/core/src/server/onboarding-html.tsView file
93patternName = generic_password severity = medium line = 93 matchedText = password...rd",
Medium
Secret Pattern

Hardcoded password in corpus/core/src/server/onboarding-html.ts

corpus/core/src/server/onboarding-html.tsView on unpkg · L93
367patternName = generic_password severity = medium line = 367 matchedText = password...ña",
Medium
Secret Pattern

Hardcoded password in corpus/core/src/server/onboarding-html.ts

corpus/core/src/server/onboarding-html.tsView on unpkg · L367
464patternName = generic_password severity = medium line = 464 matchedText = password...se",
Medium
Secret Pattern

Hardcoded password in corpus/core/src/server/onboarding-html.ts

corpus/core/src/server/onboarding-html.tsView on unpkg · L464
562patternName = generic_password severity = medium line = 562 matchedText = password...rt",
Medium
Secret Pattern

Hardcoded password in corpus/core/src/server/onboarding-html.ts

corpus/core/src/server/onboarding-html.tsView on unpkg · L562
1037patternName = generic_password severity = medium line = 1037 matchedText = password...ور",
Medium
Secret Pattern

Hardcoded password in corpus/core/src/server/onboarding-html.ts

corpus/core/src/server/onboarding-html.tsView on unpkg · L1037
corpus/templates/clips/app/i18n/fr-FR.tsView file
1400patternName = generic_password severity = medium line = 1400 matchedText = password...se",
Medium
Secret Pattern

Hardcoded password in corpus/templates/clips/app/i18n/fr-FR.ts

corpus/templates/clips/app/i18n/fr-FR.tsView on unpkg · L1400
corpus/templates/clips/app/i18n/ar-SA.tsView file
1376patternName = generic_password severity = medium line = 1376 matchedText = password...ور",
Medium
Secret Pattern

Hardcoded password in corpus/templates/clips/app/i18n/ar-SA.ts

corpus/templates/clips/app/i18n/ar-SA.tsView on unpkg · L1376
corpus/templates/clips/app/i18n/de-DE.tsView file
1405patternName = generic_password severity = medium line = 1405 matchedText = password...rt",
Medium
Secret Pattern

Hardcoded password in corpus/templates/clips/app/i18n/de-DE.ts

corpus/templates/clips/app/i18n/de-DE.tsView on unpkg · L1405
corpus/templates/clips/app/i18n/en-US.tsView file
1366patternName = generic_password severity = medium line = 1366 matchedText = password...rd",
Medium
Secret Pattern

Hardcoded password in corpus/templates/clips/app/i18n/en-US.ts

corpus/templates/clips/app/i18n/en-US.tsView on unpkg · L1366
corpus/templates/clips/app/i18n/es-ES.tsView file
1398patternName = generic_password severity = medium line = 1398 matchedText = password...ña",
Medium
Secret Pattern

Hardcoded password in corpus/templates/clips/app/i18n/es-ES.ts

corpus/templates/clips/app/i18n/es-ES.tsView on unpkg · L1398
corpus/templates/plan/app/i18n/fr-FR.tsView file
472patternName = generic_password severity = medium line = 472 matchedText = password...se",
Medium
Secret Pattern

Hardcoded password in corpus/templates/plan/app/i18n/fr-FR.ts

corpus/templates/plan/app/i18n/fr-FR.tsView on unpkg · L472
corpus/templates/plan/app/i18n/ar-SA.tsView file
639patternName = generic_password severity = medium line = 639 matchedText = password...ور",
Medium
Secret Pattern

Hardcoded password in corpus/templates/plan/app/i18n/ar-SA.ts

corpus/templates/plan/app/i18n/ar-SA.tsView on unpkg · L639
corpus/templates/plan/app/i18n/de-DE.tsView file
651patternName = generic_password severity = medium line = 651 matchedText = password...rt",
Medium
Secret Pattern

Hardcoded password in corpus/templates/plan/app/i18n/de-DE.ts

corpus/templates/plan/app/i18n/de-DE.tsView on unpkg · L651
corpus/templates/plan/app/i18n/en-US.tsView file
629patternName = generic_password severity = medium line = 629 matchedText = password...rd",
Medium
Secret Pattern

Hardcoded password in corpus/templates/plan/app/i18n/en-US.ts

corpus/templates/plan/app/i18n/en-US.tsView on unpkg · L629
corpus/templates/plan/app/i18n/es-ES.tsView file
470patternName = generic_password severity = medium line = 470 matchedText = password...ña",
Medium
Secret Pattern

Hardcoded password in corpus/templates/plan/app/i18n/es-ES.ts

corpus/templates/plan/app/i18n/es-ES.tsView on unpkg · L470
corpus/templates/analytics/server/lib/demo-source.tsView file
28patternName = generic_password severity = medium line = 28 matchedText = password...RD",
Medium
Secret Pattern

Hardcoded password in corpus/templates/analytics/server/lib/demo-source.ts

corpus/templates/analytics/server/lib/demo-source.tsView on unpkg · L28

Findings

3 Critical6 High25 Medium7 Low
CriticalCredential Exfiltrationdist/cli/pr-visual-recap-workflow.js
CriticalTrigger Reachable Dangerous Capabilitydist/cli/pr-visual-recap-workflow.js
CriticalPrevious Version Dangerous Deltadist/deploy/build.js
HighChild Processbin/agent-native.js
HighShelldist/coding-tools/index.js
HighEvaldist/server/prompts/framework-core.js
HighSame File Env Network Executiondist/terminal/pty-server.js
HighCloud Metadata Accessdist/server/design-token-utils.js
HighCross File Remote Execution Contextdist/cli/index.js
MediumSecret Patterndist/server/onboarding-html.js
MediumDynamic Requirebin/agent-native.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
MediumSecret Patterndist/server/onboarding-html.js
MediumSecret Patterndist/server/onboarding-html.js
MediumSecret Patterndist/server/onboarding-html.js
MediumSecret Patterndist/server/onboarding-html.js
MediumSecret Patterncorpus/core/src/server/onboarding-html.ts
MediumSecret Patterncorpus/core/src/server/onboarding-html.ts
MediumSecret Patterncorpus/core/src/server/onboarding-html.ts
MediumSecret Patterncorpus/core/src/server/onboarding-html.ts
MediumSecret Patterncorpus/core/src/server/onboarding-html.ts
MediumSecret Patterncorpus/templates/clips/app/i18n/fr-FR.ts
MediumSecret Patterncorpus/templates/clips/app/i18n/ar-SA.ts
MediumSecret Patterncorpus/templates/clips/app/i18n/de-DE.ts
MediumSecret Patterncorpus/templates/clips/app/i18n/en-US.ts
MediumSecret Patterncorpus/templates/clips/app/i18n/es-ES.ts
MediumSecret Patterncorpus/templates/plan/app/i18n/fr-FR.ts
MediumSecret Patterncorpus/templates/plan/app/i18n/ar-SA.ts
MediumSecret Patterncorpus/templates/plan/app/i18n/de-DE.ts
MediumSecret Patterncorpus/templates/plan/app/i18n/en-US.ts
MediumSecret Patterncorpus/templates/plan/app/i18n/es-ES.ts
MediumSecret Patterncorpus/templates/analytics/server/lib/demo-source.ts
LowNon Install Lifecycle Scripts
LowScripts Present
LowWeak Cryptocorpus/core/src/cli/migrate.ts
LowFilesystem
LowHigh Entropy Strings
LowTelemetry
LowUrl Strings