registry  /  @lebtiga/sonic-agent  /  2.0.19

@lebtiga/sonic-agent@2.0.19

Sonic — a specialized AI agent for building WordPress authority websites at scale. Founders cohort license required.

AI Security Review

scanned 9d ago · by lpm-firewall-ai

No confirmed malicious attack surface is established. The package is a commercial Claude Code plugin thin client with interactive activation, licensed skill-pack download, and optional project metadata sync.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
npm postinstall prompt or user-invoked sonic commands
Impact
Installs Sonic files under ~/.sonic, validates license, fetches verified skill packs, launches Claude Code with the Sonic plugin, and may sync project metadata if enabled.
Mechanism
license-gated Claude Code plugin installer/launcher
Rationale
Static inspection found risky primitives, but they are visible, user-aligned features for installing and launching a licensed Claude Code plugin rather than covert exfiltration or unconsented AI-agent control-surface mutation. The protected skill-pack fetch is hash-verified and license-gated, so unresolved remote functionality exists but is package-aligned and not enough to block this version.
Evidence
package.jsonscripts/postinstall.jsbin/sonic.jslib/installer.jslib/license.jslib/server-validate.jslib/skillpack.jslib/project-sync.js~/.sonic/.license.json~/.sonic/.grant.json~/.sonic/sonic-agent~/.sonic/sonic-skills~/.sonic/sonic-user<project>/.sonic/project.json
Network endpoints4
zjvmclbpjjzsmboptwgk.supabase.co/functions/v1/validate-licensezjvmclbpjjzsmboptwgk.supabase.co/functions/v1/fetch-skillpackzjvmclbpjjzsmboptwgk.supabase.co/functions/v1/skillpack-manifestzjvmclbpjjzsmboptwgk.supabase.co/functions/v1/project-sync

Decision evidence

public snapshot
AI called this Clean at 82.0% confidence as Benign with medium false-positive risk.
Evidence for block
  • postinstall prompts for a Sonic license/email and writes plugin/license data under ~/.sonic via lib/installer.js.
  • bin/sonic.js launches the user-installed Claude CLI with --plugin-dir and optional user-controlled SONIC_SKIP_PERMISSIONS.
  • lib/skillpack.js downloads a licensed skill pack from Supabase and extracts it after SHA-256 verification.
  • lib/project-sync.js sends project/license metadata to Supabase when project sync is enabled.
Evidence against
  • No obfuscated code, eval/Function, native binary loading, or hidden import-time execution found in inspected files.
  • Network endpoints are explicit and aligned with license validation, skill-pack delivery, and dashboard status sync.
  • Install-time behavior is interactive/local setup; it does not silently execute a remote payload or mutate unrelated AI-agent config.
  • Secrets/API-key-looking value in lib/server-validate.js is documented as a Supabase anon key used as a public client credential.
  • File writes are scoped to ~/.sonic, package plugin files, and user-invoked project .sonic files.
  • Child process use is user-invoked CLI functionality: claude, npm update, npx sandbox, and git helpers.
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 23 file(s), 148 KB of source, external domains: api.anthropic.com, api.openai.com, api.pexels.com, claude.com, fal.run, generativelanguage.googleapis.com, nodejs.org, sonic.saasperity.com, zjvmclbpjjzsmboptwgk.supabase.co

Source & flagged code

7 flagged · loading source
package.jsonView file
scripts.postinstall = node scripts/postinstall.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node scripts/postinstall.js
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
lib/server-validate.jsView file
24patternName = supabase_service_key severity = critical line = 24 matchedText = 'eyJhbGc...MY';
Critical
Critical Secret

Package contains a critical-looking secret pattern.

lib/server-validate.jsView on unpkg · L24
24patternName = supabase_service_key severity = critical line = 24 matchedText = 'eyJhbGc...MY';
Critical
Secret Pattern

Supabase service role key (JWT) in lib/server-validate.js

lib/server-validate.jsView on unpkg · L24
bin/sonic.jsView file
matchType = previous_version_dangerous_delta matchedPackage = @lebtiga/sonic-agent@2.0.18 matchedIdentity = npm:QGxlYnRpZ2Evc29uaWMtYWdlbnQ:2.0.18 similarity = 0.571 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version.

bin/sonic.jsView on unpkg
12L13: const fs = require('fs'); L14: const path = require('path');
Medium
Dynamic Require

Package source references dynamic require/import behavior.

bin/sonic.jsView on unpkg · L12
lib/doctor.jsView file
12const os = require('node:os'); L13: const https = require('node:https'); L14: const { execSync, spawnSync } = require('node:child_process'); L15: ... L26: L27: const pkg = require('../package.json'); L28: ... L50: function findClaudeBin() { L51: const PATH = process.env.PATH || ''; L52: const sep = process.platform === 'win32' ? ';' : ':'; L53: const ext = process.platform === 'win32' ? ['.exe', '.cmd', ''] : ['']; ... L80: // The #1 support ticket: root-owned npm cache / global dir.
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

lib/doctor.jsView on unpkg · L12

Findings

3 Critical2 High5 Medium5 Low
CriticalCritical Secretlib/server-validate.js
CriticalPrevious Version Dangerous Deltabin/sonic.js
CriticalSecret Patternlib/server-validate.js
HighInstall Time Lifecycle Scriptspackage.json
HighSandbox Evasion Gated Capabilitylib/doctor.js
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumDynamic Requirebin/sonic.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings