registry  /  @nalvietnam/avatar-cli  /  3.15.3

@nalvietnam/avatar-cli@3.15.3

⚠ Under review

AI harness CLI for NAL Vietnam engineering

Static Scan Results

scanned 6d ago · by rust-scanner

Static analysis flagged 17 finding(s) at 93.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemNetwork
Supply chain
HighEntropyStringsMinifiedObfuscatedUrlStrings
Manifest
NoLicense
scanned 4 file(s), 171 KB of source, external domains: accounts.google.com, ai.nal.vn, api.anthropic.com, cli.github.com, github.com, oauth2.googleapis.com, qpdbkewtpkkbcrptnlos.supabase.co, www.npmjs.com

Source & flagged code

7 flagged · loading source
package.jsonView file
scripts.postinstall = node ./bin/postinstall.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node ./bin/postinstall.js
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
dist/index.jsView file
matchType = previous_version_dangerous_delta matchedPackage = @nalvietnam/avatar-cli@3.15.4 matchedIdentity = npm:QG5hbHZpZXRuYW0vYXZhdGFyLWNsaQ:3.15.4 similarity = 0.750 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version.

dist/index.jsView on unpkg
1// @nalvietnam/avatar-cli — built with tsup L2: var ca=Object.defineProperty;var O=(t,e)=>()=>(t&&(e=t(t=0)),e);var z=(t,e)=>{for(var n in e)ca(t,n,{get:e[n],enumerable:!0})};var yt={};z(yt,{copyDirRecursive:()=>un,downloadFile:... L3: `,n)}async function un(t,e,n=[]){await S(e);let r=await L.readdir(t,{withFileTypes:!0});for(let o of r){if(n.includes(o.name))continue;let s=ln(t,o.name),a=ln(e,o.name);if(o.isDire...
High
Child Process

Package source references child process execution.

dist/index.jsView on unpkg · L1
22`),plain:t=>process.stdout.write(`${t} L23: `)}});import{spawnSync as Xa}from"child_process";function ke(){let t=Xa("gh",["api","user","--jq",".login"],{encoding:"utf8",stdio:["ignore","pipe","pipe"],timeout:1e4});if(t.signa... L24: `),new Ht(In(a),`T\u1EA1o repo ${o} th\u1EA5t b\u1EA1i.`)}return i.success(`\u0110\xE3 t\u1EA1o: git@github.com:${o}.git`),`git@github.com:${o}.git`}var Ht,Mn=O(()=>{"use strict";_... L25: `);let s=In(o);throw s==="name-exists"?new On(e):s==="no-permission"?new Ct("no-permission",`Kh\xF4ng c\xF3 quy\u1EC1n t\u1EA1o repo ${e}. Ki\u1EC3m tra \u0111\u0103ng nh\u1EADp \u... L26: `),r=Ha("git",["credential","approve"],{input:n,encoding:"utf8",stdio:["pipe","pipe","pipe"]});return r.status===0?{ok:!0}:{ok:!1,error:(r.stderr||"").trim()||(r.error?.message??"g... L27: Ki\u1EC3m tra: \u0111ang login \u0111\xFAng GitHub account ch\u01B0a? (gh auth status)`);break;case"network":i.dim(" \u2192 L\u1ED7i m\u1EA1ng (m\u1EA5t k\u1EBFt n\u1ED1i / DNS / ...
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

dist/index.jsView on unpkg · L22
1// @nalvietnam/avatar-cli — built with tsup L2: var ca=Object.defineProperty;var O=(t,e)=>()=>(t&&(e=t(t=0)),e);var z=(t,e)=>{for(var n in e)ca(t,n,{get:e[n],enumerable:!0})};var yt={};z(yt,{copyDirRecursive:()=>un,downloadFile:... L3: `,n)}async function un(t,e,n=[]){await S(e);let r=await L.readdir(t,{withFileTypes:!0});for(let o of r){if(n.includes(o.name))continue;let s=ln(t,o.name),a=ln(e,o.name);if(o.isDire... L4: `).filter(c=>c.trim().length>0)):n(new Error(`tar list exit ${a}: ${s.trim()}`))})})}function wa(t,e){if(t.startsWith("/")||t.startsWith("~"))return!1;let n=ln(e,t),r=Lr(e,n);retur... ... L16: `});var at={};z(at,{REPOS_MANIFEST_RELATIVE:()=>eo,addRepoToManifest:()=>ge,readReposManifest:()=>de,removeRepoFromManifest:()=>ja,repoNameExists:()=>fe});import{join as Da}from"pa... L17: `),await o.add("."),await o.commit("chore: initial commit (avatar add repo \u2014 d\u1EF1 \xE1n m\u1EDBi)").catch(()=>{}),await o.addRemote("origin",t.url).catch(()=>{}),await o.pu... L18: `),success:t=>process.stdout.write(`${p.green("\u2713")} ${t}
High
Command Output Exfiltration

Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.

dist/index.jsView on unpkg · L1
1// @nalvietnam/avatar-cli — built with tsup L2: var ca=Object.defineProperty;var O=(t,e)=>()=>(t&&(e=t(t=0)),e);var z=(t,e)=>{for(var n in e)ca(t,n,{get:e[n],enumerable:!0})};var yt={};z(yt,{copyDirRecursive:()=>un,downloadFile:... L3: `,n)}async function un(t,e,n=[]){await S(e);let r=await L.readdir(t,{withFileTypes:!0});for(let o of r){if(n.includes(o.name))continue;let s=ln(t,o.name),a=ln(e,o.name);if(o.isDire... L4: `).filter(c=>c.trim().length>0)):n(new Error(`tar list exit ${a}: ${s.trim()}`))})})}function wa(t,e){if(t.startsWith("/")||t.startsWith("~"))return!1;let n=ln(e,t),r=Lr(e,n);retur... L5: `),r=Kr(n,Br),o=Kr(n,Wr);if(r!==-1&&o!==-1&&r<o){let s=n.slice(0,r),a=n.slice(o+1);return{content:[...s,e.trimEnd(),...a].join(` ... L16: `});var at={};z(at,{REPOS_MANIFEST_RELATIVE:()=>eo,addRepoToManifest:()=>ge,readReposManifest:()=>de,removeRepoFromManifest:()=>ja,repoNameExists:()=>fe});import{join as Da}from"pa... L17: `),await o.add("."),await o.commit("chore: initial commit (avatar add repo \u2014 d\u1EF1 \xE1n m\u1EDBi)").catch(()=>{}),await o.addRemote("origin",t.url).catch(()=>{}),await o.pu... L18: `),success:t=>process.stdout.write(`${p.green("\u2713")} ${t} ... L2
Medium
Install Persistence

Source writes installer persistence such as shell profile or service configuration.

dist/index.jsView on unpkg · L1

Findings

1 Critical4 High5 Medium7 Low
CriticalPrevious Version Dangerous Deltadist/index.js
HighInstall Time Lifecycle Scriptspackage.json
HighChild Processdist/index.js
HighSame File Env Network Executiondist/index.js
HighCommand Output Exfiltrationdist/index.js
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
MediumEnvironment Vars
MediumInstall Persistencedist/index.js
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings
LowNo License