AI Security Review
scanned 4d ago · by lpm-firewall-aiNo confirmed malicious attack surface was established. The package is an AI workflow/skill installer with powerful user-invoked setup and workflow execution features, but install-time behavior is limited to local package linking.
Decision evidence
public snapshot- package.json defines postinstall but script only links/copies local packages/core/dist into node_modules/@vsaf/core
- packages/core/dist/engine/node-runner.js can execute workflow bash nodes with project env when user runs workflows
- packages/cli/dist/commands/install.js performs explicit runtime installs such as pipx/npm/gitnexus during vsaf install
- packages/cli/dist/adapters/codex.js and shared.js write AGENTS.md and MCP config during explicit vsaf install
- scripts/postinstall.js has no network, env harvesting, or execution beyond local symlink/copy fallback
- Main/bin entrypoints expose a DAG workflow CLI; risky child_process use is user-invoked workflow/package setup behavior
- AI-agent config writes are tied to explicit vsaf init/install commands, not install-time mutation
- No confirmed credential exfiltration path or malicious endpoint in inspected JS entrypoints
- Scanner secret hits are test fixtures/documentation examples such as suspicious_markdown_file, not live secrets
- Bundled PDF/test artifacts appear inert and not executed by package lifecycle
Source & flagged code
42 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgPackage contains a critical-looking secret pattern.
skills/vds-skill/runtime/pdf_orchestrator/tests/conftest.pyView on unpkg · L194Package source references child process execution.
packages/core/dist/isolation/workspace-manager.jsView on unpkg · L7Package source references shell execution.
skills/vds-skill/install-deps.mjsView on unpkg · L133Package source references dynamic require/import behavior.
scripts/postinstall.jsView on unpkg · L7Package source invokes a package manager install command at runtime.
packages/cli/dist/commands/install.jsView on unpkg · L73Package ships non-JavaScript build or shell helper files.
skills/vds-skill/runtime/markdown_orchestrator/src/vds_markdown_orchestrator/__init__.pyView on unpkgPackage ships high-entropy non-source blobs.
skills/vds-skill/runtime/pdf_orchestrator/cli_verification_test/test.pdfView on unpkgPackage hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.
skills/vds-skill/runtime/vds_cli/tests/unit/test_cli_DOC004.pyView on unpkgThis package version adds a dangerous source file absent from the previous stored version.
packages/core/dist/engine/node-runner.jsView on unpkgHardcoded password in skills/vds-skill/runtime/vds_cli/tests/unit/test_cli.py
skills/vds-skill/runtime/vds_cli/tests/unit/test_cli.pyView on unpkg · L226Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.py
skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.pyView on unpkg · L25Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.py
skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.pyView on unpkg · L58Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.py
skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.pyView on unpkg · L99Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.py
skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.pyView on unpkg · L119Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.py
skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.pyView on unpkg · L140Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.py
skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.pyView on unpkg · L156Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.py
skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.pyView on unpkg · L175Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.py
skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.pyView on unpkg · L216Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.py
skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.pyView on unpkg · L263Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.py
skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.pyView on unpkg · L304Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.py
skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.pyView on unpkg · L331Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.py
skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.pyView on unpkg · L357Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.py
skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.pyView on unpkg · L385Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_application_properties.py
skills/vds-skill/runtime/jira_orchestrator/tests/test_application_properties.pyView on unpkg · L33Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.py
skills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.pyView on unpkg · L17Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.py
skills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.pyView on unpkg · L47Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.py
skills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.pyView on unpkg · L82Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.py
skills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.pyView on unpkg · L102Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.py
skills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.pyView on unpkg · L129Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.py
skills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.pyView on unpkg · L149Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.py
skills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.pyView on unpkg · L173Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.py
skills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.pyView on unpkg · L197Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.py
skills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.pyView on unpkg · L217Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.py
skills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.pyView on unpkg · L237Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_issue_archiving.py
skills/vds-skill/runtime/jira_orchestrator/tests/test_issue_archiving.pyView on unpkg · L33Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_version_management.py
skills/vds-skill/runtime/jira_orchestrator/tests/test_version_management.pyView on unpkg · L22Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_version_management.py
skills/vds-skill/runtime/jira_orchestrator/tests/test_version_management.pyView on unpkg · L55Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_version_management.py
skills/vds-skill/runtime/jira_orchestrator/tests/test_version_management.pyView on unpkg · L85Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_version_management.py
skills/vds-skill/runtime/jira_orchestrator/tests/test_version_management.pyView on unpkg · L133Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_version_management.py
skills/vds-skill/runtime/jira_orchestrator/tests/test_version_management.pyView on unpkg · L149