registry  /  @ngocsangairvds/vsaf  /  5.1.10

@ngocsangairvds/vsaf@5.1.10

logging step

AI Security Review

scanned 1d ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. No confirmed malicious install-time attack surface was established. The package is an AI workflow/agent tool whose user-invoked setup can install dependencies and register project-local agent/MCP references, creating agent-extension lifecycle risk rather than unconsented lifecycle hijack.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
npm install runs postinstall; vsaf install <pack> activates broader setup
Impact
Potentially broad agent workflow execution if a user opts into IDE artifacts/MCP setup; no automatic foreign agent control-surface mutation at npm install
Mechanism
package-local symlink/copy on install; user-invoked agent/MCP project setup
Policy narrative
During npm install, the lifecycle script only recreates a local @vsaf/core workspace link under node_modules. Broader behavior is behind the vsaf CLI: vsaf install can deploy packaged skills/workflows under .vsaf, install helper dependencies, and optionally write project agent/MCP configuration for Claude/Codex. This is powerful agent-extension setup, but inspection did not show unconsented lifecycle mutation of foreign agent surfaces, credential exfiltration, or remote payload execution.
Rationale
Source inspection supports a warn-level agent extension lifecycle risk: powerful user-invoked AI/MCP setup exists, but the npm lifecycle hook is package-local and no concrete malicious install-time behavior was found. The scanner hints are mostly explained by packaged skills/tests, setup commands, and MCP/workflow functionality aligned with the package purpose.
Evidence
package.jsonscripts/postinstall.jspackages/cli/dist/index.jspackages/cli/dist/commands/install.jspackages/cli/dist/install/orchestrator.jspackages/cli/dist/adapters/claude.jspackages/cli/dist/adapters/codex.jspackages/cli/dist/mcp/server.jsnode_modules/@vsaf/core.mcp.jsonCLAUDE.mdAGENTS.md.codex/config.toml.vsaf/skills.vsaf/commands.vsaf/workflows
Network endpoints5
aka.ms/vs/17/release/vc_redist.x64.exepipx.pypa.io/stable/installation/api.openai.com/v1generativelanguage.googleapis.com/v1beta/openai/api.anthropic.com

Decision evidence

public snapshot
AI called this Suspicious at 83.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • package.json defines postinstall: node scripts/postinstall.js
  • scripts/postinstall.js creates/removes node_modules/@vsaf/core link or copy during install
  • packages/cli/dist/commands/install.js user-invoked install can write project .mcp.json with vsaf and gitnexus MCP servers
  • packages/cli/dist/adapters/claude.js and codex.js can write CLAUDE.md, AGENTS.md, and .codex/config.toml when IDE artifacts are requested
  • packages/cli/dist/commands/install.js can run npm/pipx/brew/apt/dnf and global npm install during user-invoked setup
Evidence against
  • Postinstall only touches package-local node_modules/@vsaf/core and exits if packages/core/dist is absent
  • No install-time write to .mcp.json, CLAUDE.md, AGENTS.md, Codex, Cursor, or home agent config found
  • CLI install validates pack names and is explicitly user-invoked from vsaf install <pack>
  • MCP server in packages/cli/dist/mcp/server.js exposes workflow run/status/resume tools but does not register itself at install time
  • No credential harvesting or exfiltration code found in inspected lifecycle and entrypoint files
  • Scanner secret/blob hits inspected were test fixtures or documentation, not active payload execution
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsMinifiedProtestwareUrlStrings
ManifestNo manifest risk signals triggered.
scanned 87 file(s), 793 KB of source, external domains: aistudio.google.com, aka.ms, angular.dev, api.anthropic.com, api.openai.com, astral.sh, console.anthropic.com, generativelanguage.googleapis.com, github.com, pipx.pypa.io, platform.openai.com, www.python.org, www.w3.org

Source & flagged code

41 flagged · loading source
package.jsonView file
scripts.postinstall = node scripts/postinstall.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node scripts/postinstall.js
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
skills/vds-skill/runtime/pdf_orchestrator/tests/conftest.pyView file
194patternName = aws_access_key severity = critical line = 194 matchedText = - AKIA12... key
Critical
Critical Secret

Package contains a critical-looking secret pattern.

skills/vds-skill/runtime/pdf_orchestrator/tests/conftest.pyView on unpkg · L194
packages/core/dist/providers/command-provider.jsView file
9exports.resolveNodeProviderConfig = resolveNodeProviderConfig; L10: const child_process_1 = require("child_process"); L11: const os_1 = __importDefault(require("os"));
High
Child Process

Package source references child process execution.

packages/core/dist/providers/command-provider.jsView on unpkg · L9
skills/vds-skill/install-deps.mjsView file
133execSync( L134: 'powershell -ExecutionPolicy Bypass -c "irm https://astral.sh/uv/install.ps1 | iex"', L135: { stdio: 'inherit' },
High
Shell

Package source references shell execution.

skills/vds-skill/install-deps.mjsView on unpkg · L133
scripts/postinstall.jsView file
7* "workspaces" from package.json). This script recreates the link so that L8: * `require('@vsaf/core')` works after `npm install -g`. L9: *
Medium
Dynamic Require

Package source references dynamic require/import behavior.

scripts/postinstall.jsView on unpkg · L7
packages/cli/dist/commands/install.jsView file
93try { L94: (0, child_process_1.execSync)('npm install @ngocsangairvds/pre-require', { cwd: projectPath, stdio: 'inherit', timeout: 120_000 }); L95: }
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

packages/cli/dist/commands/install.jsView on unpkg · L93
scripts/win-vm-prereqs.ps1View file
path = scripts/win-vm-prereqs.ps1 kind = build_helper sizeBytes = 1519 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

scripts/win-vm-prereqs.ps1View on unpkg
skills/vds-skill/runtime/pdf_orchestrator/cli_verification_test/test.pdfView file
path = skills/vds-skill/runtime/pdf_orchestrator/cli_verification_test/test.pdf kind = high_entropy_blob sizeBytes = 40986 magicHex = [redacted]
High
Ships High Entropy Blob

Package ships high-entropy non-source blobs.

skills/vds-skill/runtime/pdf_orchestrator/cli_verification_test/test.pdfView on unpkg
skills/vds-skill/runtime/vds_cli/tests/unit/test_cli_DOC004.pyView file
path = skills/vds-skill/runtime/vds_cli/tests/unit/test_cli_DOC004.py kind = payload_in_excluded_dir sizeBytes = 3413 magicHex = [redacted]
High
Payload In Excluded Dir

Package hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.

skills/vds-skill/runtime/vds_cli/tests/unit/test_cli_DOC004.pyView on unpkg
packages/cli/dist/mcp/server.jsView file
matchType = previous_version_dangerous_delta matchedPackage = @ngocsangairvds/vsaf@5.1.9 matchedIdentity = npm:QG5nb2NzYW5nYWlydmRzL3ZzYWY:5.1.9 similarity = 0.931 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

packages/cli/dist/mcp/server.jsView on unpkg
skills/vds-skill/runtime/vds_cli/tests/unit/test_cli.pyView file
226patternName = generic_password severity = medium line = 226 matchedText = mock_set...ass"
Medium
Secret Pattern

Hardcoded password in skills/vds-skill/runtime/vds_cli/tests/unit/test_cli.py

skills/vds-skill/runtime/vds_cli/tests/unit/test_cli.pyView on unpkg · L226
skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.pyView file
25patternName = generic_password severity = medium line = 25 matchedText = mock_set...ass"
Medium
Secret Pattern

Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.py

skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.pyView on unpkg · L25
58patternName = generic_password severity = medium line = 58 matchedText = mock_set...ass"
Medium
Secret Pattern

Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.py

skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.pyView on unpkg · L58
99patternName = generic_password severity = medium line = 99 matchedText = mock_set...ass"
Medium
Secret Pattern

Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.py

skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.pyView on unpkg · L99
119patternName = generic_password severity = medium line = 119 matchedText = mock_set...ass"
Medium
Secret Pattern

Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.py

skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.pyView on unpkg · L119
140patternName = generic_password severity = medium line = 140 matchedText = mock_set...ass"
Medium
Secret Pattern

Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.py

skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.pyView on unpkg · L140
156patternName = generic_password severity = medium line = 156 matchedText = mock_set...ass"
Medium
Secret Pattern

Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.py

skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.pyView on unpkg · L156
175patternName = generic_password severity = medium line = 175 matchedText = mock_set...ass"
Medium
Secret Pattern

Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.py

skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.pyView on unpkg · L175
216patternName = generic_password severity = medium line = 216 matchedText = mock_set...ass"
Medium
Secret Pattern

Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.py

skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.pyView on unpkg · L216
263patternName = generic_password severity = medium line = 263 matchedText = mock_set...ass"
Medium
Secret Pattern

Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.py

skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.pyView on unpkg · L263
304patternName = generic_password severity = medium line = 304 matchedText = mock_set...ass"
Medium
Secret Pattern

Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.py

skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.pyView on unpkg · L304
331patternName = generic_password severity = medium line = 331 matchedText = mock_set...ass"
Medium
Secret Pattern

Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.py

skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.pyView on unpkg · L331
357patternName = generic_password severity = medium line = 357 matchedText = mock_set...ass"
Medium
Secret Pattern

Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.py

skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.pyView on unpkg · L357
385patternName = generic_password severity = medium line = 385 matchedText = mock_set...ass"
Medium
Secret Pattern

Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.py

skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.pyView on unpkg · L385
skills/vds-skill/runtime/jira_orchestrator/tests/test_application_properties.pyView file
33patternName = generic_password severity = medium line = 33 matchedText = mock_set...ass"
Medium
Secret Pattern

Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_application_properties.py

skills/vds-skill/runtime/jira_orchestrator/tests/test_application_properties.pyView on unpkg · L33
skills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.pyView file
17patternName = generic_password severity = medium line = 17 matchedText = mock_set...ass"
Medium
Secret Pattern

Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.py

skills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.pyView on unpkg · L17
47patternName = generic_password severity = medium line = 47 matchedText = mock_set...ass"
Medium
Secret Pattern

Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.py

skills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.pyView on unpkg · L47
82patternName = generic_password severity = medium line = 82 matchedText = mock_set...ass"
Medium
Secret Pattern

Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.py

skills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.pyView on unpkg · L82
102patternName = generic_password severity = medium line = 102 matchedText = mock_set...ass"
Medium
Secret Pattern

Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.py

skills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.pyView on unpkg · L102
129patternName = generic_password severity = medium line = 129 matchedText = mock_set...ass"
Medium
Secret Pattern

Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.py

skills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.pyView on unpkg · L129
149patternName = generic_password severity = medium line = 149 matchedText = mock_set...ass"
Medium
Secret Pattern

Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.py

skills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.pyView on unpkg · L149
173patternName = generic_password severity = medium line = 173 matchedText = mock_set...ass"
Medium
Secret Pattern

Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.py

skills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.pyView on unpkg · L173
197patternName = generic_password severity = medium line = 197 matchedText = mock_set...ass"
Medium
Secret Pattern

Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.py

skills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.pyView on unpkg · L197
217patternName = generic_password severity = medium line = 217 matchedText = mock_set...ass"
Medium
Secret Pattern

Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.py

skills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.pyView on unpkg · L217
237patternName = generic_password severity = medium line = 237 matchedText = mock_set...ass"
Medium
Secret Pattern

Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.py

skills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.pyView on unpkg · L237
skills/vds-skill/runtime/jira_orchestrator/tests/test_issue_archiving.pyView file
33patternName = generic_password severity = medium line = 33 matchedText = mock_set...ass"
Medium
Secret Pattern

Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_issue_archiving.py

skills/vds-skill/runtime/jira_orchestrator/tests/test_issue_archiving.pyView on unpkg · L33
skills/vds-skill/runtime/jira_orchestrator/tests/test_version_management.pyView file
22patternName = generic_password severity = medium line = 22 matchedText = mock_set...ass"
Medium
Secret Pattern

Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_version_management.py

skills/vds-skill/runtime/jira_orchestrator/tests/test_version_management.pyView on unpkg · L22
55patternName = generic_password severity = medium line = 55 matchedText = mock_set...ass"
Medium
Secret Pattern

Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_version_management.py

skills/vds-skill/runtime/jira_orchestrator/tests/test_version_management.pyView on unpkg · L55
85patternName = generic_password severity = medium line = 85 matchedText = mock_set...ass"
Medium
Secret Pattern

Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_version_management.py

skills/vds-skill/runtime/jira_orchestrator/tests/test_version_management.pyView on unpkg · L85
133patternName = generic_password severity = medium line = 133 matchedText = mock_set...ass"
Medium
Secret Pattern

Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_version_management.py

skills/vds-skill/runtime/jira_orchestrator/tests/test_version_management.pyView on unpkg · L133

Findings

2 Critical6 High37 Medium5 Low
CriticalCritical Secretskills/vds-skill/runtime/pdf_orchestrator/tests/conftest.py
CriticalPrevious Version Dangerous Deltapackages/cli/dist/mcp/server.js
HighInstall Time Lifecycle Scriptspackage.json
HighChild Processpackages/core/dist/providers/command-provider.js
HighShellskills/vds-skill/install-deps.mjs
HighRuntime Package Installpackages/cli/dist/commands/install.js
HighShips High Entropy Blobskills/vds-skill/runtime/pdf_orchestrator/cli_verification_test/test.pdf
HighPayload In Excluded Dirskills/vds-skill/runtime/vds_cli/tests/unit/test_cli_DOC004.py
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumDynamic Requirescripts/postinstall.js
MediumNetwork
MediumEnvironment Vars
MediumProtestware
MediumShips Build Helperscripts/win-vm-prereqs.ps1
MediumStructural Risk Force Deep Review
MediumSecret Patternskills/vds-skill/runtime/vds_cli/tests/unit/test_cli.py
MediumSecret Patternskills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.py
MediumSecret Patternskills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.py
MediumSecret Patternskills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.py
MediumSecret Patternskills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.py
MediumSecret Patternskills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.py
MediumSecret Patternskills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.py
MediumSecret Patternskills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.py
MediumSecret Patternskills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.py
MediumSecret Patternskills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.py
MediumSecret Patternskills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.py
MediumSecret Patternskills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.py
MediumSecret Patternskills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.py
MediumSecret Patternskills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.py
MediumSecret Patternskills/vds-skill/runtime/jira_orchestrator/tests/test_application_properties.py
MediumSecret Patternskills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.py
MediumSecret Patternskills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.py
MediumSecret Patternskills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.py
MediumSecret Patternskills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.py
MediumSecret Patternskills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.py
MediumSecret Patternskills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.py
MediumSecret Patternskills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.py
MediumSecret Patternskills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.py
MediumSecret Patternskills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.py
MediumSecret Patternskills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.py
MediumSecret Patternskills/vds-skill/runtime/jira_orchestrator/tests/test_issue_archiving.py
MediumSecret Patternskills/vds-skill/runtime/jira_orchestrator/tests/test_version_management.py
MediumSecret Patternskills/vds-skill/runtime/jira_orchestrator/tests/test_version_management.py
MediumSecret Patternskills/vds-skill/runtime/jira_orchestrator/tests/test_version_management.py
MediumSecret Patternskills/vds-skill/runtime/jira_orchestrator/tests/test_version_management.py
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings