AI Security Review
scanned 1d ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. No confirmed malicious install-time attack surface was established. The package is an AI workflow/agent tool whose user-invoked setup can install dependencies and register project-local agent/MCP references, creating agent-extension lifecycle risk rather than unconsented lifecycle hijack.
Decision evidence
public snapshot- package.json defines postinstall: node scripts/postinstall.js
- scripts/postinstall.js creates/removes node_modules/@vsaf/core link or copy during install
- packages/cli/dist/commands/install.js user-invoked install can write project .mcp.json with vsaf and gitnexus MCP servers
- packages/cli/dist/adapters/claude.js and codex.js can write CLAUDE.md, AGENTS.md, and .codex/config.toml when IDE artifacts are requested
- packages/cli/dist/commands/install.js can run npm/pipx/brew/apt/dnf and global npm install during user-invoked setup
- Postinstall only touches package-local node_modules/@vsaf/core and exits if packages/core/dist is absent
- No install-time write to .mcp.json, CLAUDE.md, AGENTS.md, Codex, Cursor, or home agent config found
- CLI install validates pack names and is explicitly user-invoked from vsaf install <pack>
- MCP server in packages/cli/dist/mcp/server.js exposes workflow run/status/resume tools but does not register itself at install time
- No credential harvesting or exfiltration code found in inspected lifecycle and entrypoint files
- Scanner secret/blob hits inspected were test fixtures or documentation, not active payload execution
Source & flagged code
41 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgPackage contains a critical-looking secret pattern.
skills/vds-skill/runtime/pdf_orchestrator/tests/conftest.pyView on unpkg · L194Package source references child process execution.
packages/core/dist/providers/command-provider.jsView on unpkg · L9Package source references shell execution.
skills/vds-skill/install-deps.mjsView on unpkg · L133Package source references dynamic require/import behavior.
scripts/postinstall.jsView on unpkg · L7Package source invokes a package manager install command at runtime.
packages/cli/dist/commands/install.jsView on unpkg · L93Package ships non-JavaScript build or shell helper files.
scripts/win-vm-prereqs.ps1View on unpkgPackage ships high-entropy non-source blobs.
skills/vds-skill/runtime/pdf_orchestrator/cli_verification_test/test.pdfView on unpkgPackage hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.
skills/vds-skill/runtime/vds_cli/tests/unit/test_cli_DOC004.pyView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
packages/cli/dist/mcp/server.jsView on unpkgHardcoded password in skills/vds-skill/runtime/vds_cli/tests/unit/test_cli.py
skills/vds-skill/runtime/vds_cli/tests/unit/test_cli.pyView on unpkg · L226Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.py
skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.pyView on unpkg · L25Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.py
skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.pyView on unpkg · L58Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.py
skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.pyView on unpkg · L99Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.py
skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.pyView on unpkg · L119Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.py
skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.pyView on unpkg · L140Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.py
skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.pyView on unpkg · L156Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.py
skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.pyView on unpkg · L175Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.py
skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.pyView on unpkg · L216Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.py
skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.pyView on unpkg · L263Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.py
skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.pyView on unpkg · L304Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.py
skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.pyView on unpkg · L331Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.py
skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.pyView on unpkg · L357Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.py
skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.pyView on unpkg · L385Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_application_properties.py
skills/vds-skill/runtime/jira_orchestrator/tests/test_application_properties.pyView on unpkg · L33Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.py
skills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.pyView on unpkg · L17Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.py
skills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.pyView on unpkg · L47Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.py
skills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.pyView on unpkg · L82Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.py
skills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.pyView on unpkg · L102Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.py
skills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.pyView on unpkg · L129Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.py
skills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.pyView on unpkg · L149Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.py
skills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.pyView on unpkg · L173Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.py
skills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.pyView on unpkg · L197Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.py
skills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.pyView on unpkg · L217Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.py
skills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.pyView on unpkg · L237Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_issue_archiving.py
skills/vds-skill/runtime/jira_orchestrator/tests/test_issue_archiving.pyView on unpkg · L33Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_version_management.py
skills/vds-skill/runtime/jira_orchestrator/tests/test_version_management.pyView on unpkg · L22Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_version_management.py
skills/vds-skill/runtime/jira_orchestrator/tests/test_version_management.pyView on unpkg · L55Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_version_management.py
skills/vds-skill/runtime/jira_orchestrator/tests/test_version_management.pyView on unpkg · L85Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_version_management.py
skills/vds-skill/runtime/jira_orchestrator/tests/test_version_management.pyView on unpkg · L133