registry  /  @ngocsangairvds/vsaf  /  5.1.8

@ngocsangairvds/vsaf@5.1.8

logging step

AI Security Review

scanned 1d ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. The package is an AI workflow/skill platform with user-invoked setup that can register MCP servers and deploy skills/runtime into project and Claude-related locations. Automatic npm postinstall is limited to an internal @vsaf/core link, so the stronger lifecycle control-hijack condition is not met.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
user runs vsaf install or skill setup commands
Impact
Registers project MCP entries, writes VSAF/Claude proxy artifacts, installs external tools, and deploys package-supplied skills/runtime.
Mechanism
user-invoked agent extension and dependency installer
Policy narrative
An explicit `vsaf install` can deploy first-party skills, write `.mcp.json`, optionally write Claude proxy instructions, install external tooling, and for the VDS pack copy runtime into `~/.claude/vds-scripts`. This creates meaningful agent-extension lifecycle risk, but it is not delivered by npm lifecycle code and appears aligned with the package's declared workflow/agent platform purpose.
Rationale
Source inspection supports a warning for guarded/user-invoked agent extension setup and runtime package installs, but not a publish-block malicious verdict because automatic postinstall only creates an internal package link. No concrete exfiltration, persistence, destructive behavior, or unconsented lifecycle mutation of a broad foreign agent surface was found.
Evidence
package.jsonscripts/postinstall.jspackages/cli/dist/commands/install.jspackages/cli/dist/adapters/claude.jspackages/cli/dist/install/orchestrator.jsskills/vds-skill/install-deps.mjspackages/core/dist/providers/command-provider.jsnode_modules/@vsaf/core.mcp.jsonCLAUDE.md.vsaf/skills.vsaf/commands.vsaf/workflows~/.claude/vds-scripts~/.vds/.env~/.vsaf/markitdown.env
Network endpoints6
astral.sh/uv/install.ps1astral.sh/uv/install.shapi.openai.com/v1platform.openai.com/api-keysgenerativelanguage.googleapis.com/v1beta/openai/api.anthropic.com

Decision evidence

public snapshot
AI called this Suspicious at 86.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • packages/cli/dist/commands/install.js user-invoked install writes project .mcp.json with vsaf and gitnexus MCP servers.
  • packages/cli/dist/adapters/claude.js can write project CLAUDE.md proxy instructions when IDE artifacts are requested.
  • skills/vds-skill/install-deps.mjs copies package runtime into ~/.claude/vds-scripts and provisions ~/.vds/.env during explicit pack install.
  • install.js invokes package managers/tools at runtime: pipx installs graphifyy/markitdown, npm i -g gitnexus, gitnexus setup.
  • skills/vds-skill/install-deps.mjs may install uv via astral.sh shell/PowerShell installer.
Evidence against
  • package.json postinstall only links/copies packages/core/dist to node_modules/@vsaf/core inside the install directory.
  • No evidence that npm postinstall writes .mcp.json, CLAUDE.md, ~/.claude, shell startup files, VCS hooks, or autostart entries.
  • Agent-control writes are behind explicit vsaf install/skill setup commands, not automatic package install/import.
  • Command provider execution is workflow/provider-driven and redacts secret values in errors.
  • No source evidence of credential exfiltration or hardcoded attacker C2 endpoint.
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsMinifiedProtestwareUrlStrings
ManifestNo manifest risk signals triggered.
scanned 87 file(s), 783 KB of source, external domains: aistudio.google.com, aka.ms, angular.dev, api.anthropic.com, api.openai.com, astral.sh, console.anthropic.com, generativelanguage.googleapis.com, github.com, pipx.pypa.io, platform.openai.com, www.python.org, www.w3.org

Source & flagged code

41 flagged · loading source
package.jsonView file
scripts.postinstall = node scripts/postinstall.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node scripts/postinstall.js
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
skills/vds-skill/runtime/pdf_orchestrator/tests/conftest.pyView file
194patternName = aws_access_key severity = critical line = 194 matchedText = - AKIA12... key
Critical
Critical Secret

Package contains a critical-looking secret pattern.

skills/vds-skill/runtime/pdf_orchestrator/tests/conftest.pyView on unpkg · L194
packages/core/dist/providers/command-provider.jsView file
9exports.resolveNodeProviderConfig = resolveNodeProviderConfig; L10: const child_process_1 = require("child_process"); L11: const os_1 = __importDefault(require("os"));
High
Child Process

Package source references child process execution.

packages/core/dist/providers/command-provider.jsView on unpkg · L9
skills/vds-skill/install-deps.mjsView file
133execSync( L134: 'powershell -ExecutionPolicy Bypass -c "irm https://astral.sh/uv/install.ps1 | iex"', L135: { stdio: 'inherit' },
High
Shell

Package source references shell execution.

skills/vds-skill/install-deps.mjsView on unpkg · L133
scripts/postinstall.jsView file
7* "workspaces" from package.json). This script recreates the link so that L8: * `require('@vsaf/core')` works after `npm install -g`. L9: *
Medium
Dynamic Require

Package source references dynamic require/import behavior.

scripts/postinstall.jsView on unpkg · L7
packages/cli/dist/commands/install.jsView file
matchType = previous_version_dangerous_delta matchedPackage = @ngocsangairvds/vsaf@5.1.5 matchedIdentity = npm:QG5nb2NzYW5nYWlydmRzL3ZzYWY:5.1.5 similarity = 0.726 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

packages/cli/dist/commands/install.jsView on unpkg
93try { L94: (0, child_process_1.execSync)('npm install @ngocsangairvds/pre-require', { cwd: projectPath, stdio: 'inherit', timeout: 120_000 }); L95: }
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

packages/cli/dist/commands/install.jsView on unpkg · L93
scripts/win-vm-prereqs.ps1View file
path = scripts/win-vm-prereqs.ps1 kind = build_helper sizeBytes = 1519 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

scripts/win-vm-prereqs.ps1View on unpkg
skills/vds-skill/runtime/pdf_orchestrator/cli_verification_test/test.pdfView file
path = skills/vds-skill/runtime/pdf_orchestrator/cli_verification_test/test.pdf kind = high_entropy_blob sizeBytes = 40986 magicHex = [redacted]
High
Ships High Entropy Blob

Package ships high-entropy non-source blobs.

skills/vds-skill/runtime/pdf_orchestrator/cli_verification_test/test.pdfView on unpkg
skills/vds-skill/runtime/vds_cli/tests/unit/test_cli_DOC004.pyView file
path = skills/vds-skill/runtime/vds_cli/tests/unit/test_cli_DOC004.py kind = payload_in_excluded_dir sizeBytes = 3413 magicHex = [redacted]
High
Payload In Excluded Dir

Package hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.

skills/vds-skill/runtime/vds_cli/tests/unit/test_cli_DOC004.pyView on unpkg
skills/vds-skill/runtime/vds_cli/tests/unit/test_cli.pyView file
226patternName = generic_password severity = medium line = 226 matchedText = mock_set...ass"
Medium
Secret Pattern

Hardcoded password in skills/vds-skill/runtime/vds_cli/tests/unit/test_cli.py

skills/vds-skill/runtime/vds_cli/tests/unit/test_cli.pyView on unpkg · L226
skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.pyView file
25patternName = generic_password severity = medium line = 25 matchedText = mock_set...ass"
Medium
Secret Pattern

Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.py

skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.pyView on unpkg · L25
58patternName = generic_password severity = medium line = 58 matchedText = mock_set...ass"
Medium
Secret Pattern

Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.py

skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.pyView on unpkg · L58
99patternName = generic_password severity = medium line = 99 matchedText = mock_set...ass"
Medium
Secret Pattern

Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.py

skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.pyView on unpkg · L99
119patternName = generic_password severity = medium line = 119 matchedText = mock_set...ass"
Medium
Secret Pattern

Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.py

skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.pyView on unpkg · L119
140patternName = generic_password severity = medium line = 140 matchedText = mock_set...ass"
Medium
Secret Pattern

Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.py

skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.pyView on unpkg · L140
156patternName = generic_password severity = medium line = 156 matchedText = mock_set...ass"
Medium
Secret Pattern

Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.py

skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.pyView on unpkg · L156
175patternName = generic_password severity = medium line = 175 matchedText = mock_set...ass"
Medium
Secret Pattern

Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.py

skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.pyView on unpkg · L175
216patternName = generic_password severity = medium line = 216 matchedText = mock_set...ass"
Medium
Secret Pattern

Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.py

skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.pyView on unpkg · L216
263patternName = generic_password severity = medium line = 263 matchedText = mock_set...ass"
Medium
Secret Pattern

Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.py

skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.pyView on unpkg · L263
304patternName = generic_password severity = medium line = 304 matchedText = mock_set...ass"
Medium
Secret Pattern

Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.py

skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.pyView on unpkg · L304
331patternName = generic_password severity = medium line = 331 matchedText = mock_set...ass"
Medium
Secret Pattern

Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.py

skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.pyView on unpkg · L331
357patternName = generic_password severity = medium line = 357 matchedText = mock_set...ass"
Medium
Secret Pattern

Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.py

skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.pyView on unpkg · L357
385patternName = generic_password severity = medium line = 385 matchedText = mock_set...ass"
Medium
Secret Pattern

Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.py

skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.pyView on unpkg · L385
skills/vds-skill/runtime/jira_orchestrator/tests/test_application_properties.pyView file
33patternName = generic_password severity = medium line = 33 matchedText = mock_set...ass"
Medium
Secret Pattern

Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_application_properties.py

skills/vds-skill/runtime/jira_orchestrator/tests/test_application_properties.pyView on unpkg · L33
skills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.pyView file
17patternName = generic_password severity = medium line = 17 matchedText = mock_set...ass"
Medium
Secret Pattern

Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.py

skills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.pyView on unpkg · L17
47patternName = generic_password severity = medium line = 47 matchedText = mock_set...ass"
Medium
Secret Pattern

Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.py

skills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.pyView on unpkg · L47
82patternName = generic_password severity = medium line = 82 matchedText = mock_set...ass"
Medium
Secret Pattern

Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.py

skills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.pyView on unpkg · L82
102patternName = generic_password severity = medium line = 102 matchedText = mock_set...ass"
Medium
Secret Pattern

Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.py

skills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.pyView on unpkg · L102
129patternName = generic_password severity = medium line = 129 matchedText = mock_set...ass"
Medium
Secret Pattern

Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.py

skills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.pyView on unpkg · L129
149patternName = generic_password severity = medium line = 149 matchedText = mock_set...ass"
Medium
Secret Pattern

Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.py

skills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.pyView on unpkg · L149
173patternName = generic_password severity = medium line = 173 matchedText = mock_set...ass"
Medium
Secret Pattern

Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.py

skills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.pyView on unpkg · L173
197patternName = generic_password severity = medium line = 197 matchedText = mock_set...ass"
Medium
Secret Pattern

Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.py

skills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.pyView on unpkg · L197
217patternName = generic_password severity = medium line = 217 matchedText = mock_set...ass"
Medium
Secret Pattern

Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.py

skills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.pyView on unpkg · L217
237patternName = generic_password severity = medium line = 237 matchedText = mock_set...ass"
Medium
Secret Pattern

Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.py

skills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.pyView on unpkg · L237
skills/vds-skill/runtime/jira_orchestrator/tests/test_issue_archiving.pyView file
33patternName = generic_password severity = medium line = 33 matchedText = mock_set...ass"
Medium
Secret Pattern

Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_issue_archiving.py

skills/vds-skill/runtime/jira_orchestrator/tests/test_issue_archiving.pyView on unpkg · L33
skills/vds-skill/runtime/jira_orchestrator/tests/test_version_management.pyView file
22patternName = generic_password severity = medium line = 22 matchedText = mock_set...ass"
Medium
Secret Pattern

Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_version_management.py

skills/vds-skill/runtime/jira_orchestrator/tests/test_version_management.pyView on unpkg · L22
55patternName = generic_password severity = medium line = 55 matchedText = mock_set...ass"
Medium
Secret Pattern

Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_version_management.py

skills/vds-skill/runtime/jira_orchestrator/tests/test_version_management.pyView on unpkg · L55
85patternName = generic_password severity = medium line = 85 matchedText = mock_set...ass"
Medium
Secret Pattern

Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_version_management.py

skills/vds-skill/runtime/jira_orchestrator/tests/test_version_management.pyView on unpkg · L85
133patternName = generic_password severity = medium line = 133 matchedText = mock_set...ass"
Medium
Secret Pattern

Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_version_management.py

skills/vds-skill/runtime/jira_orchestrator/tests/test_version_management.pyView on unpkg · L133

Findings

2 Critical6 High37 Medium5 Low
CriticalCritical Secretskills/vds-skill/runtime/pdf_orchestrator/tests/conftest.py
CriticalPrevious Version Dangerous Deltapackages/cli/dist/commands/install.js
HighInstall Time Lifecycle Scriptspackage.json
HighChild Processpackages/core/dist/providers/command-provider.js
HighShellskills/vds-skill/install-deps.mjs
HighRuntime Package Installpackages/cli/dist/commands/install.js
HighShips High Entropy Blobskills/vds-skill/runtime/pdf_orchestrator/cli_verification_test/test.pdf
HighPayload In Excluded Dirskills/vds-skill/runtime/vds_cli/tests/unit/test_cli_DOC004.py
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumDynamic Requirescripts/postinstall.js
MediumNetwork
MediumEnvironment Vars
MediumProtestware
MediumShips Build Helperscripts/win-vm-prereqs.ps1
MediumStructural Risk Force Deep Review
MediumSecret Patternskills/vds-skill/runtime/vds_cli/tests/unit/test_cli.py
MediumSecret Patternskills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.py
MediumSecret Patternskills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.py
MediumSecret Patternskills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.py
MediumSecret Patternskills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.py
MediumSecret Patternskills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.py
MediumSecret Patternskills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.py
MediumSecret Patternskills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.py
MediumSecret Patternskills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.py
MediumSecret Patternskills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.py
MediumSecret Patternskills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.py
MediumSecret Patternskills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.py
MediumSecret Patternskills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.py
MediumSecret Patternskills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.py
MediumSecret Patternskills/vds-skill/runtime/jira_orchestrator/tests/test_application_properties.py
MediumSecret Patternskills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.py
MediumSecret Patternskills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.py
MediumSecret Patternskills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.py
MediumSecret Patternskills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.py
MediumSecret Patternskills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.py
MediumSecret Patternskills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.py
MediumSecret Patternskills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.py
MediumSecret Patternskills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.py
MediumSecret Patternskills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.py
MediumSecret Patternskills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.py
MediumSecret Patternskills/vds-skill/runtime/jira_orchestrator/tests/test_issue_archiving.py
MediumSecret Patternskills/vds-skill/runtime/jira_orchestrator/tests/test_version_management.py
MediumSecret Patternskills/vds-skill/runtime/jira_orchestrator/tests/test_version_management.py
MediumSecret Patternskills/vds-skill/runtime/jira_orchestrator/tests/test_version_management.py
MediumSecret Patternskills/vds-skill/runtime/jira_orchestrator/tests/test_version_management.py
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings