AI Security Review
scanned 1d ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. The package is an AI workflow/skill platform with user-invoked setup that can register MCP servers and deploy skills/runtime into project and Claude-related locations. Automatic npm postinstall is limited to an internal @vsaf/core link, so the stronger lifecycle control-hijack condition is not met.
Decision evidence
public snapshot- packages/cli/dist/commands/install.js user-invoked install writes project .mcp.json with vsaf and gitnexus MCP servers.
- packages/cli/dist/adapters/claude.js can write project CLAUDE.md proxy instructions when IDE artifacts are requested.
- skills/vds-skill/install-deps.mjs copies package runtime into ~/.claude/vds-scripts and provisions ~/.vds/.env during explicit pack install.
- install.js invokes package managers/tools at runtime: pipx installs graphifyy/markitdown, npm i -g gitnexus, gitnexus setup.
- skills/vds-skill/install-deps.mjs may install uv via astral.sh shell/PowerShell installer.
- package.json postinstall only links/copies packages/core/dist to node_modules/@vsaf/core inside the install directory.
- No evidence that npm postinstall writes .mcp.json, CLAUDE.md, ~/.claude, shell startup files, VCS hooks, or autostart entries.
- Agent-control writes are behind explicit vsaf install/skill setup commands, not automatic package install/import.
- Command provider execution is workflow/provider-driven and redacts secret values in errors.
- No source evidence of credential exfiltration or hardcoded attacker C2 endpoint.
Source & flagged code
41 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgPackage contains a critical-looking secret pattern.
skills/vds-skill/runtime/pdf_orchestrator/tests/conftest.pyView on unpkg · L194Package source references child process execution.
packages/core/dist/providers/command-provider.jsView on unpkg · L9Package source references shell execution.
skills/vds-skill/install-deps.mjsView on unpkg · L133Package source references dynamic require/import behavior.
scripts/postinstall.jsView on unpkg · L7This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
packages/cli/dist/commands/install.jsView on unpkgPackage source invokes a package manager install command at runtime.
packages/cli/dist/commands/install.jsView on unpkg · L93Package ships non-JavaScript build or shell helper files.
scripts/win-vm-prereqs.ps1View on unpkgPackage ships high-entropy non-source blobs.
skills/vds-skill/runtime/pdf_orchestrator/cli_verification_test/test.pdfView on unpkgPackage hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.
skills/vds-skill/runtime/vds_cli/tests/unit/test_cli_DOC004.pyView on unpkgHardcoded password in skills/vds-skill/runtime/vds_cli/tests/unit/test_cli.py
skills/vds-skill/runtime/vds_cli/tests/unit/test_cli.pyView on unpkg · L226Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.py
skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.pyView on unpkg · L25Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.py
skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.pyView on unpkg · L58Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.py
skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.pyView on unpkg · L99Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.py
skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.pyView on unpkg · L119Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.py
skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.pyView on unpkg · L140Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.py
skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.pyView on unpkg · L156Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.py
skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.pyView on unpkg · L175Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.py
skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.pyView on unpkg · L216Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.py
skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.pyView on unpkg · L263Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.py
skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.pyView on unpkg · L304Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.py
skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.pyView on unpkg · L331Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.py
skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.pyView on unpkg · L357Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.py
skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.pyView on unpkg · L385Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_application_properties.py
skills/vds-skill/runtime/jira_orchestrator/tests/test_application_properties.pyView on unpkg · L33Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.py
skills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.pyView on unpkg · L17Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.py
skills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.pyView on unpkg · L47Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.py
skills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.pyView on unpkg · L82Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.py
skills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.pyView on unpkg · L102Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.py
skills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.pyView on unpkg · L129Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.py
skills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.pyView on unpkg · L149Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.py
skills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.pyView on unpkg · L173Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.py
skills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.pyView on unpkg · L197Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.py
skills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.pyView on unpkg · L217Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.py
skills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.pyView on unpkg · L237Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_issue_archiving.py
skills/vds-skill/runtime/jira_orchestrator/tests/test_issue_archiving.pyView on unpkg · L33Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_version_management.py
skills/vds-skill/runtime/jira_orchestrator/tests/test_version_management.pyView on unpkg · L22Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_version_management.py
skills/vds-skill/runtime/jira_orchestrator/tests/test_version_management.pyView on unpkg · L55Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_version_management.py
skills/vds-skill/runtime/jira_orchestrator/tests/test_version_management.pyView on unpkg · L85Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_version_management.py
skills/vds-skill/runtime/jira_orchestrator/tests/test_version_management.pyView on unpkg · L133