registry  /  @ngocsangairvds/vsaf  /  5.1.9

@ngocsangairvds/vsaf@5.1.9

logging step

AI Security Review

scanned 2h ago · by lpm-firewall-ai

No confirmed malicious install-time attack surface was found. The package is an AI workflow/agent tool with user-invoked MCP/skill setup and a runtime Antigravity provider that disables agent permission prompts.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs vsaf init/install or executes workflows with antigravity/gemini-agy provider
Impact
Could grant broad AI-agent capabilities during intended workflow execution, but not silently on npm install.
Mechanism
user-invoked agent extension setup and permission-bypassing agent execution
Attack narrative
The npm lifecycle hook repairs the package's own workspace link only. Risk appears when a user explicitly invokes VSAF setup or workflows: it can register project MCP servers, deploy bundled skills, install dependencies, and run Antigravity with permissions skipped. That is dangerous agent-facing capability, but source inspection did not show unconsented lifecycle mutation or hidden exfiltration.
Rationale
Source inspection supports a warning for dangerous AI-agent capability and user-invoked extension lifecycle behavior, not a publish block. The blockable policy condition of unconsented lifecycle mutation of foreign/broad agent control surfaces was not present in postinstall.
Evidence
package.jsonscripts/postinstall.jspackages/core/dist/providers/default-adapters.jspackages/core/dist/providers/command-provider.jspackages/cli/dist/commands/install.jspackages/cli/dist/commands/init.jsnode_modules/@vsaf/core.vsaf/config.yaml.vsaf/skills.vsaf/commands.vsaf/workflows.mcp.json~/.vsaf/markitdown.env
Network endpoints3
api.anthropic.com/v1/messagesgenerativelanguage.googleapis.com/v1beta/models/${model}:generateContentapi.openai.com/v1

Decision evidence

public snapshot
AI called this Suspicious at 83.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • packages/core/dist/providers/default-adapters.js runs agy with --dangerously-skip-permissions for antigravity adapters.
  • packages/cli/dist/commands/init.js and install.js create/merge project .mcp.json with vsaf/gitnexus MCP entries.
  • packages/cli/dist/commands/install.js user-invoked install can run npm/pipx/global gitnexus setup and deploy skills into .vsaf/skills.
  • packages/core/dist/providers/command-provider.js executes configured provider commands with selected env keys.
Evidence against
  • scripts/postinstall.js only links/copies packages/core/dist into node_modules/@vsaf/core inside the installed package.
  • No install-time write to .mcp.json, .claude, home agent settings, shell startup, VCS hooks, or autostart found.
  • Network calls are package-aligned LLM APIs or user-invoked installer dependency setup, not hidden exfiltration.
  • Secret-looking strings in tests/docs are examples or empty config templates, not embedded live credentials.
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsMinifiedProtestwareUrlStrings
ManifestNo manifest risk signals triggered.
scanned 87 file(s), 783 KB of source, external domains: aistudio.google.com, aka.ms, angular.dev, api.anthropic.com, api.openai.com, astral.sh, console.anthropic.com, generativelanguage.googleapis.com, github.com, pipx.pypa.io, platform.openai.com, www.python.org, www.w3.org

Source & flagged code

41 flagged · loading source
package.jsonView file
scripts.postinstall = node scripts/postinstall.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node scripts/postinstall.js
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
skills/vds-skill/runtime/pdf_orchestrator/tests/conftest.pyView file
194patternName = aws_access_key severity = critical line = 194 matchedText = - AKIA12... key
Critical
Critical Secret

Package contains a critical-looking secret pattern.

skills/vds-skill/runtime/pdf_orchestrator/tests/conftest.pyView on unpkg · L194
packages/core/dist/providers/command-provider.jsView file
9exports.resolveNodeProviderConfig = resolveNodeProviderConfig; L10: const child_process_1 = require("child_process"); L11: const os_1 = __importDefault(require("os"));
High
Child Process

Package source references child process execution.

packages/core/dist/providers/command-provider.jsView on unpkg · L9
skills/vds-skill/install-deps.mjsView file
133execSync( L134: 'powershell -ExecutionPolicy Bypass -c "irm https://astral.sh/uv/install.ps1 | iex"', L135: { stdio: 'inherit' },
High
Shell

Package source references shell execution.

skills/vds-skill/install-deps.mjsView on unpkg · L133
scripts/postinstall.jsView file
7* "workspaces" from package.json). This script recreates the link so that L8: * `require('@vsaf/core')` works after `npm install -g`. L9: *
Medium
Dynamic Require

Package source references dynamic require/import behavior.

scripts/postinstall.jsView on unpkg · L7
packages/cli/dist/commands/install.jsView file
93try { L94: (0, child_process_1.execSync)('npm install @ngocsangairvds/pre-require', { cwd: projectPath, stdio: 'inherit', timeout: 120_000 }); L95: }
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

packages/cli/dist/commands/install.jsView on unpkg · L93
scripts/win-vm-prereqs.ps1View file
path = scripts/win-vm-prereqs.ps1 kind = build_helper sizeBytes = 1519 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

scripts/win-vm-prereqs.ps1View on unpkg
skills/vds-skill/runtime/pdf_orchestrator/cli_verification_test/test.pdfView file
path = skills/vds-skill/runtime/pdf_orchestrator/cli_verification_test/test.pdf kind = high_entropy_blob sizeBytes = 40986 magicHex = [redacted]
High
Ships High Entropy Blob

Package ships high-entropy non-source blobs.

skills/vds-skill/runtime/pdf_orchestrator/cli_verification_test/test.pdfView on unpkg
skills/vds-skill/runtime/vds_cli/tests/unit/test_cli_DOC004.pyView file
path = skills/vds-skill/runtime/vds_cli/tests/unit/test_cli_DOC004.py kind = payload_in_excluded_dir sizeBytes = 3413 magicHex = [redacted]
High
Payload In Excluded Dir

Package hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.

skills/vds-skill/runtime/vds_cli/tests/unit/test_cli_DOC004.pyView on unpkg
packages/core/dist/providers/default-adapters.jsView file
matchType = previous_version_dangerous_delta matchedPackage = @ngocsangairvds/vsaf@5.1.8 matchedIdentity = npm:QG5nb2NzYW5nYWlydmRzL3ZzYWY:5.1.8 similarity = 0.989 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

packages/core/dist/providers/default-adapters.jsView on unpkg
skills/vds-skill/runtime/vds_cli/tests/unit/test_cli.pyView file
226patternName = generic_password severity = medium line = 226 matchedText = mock_set...ass"
Medium
Secret Pattern

Hardcoded password in skills/vds-skill/runtime/vds_cli/tests/unit/test_cli.py

skills/vds-skill/runtime/vds_cli/tests/unit/test_cli.pyView on unpkg · L226
skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.pyView file
25patternName = generic_password severity = medium line = 25 matchedText = mock_set...ass"
Medium
Secret Pattern

Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.py

skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.pyView on unpkg · L25
58patternName = generic_password severity = medium line = 58 matchedText = mock_set...ass"
Medium
Secret Pattern

Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.py

skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.pyView on unpkg · L58
99patternName = generic_password severity = medium line = 99 matchedText = mock_set...ass"
Medium
Secret Pattern

Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.py

skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.pyView on unpkg · L99
119patternName = generic_password severity = medium line = 119 matchedText = mock_set...ass"
Medium
Secret Pattern

Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.py

skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.pyView on unpkg · L119
140patternName = generic_password severity = medium line = 140 matchedText = mock_set...ass"
Medium
Secret Pattern

Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.py

skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.pyView on unpkg · L140
156patternName = generic_password severity = medium line = 156 matchedText = mock_set...ass"
Medium
Secret Pattern

Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.py

skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.pyView on unpkg · L156
175patternName = generic_password severity = medium line = 175 matchedText = mock_set...ass"
Medium
Secret Pattern

Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.py

skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.pyView on unpkg · L175
216patternName = generic_password severity = medium line = 216 matchedText = mock_set...ass"
Medium
Secret Pattern

Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.py

skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.pyView on unpkg · L216
263patternName = generic_password severity = medium line = 263 matchedText = mock_set...ass"
Medium
Secret Pattern

Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.py

skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.pyView on unpkg · L263
304patternName = generic_password severity = medium line = 304 matchedText = mock_set...ass"
Medium
Secret Pattern

Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.py

skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.pyView on unpkg · L304
331patternName = generic_password severity = medium line = 331 matchedText = mock_set...ass"
Medium
Secret Pattern

Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.py

skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.pyView on unpkg · L331
357patternName = generic_password severity = medium line = 357 matchedText = mock_set...ass"
Medium
Secret Pattern

Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.py

skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.pyView on unpkg · L357
385patternName = generic_password severity = medium line = 385 matchedText = mock_set...ass"
Medium
Secret Pattern

Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.py

skills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.pyView on unpkg · L385
skills/vds-skill/runtime/jira_orchestrator/tests/test_application_properties.pyView file
33patternName = generic_password severity = medium line = 33 matchedText = mock_set...ass"
Medium
Secret Pattern

Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_application_properties.py

skills/vds-skill/runtime/jira_orchestrator/tests/test_application_properties.pyView on unpkg · L33
skills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.pyView file
17patternName = generic_password severity = medium line = 17 matchedText = mock_set...ass"
Medium
Secret Pattern

Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.py

skills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.pyView on unpkg · L17
47patternName = generic_password severity = medium line = 47 matchedText = mock_set...ass"
Medium
Secret Pattern

Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.py

skills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.pyView on unpkg · L47
82patternName = generic_password severity = medium line = 82 matchedText = mock_set...ass"
Medium
Secret Pattern

Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.py

skills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.pyView on unpkg · L82
102patternName = generic_password severity = medium line = 102 matchedText = mock_set...ass"
Medium
Secret Pattern

Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.py

skills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.pyView on unpkg · L102
129patternName = generic_password severity = medium line = 129 matchedText = mock_set...ass"
Medium
Secret Pattern

Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.py

skills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.pyView on unpkg · L129
149patternName = generic_password severity = medium line = 149 matchedText = mock_set...ass"
Medium
Secret Pattern

Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.py

skills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.pyView on unpkg · L149
173patternName = generic_password severity = medium line = 173 matchedText = mock_set...ass"
Medium
Secret Pattern

Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.py

skills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.pyView on unpkg · L173
197patternName = generic_password severity = medium line = 197 matchedText = mock_set...ass"
Medium
Secret Pattern

Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.py

skills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.pyView on unpkg · L197
217patternName = generic_password severity = medium line = 217 matchedText = mock_set...ass"
Medium
Secret Pattern

Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.py

skills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.pyView on unpkg · L217
237patternName = generic_password severity = medium line = 237 matchedText = mock_set...ass"
Medium
Secret Pattern

Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.py

skills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.pyView on unpkg · L237
skills/vds-skill/runtime/jira_orchestrator/tests/test_issue_archiving.pyView file
33patternName = generic_password severity = medium line = 33 matchedText = mock_set...ass"
Medium
Secret Pattern

Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_issue_archiving.py

skills/vds-skill/runtime/jira_orchestrator/tests/test_issue_archiving.pyView on unpkg · L33
skills/vds-skill/runtime/jira_orchestrator/tests/test_version_management.pyView file
22patternName = generic_password severity = medium line = 22 matchedText = mock_set...ass"
Medium
Secret Pattern

Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_version_management.py

skills/vds-skill/runtime/jira_orchestrator/tests/test_version_management.pyView on unpkg · L22
55patternName = generic_password severity = medium line = 55 matchedText = mock_set...ass"
Medium
Secret Pattern

Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_version_management.py

skills/vds-skill/runtime/jira_orchestrator/tests/test_version_management.pyView on unpkg · L55
85patternName = generic_password severity = medium line = 85 matchedText = mock_set...ass"
Medium
Secret Pattern

Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_version_management.py

skills/vds-skill/runtime/jira_orchestrator/tests/test_version_management.pyView on unpkg · L85
133patternName = generic_password severity = medium line = 133 matchedText = mock_set...ass"
Medium
Secret Pattern

Hardcoded password in skills/vds-skill/runtime/jira_orchestrator/tests/test_version_management.py

skills/vds-skill/runtime/jira_orchestrator/tests/test_version_management.pyView on unpkg · L133

Findings

2 Critical6 High37 Medium5 Low
CriticalCritical Secretskills/vds-skill/runtime/pdf_orchestrator/tests/conftest.py
CriticalPrevious Version Dangerous Deltapackages/core/dist/providers/default-adapters.js
HighInstall Time Lifecycle Scriptspackage.json
HighChild Processpackages/core/dist/providers/command-provider.js
HighShellskills/vds-skill/install-deps.mjs
HighRuntime Package Installpackages/cli/dist/commands/install.js
HighShips High Entropy Blobskills/vds-skill/runtime/pdf_orchestrator/cli_verification_test/test.pdf
HighPayload In Excluded Dirskills/vds-skill/runtime/vds_cli/tests/unit/test_cli_DOC004.py
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumDynamic Requirescripts/postinstall.js
MediumNetwork
MediumEnvironment Vars
MediumProtestware
MediumShips Build Helperscripts/win-vm-prereqs.ps1
MediumStructural Risk Force Deep Review
MediumSecret Patternskills/vds-skill/runtime/vds_cli/tests/unit/test_cli.py
MediumSecret Patternskills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.py
MediumSecret Patternskills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.py
MediumSecret Patternskills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.py
MediumSecret Patternskills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.py
MediumSecret Patternskills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.py
MediumSecret Patternskills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.py
MediumSecret Patternskills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.py
MediumSecret Patternskills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.py
MediumSecret Patternskills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.py
MediumSecret Patternskills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.py
MediumSecret Patternskills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.py
MediumSecret Patternskills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.py
MediumSecret Patternskills/vds-skill/runtime/jira_orchestrator/tests/test_bulk_operations.py
MediumSecret Patternskills/vds-skill/runtime/jira_orchestrator/tests/test_application_properties.py
MediumSecret Patternskills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.py
MediumSecret Patternskills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.py
MediumSecret Patternskills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.py
MediumSecret Patternskills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.py
MediumSecret Patternskills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.py
MediumSecret Patternskills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.py
MediumSecret Patternskills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.py
MediumSecret Patternskills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.py
MediumSecret Patternskills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.py
MediumSecret Patternskills/vds-skill/runtime/jira_orchestrator/tests/test_user_management.py
MediumSecret Patternskills/vds-skill/runtime/jira_orchestrator/tests/test_issue_archiving.py
MediumSecret Patternskills/vds-skill/runtime/jira_orchestrator/tests/test_version_management.py
MediumSecret Patternskills/vds-skill/runtime/jira_orchestrator/tests/test_version_management.py
MediumSecret Patternskills/vds-skill/runtime/jira_orchestrator/tests/test_version_management.py
MediumSecret Patternskills/vds-skill/runtime/jira_orchestrator/tests/test_version_management.py
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings