registry  /  @oxide/skepsis  /  0.2.1

@oxide/skepsis@0.2.1

> [σκέψις](https://www.perseus.tufts.edu/hopper/text?doc=Perseus:text:1999.04.0057:entry=ske/yis): viewing, perception by the senses. Examination, speculation, consideration.

AI Security Review

scanned 1h ago · by lpm-firewall-ai

No confirmed malicious attack surface. The package is a user-invoked local code review UI that reads VCS diffs, serves them on localhost, and can write review comments or viewed state by UI/API action.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
User runs the skepsis CLI.
Impact
Displays local git/jj diffs and may modify project files only for explicit review comments; no exfiltration or install-time mutation found.
Mechanism
local diff server with VCS subprocesses and user-directed file annotations
Rationale
Static inspection shows risky primitives are package-aligned: a local review UI needs git/jj subprocesses, localhost HTTP, and user-command writes for comments/viewed state. There are no lifecycle hooks, external endpoints, credential harvesting, persistence, or unconsented AI-agent control-surface writes.
Evidence
package.jsonREADME.mddist/cli.js~/.local/share/skepsis/<cwd-hash>.viewed<cwd>/<reviewed-file>
Network endpoints2
localhost:<assignedPort><hostname>:<assignedPort>

Decision evidence

public snapshot
AI called this Clean at 90.0% confidence as Benign with low false-positive risk.
Evidence for block
  • dist/cli.js bin starts a local HTTP server and exposes comment/viewed mutation APIs when user runs skepsis.
  • dist/cli.js shells out to git/jj diff/show and opens a localhost browser as core functionality.
Evidence against
  • package.json has no preinstall/install/postinstall lifecycle hooks; only bin skepsis points to dist/cli.js.
  • README.md describes a local diff review UI that runs git/jj and writes inline review comments by user action.
  • dist/cli.js network use is local server/browser URL; no external collection endpoint found.
  • dist/cli.js child_process use is limited to git/jj diff/show, npx vite in --dev checkout mode, and OS URL opener.
  • dist/cli.js writes viewed state under ~/.local/share/skepsis and comments into cwd files via explicit API/UI actions.
  • Scanner eval hit is Zod feature detection new Function("") rather than payload execution.
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsEvalFilesystemNativeBindingsNetworkShell
Supply chain
HighEntropyStringsMinifiedObfuscatedUrlStrings
Manifest
NoLicense
scanned 309 file(s), 10.5 MB of source, external domains: base-ui.com, github.com, json-schema.org, react.dev, www.w3.org

Source & flagged code

7 flagged · loading source
dist/web/assets/php-UayGdYaW.jsView file
1import{t as e}from"./javascript-DLxVNtRj.js";import{t}from"./css-CNhrqErG.js";import{t as n}from"./html-Clvx3373.js";import{t as r}from"./xml-BJwMfLD6.js";import{t as i}from"./json...
High
Child Process

Package source references child process execution.

dist/web/assets/php-UayGdYaW.jsView on unpkg · L1
dist/cli.jsView file
1#!/usr/bin/env node L2: import { execFileSync, spawn } from "child_process"; L3: import fs, { existsSync } from "node:fs"; ... L8: import { stripVTControlCharacters } from "node:util"; L9: import { createServer } from "http"; L10: import { Http2ServerRequest, constants } from "http2"; ... L36: * Constructs the CommanderError class L37: * @param {number} exitCode suggested exit code which could be used with process.exit L38: * @param {string} code an id string representing the error ... L177: * @return {string} L178: * @private L179: */
Critical
Command Output Exfiltration

Source executes local commands and sends command output to an external endpoint.

dist/cli.jsView on unpkg · L1
1Trigger-reachable chain: manifest.bin -> dist/cli.js L1: #!/usr/bin/env node L2: import { execFileSync, spawn } from "child_process"; L3: import fs, { existsSync } from "node:fs"; ... L8: import { stripVTControlCharacters } from "node:util"; L9: import { createServer } from "http"; L10: import { Http2ServerRequest, constants } from "http2"; ... L36: * Constructs the CommanderError class L37: * @param {number} exitCode suggested exit code which could be used with process.exit L38: * @param {string} code an id string representing the error ... L177: * @return {string} L178: * @private L179: */
Critical
Trigger Reachable Dangerous Capability

A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.

dist/cli.jsView on unpkg · L1
1772if (process$1.versions?.electron) parseOptions.from = "electron"; L1773: const execArgv = process$1.execArgv ?? []; L1774: if (execArgv.includes("-e") || execArgv.includes("--eval") || execArgv.includes("-p") || execArgv.includes("--print")) parseOptions.from = "eval";
High
Shell

Package source references shell execution.

dist/cli.jsView on unpkg · L1772
18529try { L18530: new Function(""); L18531: return true;
High
Eval

Package source references dynamic code evaluation.

dist/cli.jsView on unpkg · L18529
22348if (shouldAutoOpen) viteArgs.push("--open"); L22349: const vite = spawn("npx", viteArgs, { L22350: cwd: checkoutRoot, ... L22352: env: { L22353: ...process.env, L22354: API_HOST: hostname, ... L22359: } else if (shouldAutoOpen) { L22360: const url = `http://localhost:${apiPort}`; L22361: const { cmd, args } = urlOpenCommand(url);
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

dist/cli.jsView on unpkg · L22348
dist/web/assets/sass-DXrisJhu.jsView file
1var e=[Object.freeze(JSON.parse(`{"displayName":"Sass","fileTypes":["sass"],"foldingStartMarker":"/\\\\*|^#|^\\\\*|^\\\\b|\\\\*#?region|^\\\\.","foldingStopMarker":"\\\\*/|\\\\*#?e...
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/web/assets/sass-DXrisJhu.jsView on unpkg · L1

Findings

2 Critical4 High4 Medium6 Low
CriticalCommand Output Exfiltrationdist/cli.js
CriticalTrigger Reachable Dangerous Capabilitydist/cli.js
HighChild Processdist/web/assets/php-UayGdYaW.js
HighShelldist/cli.js
HighEvaldist/cli.js
HighSame File Env Network Executiondist/cli.js
MediumDynamic Requiredist/web/assets/sass-DXrisJhu.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings
LowNo License