registry  /  @oxide/skepsis  /  0.0.2

@oxide/skepsis@0.0.2

> [σκέψις](https://www.perseus.tufts.edu/hopper/text?doc=Perseus:text:1999.04.0057:entry=ske/yis): viewing, perception by the senses. Examination, speculation, consideration.

AI Security Review

scanned 1d ago · by lpm-firewall-ai

No confirmed malicious attack surface. The package is a user-invoked local diff review tool with local HTTP APIs for diff viewing, viewed-state tracking, and optional review-comment insertion.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
User runs the skepsis CLI.
Impact
Runs git/jj commands against the current repo and can write review comments to working-copy files when the user uses the UI.
Mechanism
Local VCS diff viewer with local file/comment operations
Rationale
Scanner findings map to package-aligned, user-invoked local diff review behavior rather than install-time or covert attack behavior. Source inspection found no external exfiltration, lifecycle mutation, persistence, or AI-agent control hijack.
Evidence
package.jsonREADME.mddist/cli.jsdist/web/assets/index-CA5iKp7g.js~/.local/share/skepsis/<cwd-hash>.viewedworking-copy files selected through /api/comment
Network endpoints1
localhost:<assignedPort>

Decision evidence

public snapshot
AI called this Clean at 94.0% confidence as Benign with low false-positive risk.
Evidence for block
    Evidence against
    • package.json has no install/postinstall lifecycle hooks; only bin skepsis -> dist/cli.js.
    • README.md describes a local browser diff review UI using git/jj and local comment insertion.
    • dist/cli.js binds a local Hono HTTP server on localhost by default and serves bundled web assets.
    • dist/cli.js runs git/jj diff/show via argv arrays in response to explicit CLI/API use, not install/import time.
    • dist/cli.js writes viewed state only under ~/.local/share/skepsis and review comments into user-selected working-copy files.
    • No credential harvesting, external exfiltration endpoint, persistence, or AI-agent control-surface writes were found.
    Behavioral surface
    Source
    ChildProcessCryptoDynamicRequireEnvironmentVarsEvalFilesystemNativeBindingsNetworkShell
    Supply chain
    HighEntropyStringsMinifiedObfuscatedUrlStrings
    Manifest
    NoLicense
    scanned 309 file(s), 10.5 MB of source, external domains: base-ui.com, github.com, json-schema.org, react.dev, www.w3.org

    Source & flagged code

    7 flagged · loading source
    dist/web/assets/index-CA5iKp7g.jsView file
    160?|[ L161: \v\f…\u2028\u2029])`),t));else if(c===`posix`)if(!i&&(u===`graph`||u===`print`)){if(r===`strict`)throw Error(`POSIX class "${u}" requires min target ES2024 or non-strict accuracy`)... L162: `)),e}var Zy=Symbol(`no-token`),Qy=Symbol(`multiple-tokens`);function $y(e){let t=eb(e);if(t!=null)return t;let n=Zy,r=[],i=[],a,o=()=>{if(i.length===0||a==null){i=[],a=void 0;retu...
    High
    Child Process

    Package source references child process execution.

    dist/web/assets/index-CA5iKp7g.jsView on unpkg · L160
    dist/cli.jsView file
    1#!/usr/bin/env node L2: import { execFileSync, spawn } from "child_process"; L3: import fs, { existsSync } from "node:fs"; ... L8: import { stripVTControlCharacters } from "node:util"; L9: import { createServer } from "http"; L10: import { Http2ServerRequest, constants } from "http2"; ... L36: * Constructs the CommanderError class L37: * @param {number} exitCode suggested exit code which could be used with process.exit L38: * @param {string} code an id string representing the error ... L177: * @return {string} L178: * @private L179: */
    Critical
    Command Output Exfiltration

    Source executes local commands and sends command output to an external endpoint.

    dist/cli.jsView on unpkg · L1
    1Trigger-reachable chain: manifest.bin -> dist/cli.js L1: #!/usr/bin/env node L2: import { execFileSync, spawn } from "child_process"; L3: import fs, { existsSync } from "node:fs"; ... L8: import { stripVTControlCharacters } from "node:util"; L9: import { createServer } from "http"; L10: import { Http2ServerRequest, constants } from "http2"; ... L36: * Constructs the CommanderError class L37: * @param {number} exitCode suggested exit code which could be used with process.exit L38: * @param {string} code an id string representing the error ... L177: * @return {string} L178: * @private L179: */
    Critical
    Trigger Reachable Dangerous Capability

    A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.

    dist/cli.jsView on unpkg · L1
    1772if (process$1.versions?.electron) parseOptions.from = "electron"; L1773: const execArgv = process$1.execArgv ?? []; L1774: if (execArgv.includes("-e") || execArgv.includes("--eval") || execArgv.includes("-p") || execArgv.includes("--print")) parseOptions.from = "eval";
    High
    Shell

    Package source references shell execution.

    dist/cli.jsView on unpkg · L1772
    18513try { L18514: new Function(""); L18515: return true;
    High
    Eval

    Package source references dynamic code evaluation.

    dist/cli.jsView on unpkg · L18513
    22284if (shouldAutoOpen) viteArgs.push("--open"); L22285: const vite = spawn("npx", viteArgs, { L22286: cwd: checkoutRoot, ... L22288: env: { L22289: ...process.env, L22290: API_HOST: hostname, ... L22295: } else if (shouldAutoOpen) { L22296: const url = `http://localhost:${apiPort}`; L22297: const { cmd, args } = urlOpenCommand(url);
    High
    Same File Env Network Execution

    A single source file combines environment access, network access, and code or shell execution; review context before blocking.

    dist/cli.jsView on unpkg · L22284
    dist/web/assets/javascript-KezPQq9h.jsView file
    1import{t as e}from"./index-CA5iKp7g.js";var t=e({default:()=>n}),n=[Object.freeze(JSON.parse(`{"displayName":"JavaScript","name":"javascript","patterns":[{"include":"#directives"},...
    Medium
    Dynamic Require

    Package source references dynamic require/import behavior.

    dist/web/assets/javascript-KezPQq9h.jsView on unpkg · L1

    Findings

    2 Critical4 High4 Medium6 Low
    CriticalCommand Output Exfiltrationdist/cli.js
    CriticalTrigger Reachable Dangerous Capabilitydist/cli.js
    HighChild Processdist/web/assets/index-CA5iKp7g.js
    HighShelldist/cli.js
    HighEvaldist/cli.js
    HighSame File Env Network Executiondist/cli.js
    MediumDynamic Requiredist/web/assets/javascript-KezPQq9h.js
    MediumNetwork
    MediumEnvironment Vars
    MediumStructural Risk Force Deep Review
    LowScripts Present
    LowFilesystem
    LowObfuscated
    LowHigh Entropy Strings
    LowUrl Strings
    LowNo License