registry  /  @oxide/skepsis  /  0.1.1

@oxide/skepsis@0.1.1

> [σκέψις](https://www.perseus.tufts.edu/hopper/text?doc=Perseus:text:1999.04.0057:entry=ske/yis): viewing, perception by the senses. Examination, speculation, consideration.

AI Security Review

scanned 1d ago · by lpm-firewall-ai

No confirmed malicious attack surface. The package is a user-invoked local code review UI that shells out to jj/git and serves results to a local browser frontend.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
User runs the skepsis CLI bin.
Impact
Shows local VCS diffs and can write review comments/viewed-state as documented; no external exfiltration or install-time behavior found.
Mechanism
Local diff server with VCS command execution and UI-driven file/comment writes
Rationale
Scanner findings are explained by documented, user-invoked functionality: running jj/git to obtain diffs, serving a localhost UI, and writing review comments/viewed state. There is no lifecycle execution, external network destination, credential collection, persistence, or unconsented agent-control mutation.
Evidence
package.jsonREADME.mddist/cli.js~/.local/share/skepsis/<cwd-hash>.viewed<cwd>/<diff-file>
Network endpoints1
localhost:<dynamic-port>

Decision evidence

public snapshot
AI called this Clean at 93.0% confidence as Benign with low false-positive risk.
Evidence for block
    Evidence against
    • package.json has no install/postinstall lifecycle hooks; only bin maps skepsis to dist/cli.js.
    • dist/cli.js child_process usage runs package-aligned jj/git diff/show commands after user invokes CLI.
    • dist/cli.js starts a local Hono HTTP server for diff UI; default host is localhost and only logs/opens local URL.
    • dist/cli.js writes viewed state under ~/.local/share/skepsis and inserts/removes review comments in user-selected repo files via UI endpoints.
    • README.md documents local diff review behavior, jj/git shell-outs, comment insertion, and viewed-state storage.
    • No credential harvesting, external exfiltration endpoint, persistence hook, or AI-agent control-surface mutation found.
    Behavioral surface
    Source
    ChildProcessCryptoDynamicRequireEnvironmentVarsEvalFilesystemNativeBindingsNetworkShell
    Supply chain
    HighEntropyStringsMinifiedObfuscatedUrlStrings
    Manifest
    NoLicense
    scanned 309 file(s), 10.5 MB of source, external domains: base-ui.com, github.com, json-schema.org, react.dev, www.w3.org

    Source & flagged code

    7 flagged · loading source
    dist/web/assets/index-CA5iKp7g.jsView file
    160?|[ L161: \v\f…\u2028\u2029])`),t));else if(c===`posix`)if(!i&&(u===`graph`||u===`print`)){if(r===`strict`)throw Error(`POSIX class "${u}" requires min target ES2024 or non-strict accuracy`)... L162: `)),e}var Zy=Symbol(`no-token`),Qy=Symbol(`multiple-tokens`);function $y(e){let t=eb(e);if(t!=null)return t;let n=Zy,r=[],i=[],a,o=()=>{if(i.length===0||a==null){i=[],a=void 0;retu...
    High
    Child Process

    Package source references child process execution.

    dist/web/assets/index-CA5iKp7g.jsView on unpkg · L160
    dist/cli.jsView file
    1#!/usr/bin/env node L2: import { execFileSync, spawn } from "child_process"; L3: import fs, { existsSync } from "node:fs"; ... L8: import { stripVTControlCharacters } from "node:util"; L9: import { createServer } from "http"; L10: import { Http2ServerRequest, constants } from "http2"; ... L36: * Constructs the CommanderError class L37: * @param {number} exitCode suggested exit code which could be used with process.exit L38: * @param {string} code an id string representing the error ... L177: * @return {string} L178: * @private L179: */
    Critical
    Command Output Exfiltration

    Source executes local commands and sends command output to an external endpoint.

    dist/cli.jsView on unpkg · L1
    1Trigger-reachable chain: manifest.bin -> dist/cli.js L1: #!/usr/bin/env node L2: import { execFileSync, spawn } from "child_process"; L3: import fs, { existsSync } from "node:fs"; ... L8: import { stripVTControlCharacters } from "node:util"; L9: import { createServer } from "http"; L10: import { Http2ServerRequest, constants } from "http2"; ... L36: * Constructs the CommanderError class L37: * @param {number} exitCode suggested exit code which could be used with process.exit L38: * @param {string} code an id string representing the error ... L177: * @return {string} L178: * @private L179: */
    Critical
    Trigger Reachable Dangerous Capability

    A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.

    dist/cli.jsView on unpkg · L1
    1772if (process$1.versions?.electron) parseOptions.from = "electron"; L1773: const execArgv = process$1.execArgv ?? []; L1774: if (execArgv.includes("-e") || execArgv.includes("--eval") || execArgv.includes("-p") || execArgv.includes("--print")) parseOptions.from = "eval";
    High
    Shell

    Package source references shell execution.

    dist/cli.jsView on unpkg · L1772
    18514try { L18515: new Function(""); L18516: return true;
    High
    Eval

    Package source references dynamic code evaluation.

    dist/cli.jsView on unpkg · L18514
    22285if (shouldAutoOpen) viteArgs.push("--open"); L22286: const vite = spawn("npx", viteArgs, { L22287: cwd: checkoutRoot, ... L22289: env: { L22290: ...process.env, L22291: API_HOST: hostname, ... L22296: } else if (shouldAutoOpen) { L22297: const url = `http://localhost:${apiPort}`; L22298: const { cmd, args } = urlOpenCommand(url);
    High
    Same File Env Network Execution

    A single source file combines environment access, network access, and code or shell execution; review context before blocking.

    dist/cli.jsView on unpkg · L22285
    dist/web/assets/javascript-KezPQq9h.jsView file
    1import{t as e}from"./index-CA5iKp7g.js";var t=e({default:()=>n}),n=[Object.freeze(JSON.parse(`{"displayName":"JavaScript","name":"javascript","patterns":[{"include":"#directives"},...
    Medium
    Dynamic Require

    Package source references dynamic require/import behavior.

    dist/web/assets/javascript-KezPQq9h.jsView on unpkg · L1

    Findings

    2 Critical4 High4 Medium6 Low
    CriticalCommand Output Exfiltrationdist/cli.js
    CriticalTrigger Reachable Dangerous Capabilitydist/cli.js
    HighChild Processdist/web/assets/index-CA5iKp7g.js
    HighShelldist/cli.js
    HighEvaldist/cli.js
    HighSame File Env Network Executiondist/cli.js
    MediumDynamic Requiredist/web/assets/javascript-KezPQq9h.js
    MediumNetwork
    MediumEnvironment Vars
    MediumStructural Risk Force Deep Review
    LowScripts Present
    LowFilesystem
    LowObfuscated
    LowHigh Entropy Strings
    LowUrl Strings
    LowNo License