registry  /  @oxide/skepsis  /  0.2.0

@oxide/skepsis@0.2.0

> [σκέψις](https://www.perseus.tufts.edu/hopper/text?doc=Perseus:text:1999.04.0057:entry=ske/yis): viewing, perception by the senses. Examination, speculation, consideration.

AI Security Review

scanned 23h ago · by lpm-firewall-ai

No confirmed malicious attack surface. The package is a user-invoked local code review UI that shells out to git/jj and serves local diff data to its bundled frontend.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
User runs the skepsis CLI
Impact
Displays local VCS diffs and can write explicit review comments/viewed state; no exfiltration or persistence observed
Mechanism
local diff server with VCS command execution and optional source comment insertion
Rationale
Scanner hits are explained by the package's documented local review workflow: it invokes git/jj, serves a localhost UI, and writes local review state/comments only after CLI/UI actions. There is no install-time execution, external endpoint, credential collection, broad agent control-surface mutation, or unconsented persistence.
Evidence
package.jsonREADME.mddist/cli.js~/.local/share/skepsis/<cwd-hash>.viewed<cwd>/<reviewed file>
Network endpoints1
localhost:<port>

Decision evidence

public snapshot
AI called this Clean at 93.0% confidence as Benign with low false-positive risk.
Evidence for block
    Evidence against
    • package.json has no install/postinstall lifecycle scripts; only bin skepsis -> dist/cli.js
    • dist/cli.js starts a local Hono HTTP server for a browser diff UI, bound to localhost by default
    • Command execution is package-aligned: git/jj diff/show/root/rev-parse and OS opener after explicit CLI invocation
    • Writes are package-aligned: viewed state under ~/.local/share/skepsis and user-requested review comments into cwd files
    • No external network endpoints found; URLs are localhost, docs, or README/repository links
    • No AI-agent control-surface writes, persistence hooks, credential harvesting, or exfiltration found
    Behavioral surface
    Source
    ChildProcessCryptoDynamicRequireEnvironmentVarsEvalFilesystemNativeBindingsNetworkShell
    Supply chain
    HighEntropyStringsMinifiedObfuscatedUrlStrings
    Manifest
    NoLicense
    scanned 309 file(s), 10.5 MB of source, external domains: base-ui.com, github.com, json-schema.org, react.dev, www.w3.org

    Source & flagged code

    7 flagged · loading source
    dist/web/assets/php-BOW3iyEw.jsView file
    1import{t as e}from"./javascript-CUcfEIt4.js";import{t}from"./css-CLTVB3E9.js";import{t as n}from"./html-CLjy_qNo.js";import{t as r}from"./xml-gk-jR5pP.js";import{t as i}from"./json...
    High
    Child Process

    Package source references child process execution.

    dist/web/assets/php-BOW3iyEw.jsView on unpkg · L1
    dist/cli.jsView file
    1#!/usr/bin/env node L2: import { execFileSync, spawn } from "child_process"; L3: import fs, { existsSync } from "node:fs"; ... L8: import { stripVTControlCharacters } from "node:util"; L9: import { createServer } from "http"; L10: import { Http2ServerRequest, constants } from "http2"; ... L36: * Constructs the CommanderError class L37: * @param {number} exitCode suggested exit code which could be used with process.exit L38: * @param {string} code an id string representing the error ... L177: * @return {string} L178: * @private L179: */
    Critical
    Command Output Exfiltration

    Source executes local commands and sends command output to an external endpoint.

    dist/cli.jsView on unpkg · L1
    1Trigger-reachable chain: manifest.bin -> dist/cli.js L1: #!/usr/bin/env node L2: import { execFileSync, spawn } from "child_process"; L3: import fs, { existsSync } from "node:fs"; ... L8: import { stripVTControlCharacters } from "node:util"; L9: import { createServer } from "http"; L10: import { Http2ServerRequest, constants } from "http2"; ... L36: * Constructs the CommanderError class L37: * @param {number} exitCode suggested exit code which could be used with process.exit L38: * @param {string} code an id string representing the error ... L177: * @return {string} L178: * @private L179: */
    Critical
    Trigger Reachable Dangerous Capability

    A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.

    dist/cli.jsView on unpkg · L1
    1772if (process$1.versions?.electron) parseOptions.from = "electron"; L1773: const execArgv = process$1.execArgv ?? []; L1774: if (execArgv.includes("-e") || execArgv.includes("--eval") || execArgv.includes("-p") || execArgv.includes("--print")) parseOptions.from = "eval";
    High
    Shell

    Package source references shell execution.

    dist/cli.jsView on unpkg · L1772
    18514try { L18515: new Function(""); L18516: return true;
    High
    Eval

    Package source references dynamic code evaluation.

    dist/cli.jsView on unpkg · L18514
    22338if (shouldAutoOpen) viteArgs.push("--open"); L22339: const vite = spawn("npx", viteArgs, { L22340: cwd: checkoutRoot, ... L22342: env: { L22343: ...process.env, L22344: API_HOST: hostname, ... L22349: } else if (shouldAutoOpen) { L22350: const url = `http://localhost:${apiPort}`; L22351: const { cmd, args } = urlOpenCommand(url);
    High
    Same File Env Network Execution

    A single source file combines environment access, network access, and code or shell execution; review context before blocking.

    dist/cli.jsView on unpkg · L22338
    dist/web/assets/typescript-BzMquqD6.jsView file
    1import{t as e}from"./index-BqGAkKqx.js";var t=e({default:()=>n}),n=[Object.freeze(JSON.parse('{"displayName":"TypeScript","name":"typescript","patterns":[{"include":"#directives"},...
    Medium
    Dynamic Require

    Package source references dynamic require/import behavior.

    dist/web/assets/typescript-BzMquqD6.jsView on unpkg · L1

    Findings

    2 Critical4 High4 Medium6 Low
    CriticalCommand Output Exfiltrationdist/cli.js
    CriticalTrigger Reachable Dangerous Capabilitydist/cli.js
    HighChild Processdist/web/assets/php-BOW3iyEw.js
    HighShelldist/cli.js
    HighEvaldist/cli.js
    HighSame File Env Network Executiondist/cli.js
    MediumDynamic Requiredist/web/assets/typescript-BzMquqD6.js
    MediumNetwork
    MediumEnvironment Vars
    MediumStructural Risk Force Deep Review
    LowScripts Present
    LowFilesystem
    LowObfuscated
    LowHigh Entropy Strings
    LowUrl Strings
    LowNo License