registry  /  @pellux/goodvibes-tui  /  0.28.0

@pellux/goodvibes-tui@0.28.0

Terminal-native GoodVibes product for coding, operations, automation, knowledge, channels, and daemon-backed control-plane workflows.

AI Security Review

scanned 11d ago · by lpm-firewall-ai

LPM blocks this version under the AI-agent control-surface policy. Install-time code mutates GoodVibes AI-agent control surfaces in the user's home directory. The global GOODVIBES.md file contains mandatory behavioral directives, so installing the npm package changes future agent behavior without a separate user invocation.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
npm/bun install runs package lifecycle scripts, especially postinstall.
Impact
Future GoodVibes/agent sessions may obey package-supplied global instructions and installed skills/agents; install also places downloaded executables under the package vendor directory.
Mechanism
unconsented lifecycle AI-agent control-surface mutation plus binary download
Policy narrative
On install, the package postinstall script downloads platform binaries and deploys bundled .goodvibes content into the user's home directory. The copied ~/.goodvibes/GOODVIBES.md is global agent guidance containing mandatory directives about planning, batching, WRFC, and parallel agents. This is an install-time mutation of an AI-agent control surface rather than a user-invoked configuration action.
Rationale
The decisive issue is not ordinary TUI runtime functionality, but install-time writing of global agent instructions and agent/skill files into ~/.goodvibes. That meets the firewall boundary for unconsented lifecycle AI-agent control-surface mutation, so the package should be blocked despite no confirmed credential exfiltration. Product guard normalized a non-low false-positive publish_block request to warn-only suspicious.
Evidence
package.jsonscripts/postinstall.js.goodvibes/GOODVIBES.md.goodvibes/agents/reviewer.md.goodvibes/skills/add-provider/SKILL.mdbin/launcher-support.js~/.goodvibes/GOODVIBES.md~/.goodvibes/tui/skills/*~/.goodvibes/tui/agents/*vendor/SHA256SUMS.txtvendor/goodvibes-*vendor/goodvibes-daemon-*
Network endpoints5
github.com/mgd34msu/goodvibes-tui/releases/download/v0.28.0/SHA256SUMS.txtgithub.com/mgd34msu/goodvibes-tui/releases/download/v0.28.0/goodvibes-linux-x64github.com/mgd34msu/goodvibes-tui/releases/download/v0.28.0/goodvibes-daemon-linux-x64github.com/mgd34msu/goodvibes-tui/releases/download/v0.28.0/goodvibes-macos-arm64github.com/mgd34msu/goodvibes-tui/releases/download/v0.28.0/goodvibes-daemon-macos-arm64

Decision evidence

public snapshot
AI called this Suspicious at 90.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for policy block
  • package.json defines preinstall and postinstall lifecycle hooks.
  • scripts/postinstall.js runs at install and copies bundled .goodvibes files into the user's home directory.
  • scripts/postinstall.js writes .goodvibes/GOODVIBES.md to ~/.goodvibes/GOODVIBES.md, a global AI-agent instruction surface.
  • .goodvibes/GOODVIBES.md contains mandatory directives controlling agent planning, tool use, and workflow behavior.
  • .goodvibes/agents/reviewer.md and .goodvibes/skills/add-provider/SKILL.md are installed into ~/.goodvibes/tui agent/skill directories without an explicit user command.
  • scripts/postinstall.js also downloads and installs executable release binaries into vendor/ during install.
Evidence against
  • Binary download is package-aligned to the package GitHub release path and checks a SHA256SUMS file from the same release URL.
  • No credential harvesting or off-host secret exfiltration was confirmed in inspected lifecycle files.
  • Bundled reviewer/add-provider content is not itself an obvious secret stealer or destructive payload.
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 488 file(s), 4.16 MB of source, external domains: 127.0.0.1, 192.168.0.85, api.github.com, astral.sh, bluebubbles.local, bun.sh, cloud.debian.org, daemon.example.com, deno.land, discord.com, example.com, github.com, goodvibes-batch-worker.account.workers.dev, homeassistant.local, imessage-bridge.local, install.duckdb.org, matrix.example.com, mattermost.example.com, ntfy.sh, signal-bridge.local, slack.com, smba.trafficmanager.net

Source & flagged code

11 flagged · loading source
package.jsonView file
scripts.preinstall = sh scripts/check-bun.sh
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.preinstall = sh scripts/check-bun.sh
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
scripts.postinstall = bun scripts/postinstall.js
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
src/panels/builtin/session.tsView file
35patternName = generic_password severity = medium line = 35 matchedText = return l...m();
Medium
Secret Pattern

Package contains a possible secret pattern.

src/panels/builtin/session.tsView on unpkg · L35
bin/launcher-support.jsView file
2import { createHash } from 'node:crypto'; L3: import { spawnSync } from 'node:child_process'; L4: import { join } from 'node:path';
High
Child Process

Package source references child process execution.

bin/launcher-support.jsView on unpkg · L2
src/input/commands/hooks-runtime.tsView file
120} L121: await workbench.import(path, strategy); L122: ctx.print(`Imported managed hooks from ${path} using ${strategy} strategy.`);
Medium
Dynamic Require

Package source references dynamic require/import behavior.

src/input/commands/hooks-runtime.tsView on unpkg · L120
src/verification/live-verifier.tsView file
89} L90: return `http://127.0.0.1:${port}`; L91: } ... L94: return new Promise((resolveCommand) => { L95: const child = spawn(command, args, { L96: cwd, L97: env: { ...process.env, NO_COLOR: '1' }, L98: stdio: ['ignore', 'pipe', 'pipe'],
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

src/verification/live-verifier.tsView on unpkg · L89
src/runtime/sandbox-public-gaps.tsView file
2import { dirname, resolve } from 'node:path'; L3: import { spawnSync } from 'node:child_process'; L4: import { ... L191: backend: 'local', L192: command: process.env.SHELL || 'bash', L193: args: ['-lc', `echo "goodvibes sandbox ${profile.id}: ${label}"`], ... L207: readonly status: number | null; L208: readonly stdout: string; L209: readonly stderr: string; ... L367: const authorizedKeys = publicKey L368: ? ` ssh_authorized_keys:\n - ${publicKey}\n` L369: : ' # Generate keys/goodvibes_qemu_ed25519.pub before rebuilding nocloud.iso.\n';
Critical
Persistence Backdoor

Source writes persistence or remote-access backdoor material.

src/runtime/sandbox-public-gaps.tsView on unpkg · L2
scripts/check-bun.shView file
path = scripts/check-bun.sh kind = build_helper sizeBytes = 461 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

scripts/check-bun.shView on unpkg
src/runtime/onboarding/apply.tsView file
91patternName = generic_password severity = medium line = 91 matchedText = if (line...th);
Medium
Secret Pattern

Hardcoded password in src/runtime/onboarding/apply.ts

src/runtime/onboarding/apply.tsView on unpkg · L91
src/daemon/cli.tsView file
73patternName = generic_password severity = medium line = 73 matchedText = return l...m();
Medium
Secret Pattern

Hardcoded password in src/daemon/cli.ts

src/daemon/cli.tsView on unpkg · L73

Findings

1 Critical4 High10 Medium4 Low
CriticalPersistence Backdoorsrc/runtime/sandbox-public-gaps.ts
HighInstall Time Lifecycle Scriptspackage.json
HighChild Processbin/launcher-support.js
HighShell
HighSame File Env Network Executionsrc/verification/live-verifier.ts
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumSecret Patternsrc/panels/builtin/session.ts
MediumDynamic Requiresrc/input/commands/hooks-runtime.ts
MediumNetwork
MediumEnvironment Vars
MediumShips Build Helperscripts/check-bun.sh
MediumStructural Risk Force Deep Review
MediumSecret Patternsrc/runtime/onboarding/apply.ts
MediumSecret Patternsrc/daemon/cli.ts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings