registry  /  @pellux/goodvibes-tui  /  0.29.0

@pellux/goodvibes-tui@0.29.0

Terminal-native GoodVibes product for coding, operations, automation, knowledge, channels, and daemon-backed control-plane workflows.

AI Security Review

scanned 9d ago · by lpm-firewall-ai

LPM blocks this version under the AI-agent control-surface policy. Install-time lifecycle code mutates the user's GoodVibes agent control surface by deploying global/project-independent agent instructions. This is unconsented AI-agent control-surface mutation even though much of the package functionality is otherwise product-aligned.

Static reason
High-risk behavior combination matched malicious policy.; previous stored version diff introduced dangerous source
Trigger
npm/bun package install running postinstall
Impact
Future GoodVibes/agent sessions can inherit package-supplied mandatory behavior and reviewer instructions outside this package.
Mechanism
postinstall copies bundled agent instruction files into ~/.goodvibes
Policy narrative
On install, the package's postinstall script runs automatically, downloads release binaries, then deploys bundled .goodvibes skills, agents, and GOODVIBES.md into the user's home directory if absent. The installed GOODVIBES.md contains mandatory behavioral directives for agents, and the reviewer archetype constrains review output. This creates a persistent agent-control influence outside the package's install directory without an explicit user command.
Rationale
Static inspection confirms an install-time write to user-level GoodVibes instruction locations containing mandatory agent directives. That constitutes unconsented lifecycle AI-agent control-surface mutation, so the package should be blocked despite otherwise package-aligned CLI/network functionality. Product guard normalized a concrete AI-agent control hijack publish_block to the blockable dangerous-capability shape.
Evidence
package.jsonscripts/postinstall.js.goodvibes/GOODVIBES.md.goodvibes/agents/reviewer.mdbin/launcher-support.js~/.goodvibes/GOODVIBES.md~/.goodvibes/tui/skills/*~/.goodvibes/tui/agents/*vendor/SHA256SUMS.txtvendor/goodvibes-*vendor/goodvibes-daemon-*
Network endpoints3
github.com/mgd34msu/goodvibes-tui/releases/download/v0.29.0/SHA256SUMS.txtgithub.com/mgd34msu/goodvibes-tui/releases/download/v0.29.0/goodvibes-linux-x64github.com/mgd34msu/goodvibes-tui/releases/download/v0.29.0/goodvibes-daemon-linux-x64

Decision evidence

public snapshot
AI called this Malicious at 93.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for policy block
  • package.json runs preinstall and postinstall lifecycle scripts.
  • scripts/postinstall.js copies bundled .goodvibes/skills and .goodvibes/agents into ~/.goodvibes/tui on install.
  • scripts/postinstall.js copies .goodvibes/GOODVIBES.md into ~/.goodvibes/GOODVIBES.md if absent.
  • .goodvibes/GOODVIBES.md contains mandatory agent directives controlling planning, parallelism, test behavior, and file-reading behavior.
  • .goodvibes/agents/reviewer.md installs an agent instruction file that constrains reviewer behavior and output.
  • postinstall also downloads executable release binaries into vendor/ and chmods them.
Evidence against
  • scripts/check-bun.sh only checks Bun availability.
  • Release binary URL is derived from the declared GitHub repository and version.
  • Downloaded binaries are checked against SHA256SUMS when checksums are present.
  • Most child_process/network use is product-aligned CLI, daemon, verifier, provider, and sandbox functionality.
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 483 file(s), 4.38 MB of source, external domains: 127.0.0.1, 192.168.0.85, api.github.com, astral.sh, bluebubbles.local, bun.sh, cloud.debian.org, daemon.example.com, deno.land, discord.com, example.com, github.com, goodvibes-batch-worker.account.workers.dev, homeassistant.local, imessage-bridge.local, install.duckdb.org, matrix.example.com, mattermost.example.com, ntfy.sh, signal-bridge.local, slack.com, smba.trafficmanager.net

Source & flagged code

12 flagged · loading source
package.jsonView file
scripts.preinstall = sh scripts/check-bun.sh
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.preinstall = sh scripts/check-bun.sh
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
scripts.postinstall = bun scripts/postinstall.js
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
src/panels/builtin/session.tsView file
35patternName = generic_password severity = medium line = 35 matchedText = return l...m();
Medium
Secret Pattern

Package contains a possible secret pattern.

src/panels/builtin/session.tsView on unpkg · L35
bin/launcher-support.jsView file
2import { createHash } from 'node:crypto'; L3: import { spawnSync } from 'node:child_process'; L4: import { join } from 'node:path';
High
Child Process

Package source references child process execution.

bin/launcher-support.jsView on unpkg · L2
src/input/commands/hooks-runtime.tsView file
120} L121: await workbench.import(path, strategy); L122: ctx.print(`Imported managed hooks from ${path} using ${strategy} strategy.`);
Medium
Dynamic Require

Package source references dynamic require/import behavior.

src/input/commands/hooks-runtime.tsView on unpkg · L120
src/verification/live-verifier.tsView file
89} L90: return `http://127.0.0.1:${port}`; L91: } ... L94: return new Promise((resolveCommand) => { L95: const child = spawn(command, args, { L96: cwd, L97: env: { ...process.env, NO_COLOR: '1' }, L98: stdio: ['ignore', 'pipe', 'pipe'],
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

src/verification/live-verifier.tsView on unpkg · L89
src/runtime/sandbox-public-gaps.tsView file
2import { dirname, resolve } from 'node:path'; L3: import { spawnSync } from 'node:child_process'; L4: import { ... L191: backend: 'local', L192: command: process.env.SHELL || 'bash', L193: args: ['-lc', `echo "goodvibes sandbox ${profile.id}: ${label}"`], ... L207: readonly status: number | null; L208: readonly stdout: string; L209: readonly stderr: string; ... L367: const authorizedKeys = publicKey L368: ? ` ssh_authorized_keys:\n - ${publicKey}\n` L369: : ' # Generate keys/goodvibes_qemu_ed25519.pub before rebuilding nocloud.iso.\n';
Critical
Persistence Backdoor

Source writes persistence or remote-access backdoor material.

src/runtime/sandbox-public-gaps.tsView on unpkg · L2
scripts/check-bun.shView file
path = scripts/check-bun.sh kind = build_helper sizeBytes = 461 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

scripts/check-bun.shView on unpkg
src/cli/completions/generate.tsView file
matchType = previous_version_dangerous_delta matchedPackage = @pellux/goodvibes-tui@0.28.0 matchedIdentity = npm:QHBlbGx1eC9nb29kdmliZXMtdHVp:0.28.0 similarity = 0.792 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

src/cli/completions/generate.tsView on unpkg
src/runtime/onboarding/apply.tsView file
91patternName = generic_password severity = medium line = 91 matchedText = if (line...th);
Medium
Secret Pattern

Hardcoded password in src/runtime/onboarding/apply.ts

src/runtime/onboarding/apply.tsView on unpkg · L91
src/daemon/cli.tsView file
73patternName = generic_password severity = medium line = 73 matchedText = return l...m();
Medium
Secret Pattern

Hardcoded password in src/daemon/cli.ts

src/daemon/cli.tsView on unpkg · L73

Findings

2 Critical4 High10 Medium4 Low
CriticalPersistence Backdoorsrc/runtime/sandbox-public-gaps.ts
CriticalPrevious Version Dangerous Deltasrc/cli/completions/generate.ts
HighInstall Time Lifecycle Scriptspackage.json
HighChild Processbin/launcher-support.js
HighShell
HighSame File Env Network Executionsrc/verification/live-verifier.ts
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumSecret Patternsrc/panels/builtin/session.ts
MediumDynamic Requiresrc/input/commands/hooks-runtime.ts
MediumNetwork
MediumEnvironment Vars
MediumShips Build Helperscripts/check-bun.sh
MediumStructural Risk Force Deep Review
MediumSecret Patternsrc/runtime/onboarding/apply.ts
MediumSecret Patternsrc/daemon/cli.ts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings