registry  /  @pellux/goodvibes-tui  /  1.7.0

@pellux/goodvibes-tui@1.7.0

Terminal-native GoodVibes product for coding, operations, automation, knowledge, channels, and daemon-backed control-plane workflows.

AI Security Review

scanned 7d ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. Install-time code deploys GoodVibes agent extension files into the user's home directory and downloads executable release binaries. This is a first-party agent platform lifecycle extension risk, but not a confirmed foreign agent hijack or classic malware path.

Static reason
High-risk behavior combination matched malicious policy.; source matched previously finalized malicious package; routed for review
Trigger
npm/bun install lifecycle postinstall; later goodvibes/goodvibes-daemon invocation
Impact
GoodVibes runtime behavior can be influenced by package-supplied home-scope instructions; installed binaries are executed when the user runs the CLI.
Mechanism
lifecycle binary download plus first-party GoodVibes skill/agent deployment
Policy narrative
On install, the package requires Bun, fetches release binaries from its GitHub releases, verifies available SHA256 entries, places binaries under vendor/, and copies bundled GoodVibes skills/agents plus a home-scope GOODVIBES.md into ~/.goodvibes. The planted instructions are product-aligned, but lifecycle delivery of agent extension material into home scope is a meaningful agent platform risk. I did not find unconsented writes to foreign AI-agent surfaces, credential theft, exfiltration, shell/VCS persistence, or install-time daemon startup.
Rationale
The package is not clean because postinstall lifecycle code installs first-party agent instructions and executable binaries into user/home state. It does not meet the block threshold because the writes are GoodVibes-owned, package-aligned, and no foreign control-surface hijack or concrete exfiltration/persistence behavior was confirmed.
Evidence
package.jsonscripts/check-bun.shscripts/postinstall.jsbin/goodvibesbin/goodvibes-daemonbin/launcher-support.js.goodvibes/GOODVIBES.md.goodvibes/agents/reviewer.md.goodvibes/skills/add-provider/SKILL.mdsrc/runtime/sandbox-public-gaps.tssrc/input/commands/platform-sandbox-qemu.tssrc/cli/service-command.tsvendor/SHA256SUMS.txtvendor/goodvibes-<platform>vendor/goodvibes-daemon-<platform>~/.goodvibes/tui/skills~/.goodvibes/tui/agents~/.goodvibes/GOODVIBES.md
Network endpoints3
github.com/mgd34msu/goodvibes-tui/releases/download/v1.7.0/SHA256SUMS.txtgithub.com/mgd34msu/goodvibes-tui/releases/download/v1.7.0/goodvibes-linux-x64github.com/mgd34msu/goodvibes-tui/releases/download/v1.7.0/goodvibes-daemon-linux-x64

Decision evidence

public snapshot
AI called this Suspicious at 89.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • package.json defines preinstall and postinstall lifecycle hooks: scripts/check-bun.sh and scripts/postinstall.js.
  • scripts/postinstall.js downloads platform binaries during install into vendor/ and chmods them executable.
  • scripts/postinstall.js lifecycle-copies bundled agent/skill instructions into ~/.goodvibes/tui/{agents,skills} and ~/.goodvibes/GOODVIBES.md.
  • .goodvibes/GOODVIBES.md contains mandatory agent behavior instructions installed at home scope.
  • .goodvibes/agents/reviewer.md and .goodvibes/skills/add-provider/SKILL.md are package-supplied agent/skill extension content.
Evidence against
  • Lifecycle writes are under GoodVibes-owned ~/.goodvibes paths, not CLAUDE.md, Codex, Cursor, .mcp.json, shell startup, VCS hooks, or OS autostart surfaces.
  • Downloaded release assets are from the package repository release URL and checked against SHA256SUMS when a checksum entry exists.
  • No credential harvesting or exfiltration path was confirmed in inspected lifecycle/bin files.
  • Service/autostart code appears user-invoked via goodvibes service commands, not install-time.
  • QEMU/systemd and subprocess behavior in scanner-highlighted files is runtime sandbox/service functionality, not automatic install persistence.
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 486 file(s), 3.99 MB of source, external domains: 127.0.0.1, 192.168.0.85, 192.168.1.50, api.github.com, astral.sh, bluebubbles.local, bun.sh, cloud.debian.org, daemon.example.com, deno.land, discord.com, example.com, github.com, goodvibes-batch-worker.account.workers.dev, homeassistant.local, imessage-bridge.local, install.duckdb.org, matrix.example.com, mattermost.example.com, ntfy.sh, signal-bridge.local, slack.com, smba.trafficmanager.net

Source & flagged code

17 flagged · loading source
package.jsonView file
scripts.preinstall = sh scripts/check-bun.sh
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.preinstall = sh scripts/check-bun.sh
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
scripts.postinstall = bun scripts/postinstall.js
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
src/panels/modals/pairing-modal.tsView file
137patternName = generic_password severity = medium line = 137 matchedText = url: 'ht...ui',
Medium
Secret Pattern

Package contains a possible secret pattern.

src/panels/modals/pairing-modal.tsView on unpkg · L137
bin/launcher-support.jsView file
2import { createHash } from 'node:crypto'; L3: import { spawnSync } from 'node:child_process'; L4: import { join } from 'node:path';
High
Child Process

Package source references child process execution.

bin/launcher-support.jsView on unpkg · L2
matchType = normalized_sha256 matchedPackage = @pellux/goodvibes-tui@0.29.0 matchedPath = bin/launcher-support.js matchedIdentity = npm:QHBlbGx1eC9nb29kdmliZXMtdHVp:0.29.0 similarity = 1.000 summary = normalized source hash matched finalized malicious source
High
Known Malware Source Similarity

Source file is highly similar to a previously finalized malicious package; route for source-aware review.

bin/launcher-support.jsView on unpkg
src/input/commands/hooks-runtime.tsView file
120} L121: await workbench.import(path, strategy); L122: ctx.print(`Imported managed hooks from ${path} using ${strategy} strategy.`);
Medium
Dynamic Require

Package source references dynamic require/import behavior.

src/input/commands/hooks-runtime.tsView on unpkg · L120
src/verification/live-verifier.tsView file
89} L90: return `http://127.0.0.1:${port}`; L91: } ... L94: return new Promise((resolveCommand) => { L95: const child = spawn(command, args, { L96: cwd, L97: env: { ...process.env, NO_COLOR: '1' }, L98: stdio: ['ignore', 'pipe', 'pipe'],
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

src/verification/live-verifier.tsView on unpkg · L89
src/runtime/sandbox-public-gaps.tsView file
2import { dirname, resolve } from 'node:path'; L3: import { spawnSync } from 'node:child_process'; L4: import { ... L191: backend: 'local', L192: command: process.env.SHELL || 'bash', L193: args: ['-lc', `echo "goodvibes sandbox ${profile.id}: ${label}"`], ... L207: readonly status: number | null; L208: readonly stdout: string; L209: readonly stderr: string; ... L367: const authorizedKeys = publicKey L368: ? ` ssh_authorized_keys:\n - ${publicKey}\n` L369: : ' # Generate keys/goodvibes_qemu_ed25519.pub before rebuilding nocloud.iso.\n';
Critical
Persistence Backdoor

Source writes persistence or remote-access backdoor material.

src/runtime/sandbox-public-gaps.tsView on unpkg · L2
scripts/check-bun.shView file
path = scripts/check-bun.sh kind = build_helper sizeBytes = 461 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

scripts/check-bun.shView on unpkg
src/input/commands/platform-sandbox-qemu.tsView file
matchType = normalized_sha256 matchedPackage = @pellux/goodvibes-tui@0.29.0 matchedPath = src/input/commands/platform-sandbox-qemu.ts matchedIdentity = npm:QHBlbGx1eC9nb29kdmliZXMtdHVp:0.29.0 similarity = 1.000 summary = normalized source hash matched finalized malicious source
High
Known Malware Source Similarity

Source file is highly similar to a previously finalized malicious package; route for source-aware review.

src/input/commands/platform-sandbox-qemu.tsView on unpkg
src/cli/completions/generate.tsView file
matchType = normalized_sha256 matchedPackage = @pellux/goodvibes-tui@0.29.0 matchedPath = src/cli/completions/generate.ts matchedIdentity = npm:QHBlbGx1eC9nb29kdmliZXMtdHVp:0.29.0 similarity = 1.000 summary = normalized source hash matched finalized malicious source
High
Known Malware Source Similarity

Source file is highly similar to a previously finalized malicious package; route for source-aware review.

src/cli/completions/generate.tsView on unpkg
src/cli/help.tsView file
matchType = normalized_sha256 matchedPackage = @pellux/goodvibes-tui@0.29.0 matchedPath = src/cli/help.ts matchedIdentity = npm:QHBlbGx1eC9nb29kdmliZXMtdHVp:0.29.0 similarity = 1.000 summary = normalized source hash matched finalized malicious source
High
Known Malware Source Similarity

Source file is highly similar to a previously finalized malicious package; route for source-aware review.

src/cli/help.tsView on unpkg
src/runtime/sandbox-qemu-templates.tsView file
matchType = normalized_sha256 matchedPackage = @pellux/goodvibes-tui@0.29.0 matchedPath = src/runtime/sandbox-qemu-templates.ts matchedIdentity = npm:QHBlbGx1eC9nb29kdmliZXMtdHVp:0.29.0 similarity = 1.000 summary = normalized source hash matched finalized malicious source
High
Known Malware Source Similarity

Source file is highly similar to a previously finalized malicious package; route for source-aware review.

src/runtime/sandbox-qemu-templates.tsView on unpkg
src/panels/builtin-modals.tsView file
212patternName = generic_password severity = medium line = 212 matchedText = if (line...m();
Medium
Secret Pattern

Hardcoded password in src/panels/builtin-modals.ts

src/panels/builtin-modals.tsView on unpkg · L212
src/runtime/onboarding/apply.tsView file
91patternName = generic_password severity = medium line = 91 matchedText = if (line...th);
Medium
Secret Pattern

Hardcoded password in src/runtime/onboarding/apply.ts

src/runtime/onboarding/apply.tsView on unpkg · L91
src/daemon/cli.tsView file
73patternName = generic_password severity = medium line = 73 matchedText = return l...m();
Medium
Secret Pattern

Hardcoded password in src/daemon/cli.ts

src/daemon/cli.tsView on unpkg · L73

Findings

1 Critical9 High11 Medium4 Low
CriticalPersistence Backdoorsrc/runtime/sandbox-public-gaps.ts
HighInstall Time Lifecycle Scriptspackage.json
HighChild Processbin/launcher-support.js
HighShell
HighSame File Env Network Executionsrc/verification/live-verifier.ts
HighKnown Malware Source Similaritybin/launcher-support.js
HighKnown Malware Source Similaritysrc/input/commands/platform-sandbox-qemu.ts
HighKnown Malware Source Similaritysrc/cli/completions/generate.ts
HighKnown Malware Source Similaritysrc/cli/help.ts
HighKnown Malware Source Similaritysrc/runtime/sandbox-qemu-templates.ts
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumSecret Patternsrc/panels/modals/pairing-modal.ts
MediumDynamic Requiresrc/input/commands/hooks-runtime.ts
MediumNetwork
MediumEnvironment Vars
MediumShips Build Helperscripts/check-bun.sh
MediumStructural Risk Force Deep Review
MediumSecret Patternsrc/panels/builtin-modals.ts
MediumSecret Patternsrc/runtime/onboarding/apply.ts
MediumSecret Patternsrc/daemon/cli.ts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings