registry  /  @riftydev/shell  /  0.2.0

@riftydev/shell@0.2.0

Tiny bash-flavoured shell for rifty, backed by @riftydev/vfs.

AI Security Review

scanned 2h ago · by lpm-firewall-ai

No confirmed malicious attack surface. This is an interactive virtual shell whose file, Git, and optional binary-execution capabilities require explicit runtime commands and host configuration.

Static reason
One or more suspicious static signals were detected.
Trigger
Consumer constructs `Shell` and runs a command; `.bin` execution additionally requires a host-provided `execBin`.
Impact
Can alter the configured virtual filesystem or contact a user-specified Git remote, consistent with package purpose.
Mechanism
User-directed virtual shell and Git command dispatch.
Rationale
Static inspection shows a purpose-aligned browser/virtual shell, not unsolicited payload execution. Scanner network and secret signals map to Git-shell functionality and ordinary token parsing rather than exfiltration or embedded secrets.
Evidence
package.jsondist/index.jsdist/index.d.tsREADME.md

Decision evidence

public snapshot
AI called this Clean at 96.0% confidence as Benign with low false-positive risk.
Evidence for block
  • `dist/index.js` exposes an injected `execBin` callback for user-invoked `.bin` commands.
  • `dist/index.js` supports user-requested Git fetch/pull/push, including URL-like remotes.
  • Built-in shell commands can modify the configured virtual filesystem.
Evidence against
  • `package.json` has no preinstall, install, postinstall, or other lifecycle hook.
  • `dist/index.js` imports only `@riftydev` modules; no `child_process`, `eval`, `Function`, dynamic import, or network API is present.
  • The executor is host-supplied and only reached after an explicit shell command resolves a `.bin` shim.
  • No credential harvesting, external endpoint, persistence, AI-agent configuration write, or stealth import-time action was found.
Behavioral surface
Source
ChildProcessFilesystemNetwork
Supply chain
HighEntropyStrings
ManifestNo manifest risk signals triggered.
scanned 1 file(s), 180 KB of source

Source & flagged code

1 flagged · loading source
dist/index.jsView file
3700patternName = generic_password severity = medium line = 3700 matchedText = pwd: "pr...ry",
Medium
Secret Pattern

Package contains a possible secret pattern.

dist/index.jsView on unpkg · L3700

Findings

2 Medium3 Low
MediumSecret Patterndist/index.js
MediumNetwork
LowScripts Present
LowFilesystem
LowHigh Entropy Strings