registry  /  @saulwade/swl-ses  /  2.4.3

@saulwade/swl-ses@2.4.3

Sistema de ingenieria de software auto-evolutivo multi-runtime polyglot con 60 agentes, 182 habilidades, 45 comandos, 77 reglas y 49 hooks. Soporta 11 lenguajes y 7 runtimes: Claude Code, OpenClaude, OpenCode, Gemini CLI, Cursor, Codex CLI (soporte comple

AI Security Review

scanned 7d ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. No install-time malicious behavior was confirmed. The package is an AI-agent platform extension installer with broad user-invoked writes to Claude/Codex/Cursor/OpenCode/Gemini control surfaces and optional MCP/hooks/Telegram capabilities.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
Explicit CLI use such as npx swl-ses install, init, --with-mcp, or notification setup
Impact
Can add package-supplied instructions, skills, hooks, MCP config, and notification hooks to project or user AI runtime directories when the user runs installer commands.
Mechanism
user-invoked AI runtime extension and hook registration
Policy narrative
The package does not abuse npm postinstall: installation only prints a message. Risk comes from the product’s intended installer, which can place agents, skills, rules, hooks, generated AGENTS/CLAUDE-style instructions, and optional MCP/Telegram integration into AI runtime config directories. Those writes are explicit CLI-driven and mostly scoped to selected runtimes, so this is an agent extension lifecycle risk rather than confirmed malware.
Rationale
Source inspection supports a warn-level verdict: powerful AI-agent control-surface mutation exists, but it is package-aligned and activated by explicit CLI commands, not by npm lifecycle execution. No concrete credential exfiltration, hidden persistence, destructive behavior, or unconsented foreign agent hijack was confirmed.
Evidence
package.jsonbin/swl-ses.jsscripts/instalador.jsscripts/lib/hooks-settings.jsscripts/lib/transformadores/codex.jsscripts/lib/transformadores/cursor.jsscripts/lib/notificaciones-telegram.jsmanifiestos/hooks-config.jsonhooks/escaneo-secretos.jshooks/calidad-typescript.js.claude/settings.json.claude/agents/*.claude/skills/*.claude/commands/swl/*.claude/rules/*.codex/hooks.json.codex/AGENTS.md~/.codex/config.toml.cursor/mcp.json~/.claude/notifications/.env~/.claude/hooks/*.agents/skills/*
Network endpoints3
api.telegram.orgregistry.npmjs.org/api.github.com

Decision evidence

public snapshot
AI called this Suspicious at 84.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • User-invoked install copies agents/skills/hooks into AI runtimes and registers hooks in project settings via scripts/instalador.js and scripts/lib/hooks-settings.js.
  • Codex/Cursor transformers can write AGENTS.md, hooks.json, .cursor/mcp.json, and ~/.codex/config.toml when install targets those runtimes.
  • Hooks include blocking PreToolUse and broad PostToolUse/Stop/UserPromptSubmit behavior from manifiestos/hooks-config.json.
  • Optional Telegram flow writes ~/.claude/notifications/.env and global notification hooks after explicit opt-in.
Evidence against
  • package.json postinstall only echoes installation instructions; no lifecycle code executes installer or mutates agent config.
  • CLI dispatch in bin/swl-ses.js requires explicit commands such as install/init/update before writes occur.
  • MCP registration is gated by --with-mcp and Telegram credentials by interactive/headless opt-in.
  • Network use found is package-aligned: Telegram notifications, npm version checks, GitHub/registry tooling, webhook server; no credential harvesting/exfiltration path confirmed.
  • Secret scanner finding is detection regex source in hooks/escaneo-secretos.js, not an embedded secret.
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 342 file(s), 2.82 MB of source, external domains: api.github.com, cli.github.com, docs.github.com, evil.example.com, github.com, npm.pkg.github.com, registry.npmjs.org, t.me

Source & flagged code

19 flagged · loading source
package.jsonView file
scripts.postinstall = echo ' swl-software-engineering-system instalado. Ejecuta: npx swl-ses init '
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
hooks/escaneo-secretos.jsView file
65patternName = aws_access_key severity = critical line = 65 matchedText = // AKIAI...X...
Critical
Critical Secret

Package contains a critical-looking secret pattern.

hooks/escaneo-secretos.jsView on unpkg · L65
65patternName = aws_access_key severity = critical line = 65 matchedText = // AKIAI...X...
Critical
Secret Pattern

AWS access key ID in hooks/escaneo-secretos.js

hooks/escaneo-secretos.jsView on unpkg · L65
78patternName = private_key_rsa severity = critical line = 78 matchedText = // -----...----
Critical
Secret Pattern

RSA private key in hooks/escaneo-secretos.js

hooks/escaneo-secretos.jsView on unpkg · L78
78patternName = private_key_openssh severity = critical line = 78 matchedText = // -----...----
Critical
Secret Pattern

OpenSSH private key in hooks/escaneo-secretos.js

hooks/escaneo-secretos.jsView on unpkg · L78
habilidades/changelog-generator/scripts/parse-commits.jsView file
36L37: const { execSync } = require('node:child_process'); L38:
High
Child Process

Package source references child process execution.

habilidades/changelog-generator/scripts/parse-commits.jsView on unpkg · L36
26* Uso programático: L27: * const { parsearCommits, generarChangelog } = require('./parse-commits'); L28: * const { categorias, conformidad } = parsearCommits(commits);
Medium
Dynamic Require

Package source references dynamic require/import behavior.

habilidades/changelog-generator/scripts/parse-commits.jsView on unpkg · L26
hooks/lib/sync-status.jsView file
1'use strict'; L2:
Low
Weak Crypto

Package source references weak cryptographic algorithms.

hooks/lib/sync-status.jsView on unpkg · L1
scripts/lib/autostart-macos.jsView file
8* Solo LaunchAgents (nivel usuario, sin privilegios de sistema). L9: * - NUNCA hardcodea rutas absolutas. Resuelve bin/ con __dirname en runtime. L10: * - NUNCA incluye credenciales en el plist — las credenciales viven en .env. L11: * - Solo opera en process.platform === 'darwin'. Otros OS reciben error explícito. L12: * L13: * Rollback manual (si algo sale mal): L14: * launchctl unload -w ~/Library/LaunchAgents/com.swl.telegram-bot.plist L15: * rm ~/Library/LaunchAgents/com.swl.telegram-bot.plist ... L19: L20: const { execFileSync } = require('node:child_process'); L21: const path = require('node:path'); ... L50: } catch (_) {}
Medium
Install Persistence

Source writes installer persistence such as shell profile or service configuration.

scripts/lib/autostart-macos.jsView on unpkg · L8
hooks/calidad-typescript.jsView file
305try { L306: execSync('npx tsc --noEmit 2>&1', { L307: cwd: CWD, encoding: 'utf8', stdio: ['pipe','pipe','pipe'], timeout: 60_000,
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

hooks/calidad-typescript.jsView on unpkg · L305
habilidades/validacion-ci-sistema/scripts/validar-sistema.shView file
path = habilidades/validacion-ci-sistema/scripts/validar-sistema.sh kind = build_helper sizeBytes = 13731 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

habilidades/validacion-ci-sistema/scripts/validar-sistema.shView on unpkg
hooks/calidad-pre-commit.jsView file
matchType = previous_version_dangerous_delta matchedPackage = @saulwade/swl-ses@2.3.0 matchedIdentity = npm:QHNhdWx3YWRlL3N3bC1zZXM:2.3.0 similarity = 0.842 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

hooks/calidad-pre-commit.jsView on unpkg
habilidades/nestjs-experto/recursos/testing-nestjs.mdView file
52patternName = generic_password severity = medium line = 52 matchedText = password...34',
Medium
Secret Pattern

Hardcoded password in habilidades/nestjs-experto/recursos/testing-nestjs.md

habilidades/nestjs-experto/recursos/testing-nestjs.mdView on unpkg · L52
72patternName = generic_password severity = medium line = 72 matchedText = service.... }),
Medium
Secret Pattern

Hardcoded password in habilidades/nestjs-experto/recursos/testing-nestjs.md

habilidades/nestjs-experto/recursos/testing-nestjs.mdView on unpkg · L72
131patternName = generic_password severity = medium line = 131 matchedText = const dt...' };
Medium
Secret Pattern

Hardcoded password in habilidades/nestjs-experto/recursos/testing-nestjs.md

habilidades/nestjs-experto/recursos/testing-nestjs.mdView on unpkg · L131
240patternName = generic_password severity = medium line = 240 matchedText = .send({ ...' })
Medium
Secret Pattern

Hardcoded password in habilidades/nestjs-experto/recursos/testing-nestjs.md

habilidades/nestjs-experto/recursos/testing-nestjs.mdView on unpkg · L240
254patternName = generic_password severity = medium line = 254 matchedText = .send({ ...' })
Medium
Secret Pattern

Hardcoded password in habilidades/nestjs-experto/recursos/testing-nestjs.md

habilidades/nestjs-experto/recursos/testing-nestjs.mdView on unpkg · L254
261patternName = generic_password severity = medium line = 261 matchedText = const dt...' };
Medium
Secret Pattern

Hardcoded password in habilidades/nestjs-experto/recursos/testing-nestjs.md

habilidades/nestjs-experto/recursos/testing-nestjs.mdView on unpkg · L261
habilidades/gcp-cloud/SKILL.mdView file
100patternName = generic_password severity = medium line = 100 matchedText = password...ña",
Medium
Secret Pattern

Hardcoded password in habilidades/gcp-cloud/SKILL.md

habilidades/gcp-cloud/SKILL.mdView on unpkg · L100

Findings

5 Critical4 High13 Medium6 Low
CriticalCritical Secrethooks/escaneo-secretos.js
CriticalPrevious Version Dangerous Deltahooks/calidad-pre-commit.js
CriticalSecret Patternhooks/escaneo-secretos.js
CriticalSecret Patternhooks/escaneo-secretos.js
CriticalSecret Patternhooks/escaneo-secretos.js
HighInstall Time Lifecycle Scriptspackage.json
HighChild Processhabilidades/changelog-generator/scripts/parse-commits.js
HighShell
HighRuntime Package Installhooks/calidad-typescript.js
MediumDynamic Requirehabilidades/changelog-generator/scripts/parse-commits.js
MediumNetwork
MediumEnvironment Vars
MediumInstall Persistencescripts/lib/autostart-macos.js
MediumShips Build Helperhabilidades/validacion-ci-sistema/scripts/validar-sistema.sh
MediumStructural Risk Force Deep Review
MediumSecret Patternhabilidades/nestjs-experto/recursos/testing-nestjs.md
MediumSecret Patternhabilidades/nestjs-experto/recursos/testing-nestjs.md
MediumSecret Patternhabilidades/nestjs-experto/recursos/testing-nestjs.md
MediumSecret Patternhabilidades/nestjs-experto/recursos/testing-nestjs.md
MediumSecret Patternhabilidades/nestjs-experto/recursos/testing-nestjs.md
MediumSecret Patternhabilidades/nestjs-experto/recursos/testing-nestjs.md
MediumSecret Patternhabilidades/gcp-cloud/SKILL.md
LowNon Install Lifecycle Scripts
LowScripts Present
LowWeak Cryptohooks/lib/sync-status.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings