registry  /  @skyforgeai/skyforge-darwin-arm64  /  3.9.2

@skyforgeai/skyforge-darwin-arm64@3.9.2

SkyForge binary for darwin arm64

AI Security Review

scanned 2h ago · by lpm-firewall-ai

User-launched SkyForge MCP services can read local SkyForge/OpenCode credentials and perform authenticated operations against a configured ServiceNow instance. They also expose agent-facing tool discovery/execution and write first-party SkyForge state.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
User runs `skyforge`/`sky-code` or launches the bundled MCP service.
Impact
A user-authorized but high-privilege ServiceNow session could create or modify remote instance artifacts; no install-time compromise was confirmed.
Mechanism
Authenticated ServiceNow MCP automation with local credential and state handling.
Rationale
No concrete malicious installation or theft chain was established, so a publish block is not justified. Its credential-backed agent automation and remote ServiceNow execution capability warrant a warning classification.
Evidence
package.jsonbin/sky-codemcp/nexus.jsmcp/nexus-http.js~/.skyforge/skyforge-metrics.log~/.skyforge/.token-cache-saltINSTANCE.md

Decision evidence

public snapshot
AI called this Suspicious at 82.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • `mcp/nexus-http.js` reads SkyForge/OpenCode `auth.json` credentials and uses them for authenticated ServiceNow API access.
  • `mcp/nexus-http.js` embeds agent instructions that require silent tool discovery and exposes tool-execution workflows.
  • `mcp/nexus-http.js` persists encrypted token-cache material, session state, and `.skyforge/skyforge-metrics.log`.
  • The bundled native `bin/sky-code` is a large executable with strings indicating agent/project editing and package-management capabilities.
Evidence against
  • `package.json` has no `preinstall`, `install`, `postinstall`, or other lifecycle script.
  • Entrypoints are explicit user-invoked binaries: `bin/sky-code`, `mcp/nexus.js`, and `mcp/nexus-http.js`.
  • No concrete package-controlled remote host or silent exfiltration path was found; ServiceNow targets come from supplied credentials/configuration.
  • The reported dynamic evaluation is consistent with bundled validation/template code; no fetched payload decoded and executed was confirmed.
  • No Node child-process execution primitive was found in the inspected MCP sources.
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsEvalFilesystemNativeBindingsNetworkShellWebSocket
Supply chain
HighEntropyStringsMinifiedObfuscatedTelemetryUrlStrings
ManifestNo manifest risk signals triggered.
scanned 533 file(s), 23.7 MB of source, external domains: api.external.com, cdn.jsdelivr.net, cdnjs.cloudflare.com, company.atlassian.net, dev351277.service-now.com, dotenvx.com, github.com, goo.gl, json-schema.org, mermaid.live, oauth.provider.com, openoffice.org, opensource.org, purl.oclc.org, purl.org, raw.githubusercontent.com, schemas.microsoft.com, schemas.openxmlformats.org, schemas.zwobble.org, sheetjs.com, sheetjs.openxmlformats.org, skyforgeai.app, skyforgeai.gitbook.io, stuk.github.io, www.npmjs.com, www.w3.org, your-instance.service-now.com
Oversized source lightweight scan
mcp/nexus-http.js3.28 MB file, sampled 256 KB
FilesystemNetworkEnvironmentVarsHighEntropyStringsUrlStringsapi.external.comcompany.atlassian.netdev351277.service-now.comgithub.comskyforgeai.gitbook.io

Source & flagged code

11 flagged · loading source
packages/app/dist/assets/cobol-nwyudZeR.jsView file
1import e from"./html-GMplVEZG.js";import n from"./java-CylS5w8V.js";import"./javascript-wDzz0qaB.js";import"./css-DPfMkruS.js";const t=Object.freeze(JSON.parse(`{"displayName":"COB...
High
Child Process

Package source references child process execution.

packages/app/dist/assets/cobol-nwyudZeR.jsView on unpkg · L1
mcp/nexus.jsView file
2import{createRequire as Zc}from"node:module";var ap=Object.create;var{getPrototypeOf:sp,defineProperty:nY,getOwnPropertyNames:rp}=Object;var tp=Object.prototype.hasOwnProperty;func... L3: `:""},this._extScope=X,this._scope=new N4.Scope({parent:X}),this._nodes=[new MB]}toString(){return this._root.render(this.opts)}name(X){return this._scope.name(X)}scopeName(X){retu... L4: || (${G} == "string" && ${Z} && ${Z} == +${Z})`).assign(z,w0._`+${Z}`);return;case"integer":$.elseIf(w0._`${G} === "boolean" || ${Z} === null L5: || (${G} === "string" && ${Z} && ${Z} == +${Z} && !(${Z} % 1))`).assign(z,w0._`+${Z}`);return;case"boolean":$.elseIf(w0._`${Z} === "false" || ${Z} === 0 || ${Z} === null`).assign(z... L6: || ${G} === "boolean" || ${Z} === null`).assign(z,w0._`[${Z}]`)}}}function Ko({gen:X,parentData:Y,parentDataProperty:J},$){X.if(w0._`${Y} !== undefined`,()=>X.assign(w0._`${Y}[${J}... L7: missingProperty: ${$}, ... L14: */var V9=Gq(),p10=G0("path").extname,zq=/^\s*([^;\s]*)(?:;|\s|$)/,c10=/^text\//i;o10.charset=Kq;o10.charsets={lookup:Kq};o10.contentType=d10;o10.extension=i10;o10.extensions=Object... L15: `;S0.DEFAULT_CONTENT_TYPE="application/octet-stream";S0.prototype.append=func
Critical
Remote Asset Decode Execute

Source fetches a remote non-code asset, decodes its contents, and dynamically executes the decoded payload.

mcp/nexus.jsView on unpkg · L2
50`);let $;while(($=nH0.exec(J))!=null){let Z=$[1],Q=$[2]||"";Q=Q.trim();let G=Q[0];if(Q=Q.replace(/^(['"`])([\s\S]*)\1$/mg,"$2"),G==='"')Q=Q.replace(/\\n/g,` L51: `),Q=Q.replace(/\\r/g,"\r");Y[Z]=Q}return Y}function oH0(X){X=X||{};let Y=dp(X);X.path=Y;let J=V1.configDotenv(X);if(!J.parsed){let G=Error(`MISSING_DATA: Cannot parse ${Y} for an ... L52: `).filter((Q)=>Q),$=Math.min(...J.map((Q)=>Q.length-Q.trimStart().length)),Z=J.map((Q)=>Q.slice($)).map((Q)=>" ".repeat(this.indent*2)+Q);for(let Q of Z)this.content.push(Q)}compil...
High
Eval

Package source references dynamic code evaluation.

mcp/nexus.jsView on unpkg · L50
42${w}`;return N.pop(),`{${D}}`}case"number":return isFinite(M)?String(M):Y?Y(M):"null";case"boolean":return M===!0?"true":"false";case"undefined":return;case"bigint":if($)return Str... L43: `))}},forFunctions(X,Y,J){J.forEach(($)=>{X[$]=KZ0.warn[Y]($)})},forProperties(X,Y,J){J.forEach(($)=>{let Z=KZ0.warn[Y]($);Object.defineProperty(X,$,{get:Z,set:Z})})}}});var Bh=f((... L44: `))};wX.prototype.close=function(){if(this.transport.close)this.transport.close();if(this.transport.__winstonError)this.transport.removeListener("error",this.transport.__winstonErr... L45: `).slice(1);return J.map(function($){if($.match(/^\s*[-]{4,}$/))return Y._createParsedCallSite({fileName:$,lineNumber:null,functionName:null,typeName:null,methodName:null,columnNum... ... L50: `);let $;while(($=nH0.exec(J))!=null){let Z=$[1],Q=$[2]||"";Q=Q.trim();let G=Q[0];if(Q=Q.replace(/^(['"`])([\s\S]*)\1$/mg,"$2"),G==='"')Q=Q.replace(/\\n/g,` L51: `),Q=Q.replace(/\\r/g,"\r");Y[Z]=Q}return Y}function oH0(X){X=X||{};let Y=dp(X);X.path=Y;let J=V1.configDotenv(X);if(!J.parsed){let G=Error(`MISSING_DATA: Cannot parse ${Y} for an ... L52: `).filter((Q)=>Q),$=Math.min(...J.map((Q)=>Q.length-Q.trimStart().length)),Z=J.map((
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

mcp/nexus.jsView on unpkg · L42
2import{createRequire as Zc}from"node:module";var ap=Object.create;var{getPrototypeOf:sp,defineProperty:nY,getOwnPropertyNames:rp}=Object;var tp=Object.prototype.hasOwnProperty;func... L3: `:""},this._extScope=X,this._scope=new N4.Scope({parent:X}),this._nodes=[new MB]}toString(){return this._root.render(this.opts)}name(X){return this._scope.name(X)}scopeName(X){retu... L4: || (${G} == "string" && ${Z} && ${Z} == +${Z})`).assign(z,w0._`+${Z}`);return;case"integer":$.elseIf(w0._`${G} === "boolean" || ${Z} === null L5: || (${G} === "string" && ${Z} && ${Z} == +${Z} && !(${Z} % 1))`).assign(z,w0._`+${Z}`);return;case"boolean":$.elseIf(w0._`${Z} === "false" || ${Z} === 0 || ${Z} === null`).assign(z... L6: || ${G} === "boolean" || ${Z} === null`).assign(z,w0._`[${Z}]`)}}}function Ko({gen:X,parentData:Y,parentDataProperty:J},$){X.if(w0._`${Y} !== undefined`,()=>X.assign(w0._`${Y}[${J}... L7: missingProperty: ${$}, ... L14: */var V9=Gq(),p10=G0("path").extname,zq=/^\s*([^;\s]*)(?:;|\s|$)/,c10=/^text\//i;o10.charset=Kq;o10.charsets={lookup:Kq};o10.contentType=d10;o10.extension=i10;o10.extensions=Object... L15: `;S0.DEFAULT_CONTENT_TYPE="application/octet-stream";S0.prototype.append=func
High
Obfuscated Payload Loader

Source contains an obfuscator-style string-array loader that reconstructs and executes hidden code.

mcp/nexus.jsView on unpkg · L2
5|| (${G} === "string" && ${Z} && ${Z} == +${Z} && !(${Z} % 1))`).assign(z,w0._`+${Z}`);return;case"boolean":$.elseIf(w0._`${Z} === "false" || ${Z} === 0 || ${Z} === null`).assign(z... L6: || ${G} === "boolean" || ${Z} === null`).assign(z,w0._`[${Z}]`)}}}function Ko({gen:X,parentData:Y,parentDataProperty:J},$){X.if(w0._`${Y} !== undefined`,()=>X.assign(w0._`${Y}[${J}... L7: missingProperty: ${$},
Medium
Dynamic Require

Package source references dynamic require/import behavior.

mcp/nexus.jsView on unpkg · L5
packages/app/dist/assets/session-CnjZjtJn.jsView file
39contains invisible/control Unicode U+202A (left-to-right embedding) \`\`\``}})),r}}))}});Lt.register({name:"edit",render(e){const n=ht(),r=Ji(),i=z(()=>Wg(e.metadata.diagnostics,e.input.filePath)),t=()=>Dt(e.input.filePath??"");return s(jt,ve(e,{icon:"code-lines",get trigger(){return(()=>{var o=Rw(),a=o.fir
Critical
Trojan Source Unicode

Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.

packages/app/dist/assets/session-CnjZjtJn.jsView on unpkg · L39
bin/sky-codeView file
path = bin/sky-code kind = native_binary sizeBytes = 128412800 magicHex = [redacted]
Medium
Ships Native Binary

Package ships native binary artifacts.

bin/sky-codeView on unpkg
packages/app/dist/assets/KaTeX_Script-Regular-D3wIWfF6.woff2View file
path = packages/app/dist/assets/KaTeX_Script-Regular-D3wIWfF6.woff2 kind = high_entropy_blob sizeBytes = 9644 magicHex = [redacted]
High
Ships High Entropy Blob

Package ships high-entropy non-source blobs.

packages/app/dist/assets/KaTeX_Script-Regular-D3wIWfF6.woff2View on unpkg
mcp/nexus-http.jsView file
path = mcp/nexus-http.js kind = oversized_source_file sizeBytes = 3437972 magicHex = [redacted]
High
Oversized Source File

Package contains source files above the static scanner size ceiling.

mcp/nexus-http.jsView on unpkg
path = mcp/nexus-http.js kind = oversized_cli_entrypoint sizeBytes = 3437972 magicHex = [redacted]
Medium
Oversized Cli Entrypoint

Package contains an oversized executable-looking CLI entrypoint.

mcp/nexus-http.jsView on unpkg

Findings

2 Critical7 High6 Medium5 Low
CriticalRemote Asset Decode Executemcp/nexus.js
CriticalTrojan Source Unicodepackages/app/dist/assets/session-CnjZjtJn.js
HighChild Processpackages/app/dist/assets/cobol-nwyudZeR.js
HighShell
HighEvalmcp/nexus.js
HighSame File Env Network Executionmcp/nexus.js
HighObfuscated Payload Loadermcp/nexus.js
HighShips High Entropy Blobpackages/app/dist/assets/KaTeX_Script-Regular-D3wIWfF6.woff2
HighOversized Source Filemcp/nexus-http.js
MediumDynamic Requiremcp/nexus.js
MediumNetwork
MediumEnvironment Vars
MediumShips Native Binarybin/sky-code
MediumOversized Cli Entrypointmcp/nexus-http.js
MediumStructural Risk Force Deep Review
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowTelemetry
LowUrl Strings