registry  /  @skyforgeai/skyforge-darwin-x64-baseline  /  3.8.1

@skyforgeai/skyforge-darwin-x64-baseline@3.8.1

SkyForge binary for darwin x64

AI Security Review

scanned 4h ago · by lpm-firewall-ai

No confirmed malicious attack surface. The bundled MCP server is activated by explicit user execution and makes authenticated requests only to a configured ServiceNow instance.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
User explicitly runs `skyforge` or a bundled MCP server.
Impact
Can perform the ServiceNow operations requested through its MCP tools with the user's configured permissions.
Mechanism
User-invoked ServiceNow MCP automation using local configured credentials.
Rationale
Static inspection found no install-time execution, credential exfiltration endpoint, remote payload execution, persistence, or destructive behavior. The scanner findings primarily reflect bundled dependencies and an intentionally capable, user-invoked ServiceNow MCP client.
Evidence
package.jsonmcp/nexus.jsmcp/nexus-http.jspackages/app/dist/assets/session-eRe7mVtg.jsbin/sky-code

Decision evidence

public snapshot
AI called this Clean at 87.0% confidence as Benign with medium false-positive risk.
Evidence for block
    Evidence against
    • package.json has no lifecycle scripts.
    • bin/sky-code is the only npm entrypoint and is a Mach-O executable.
    • mcp/nexus.js is an explicitly launched MCP server for configured ServiceNow APIs.
    • mcp/nexus.js reads local SkyForge/OpenCode auth config only to authenticate configured ServiceNow requests.
    • Dynamic Function/eval-like matches are bundled validator/tool analysis code; no remote decode-and-execute chain was confirmed.
    • session-eRe7mVtg.js bidi match is UI text formatting, not hidden source behavior.
    Behavioral surface
    Source
    ChildProcessCryptoDynamicRequireEnvironmentVarsEvalFilesystemNativeBindingsNetworkShellWebSocket
    Supply chain
    HighEntropyStringsMinifiedObfuscatedTelemetryUrlStrings
    ManifestNo manifest risk signals triggered.
    scanned 532 file(s), 23.7 MB of source, external domains: api.external.com, cdn.jsdelivr.net, cdnjs.cloudflare.com, company.atlassian.net, dev351277.service-now.com, dotenvx.com, github.com, goo.gl, json-schema.org, mermaid.live, oauth.provider.com, opencode.ai, openoffice.org, opensource.org, purl.oclc.org, purl.org, raw.githubusercontent.com, schemas.microsoft.com, schemas.openxmlformats.org, schemas.zwobble.org, sheetjs.com, sheetjs.openxmlformats.org, skyforgeai.app, skyforgeai.gitbook.io, stuk.github.io, www.npmjs.com, www.w3.org, your-instance.service-now.com
    Oversized source lightweight scan
    mcp/nexus-http.js3.22 MB file, sampled 256 KB
    FilesystemNetworkEnvironmentVarsHighEntropyStringsUrlStringsapi.external.comcompany.atlassian.netdev351277.service-now.comgithub.comskyforgeai.gitbook.io

    Source & flagged code

    11 flagged · loading source
    packages/app/dist/assets/cobol-nwyudZeR.jsView file
    1import e from"./html-GMplVEZG.js";import n from"./java-CylS5w8V.js";import"./javascript-wDzz0qaB.js";import"./css-DPfMkruS.js";const t=Object.freeze(JSON.parse(`{"displayName":"COB...
    High
    Child Process

    Package source references child process execution.

    packages/app/dist/assets/cobol-nwyudZeR.jsView on unpkg · L1
    mcp/nexus.jsView file
    2import{createRequire as Xc}from"node:module";var ip=Object.create;var{getPrototypeOf:np,defineProperty:pY,getOwnPropertyNames:lp}=Object;var op=Object.prototype.hasOwnProperty;func... L3: `:""},this._extScope=X,this._scope=new O4.Scope({parent:X}),this._nodes=[new UB]}toString(){return this._root.render(this.opts)}name(X){return this._scope.name(X)}scopeName(X){retu... L4: || (${Q} == "string" && ${z} && ${z} == +${z})`).assign(G,x0._`+${z}`);return;case"integer":$.elseIf(x0._`${Q} === "boolean" || ${z} === null L5: || (${Q} === "string" && ${z} && ${z} == +${z} && !(${z} % 1))`).assign(G,x0._`+${z}`);return;case"boolean":$.elseIf(x0._`${z} === "false" || ${z} === 0 || ${z} === null`).assign(G... L6: || ${Q} === "boolean" || ${z} === null`).assign(G,x0._`[${z}]`)}}}function zo({gen:X,parentData:Y,parentDataProperty:J},$){X.if(x0._`${Y} !== undefined`,()=>X.assign(x0._`${Y}[${J}... L7: missingProperty: ${$}, ... L14: */var H9=Jq(),I10=z0("path").extname,$q=/^\s*([^;\s]*)(?:;|\s|$)/,v10=/^text\//i;k10.charset=zq;k10.charsets={lookup:zq};k10.contentType=j10;k10.extension=C10;k10.extensions=Object... L15: `;j0.DEFAULT_CONTENT_TYPE="application/octet-stream";j0.prototype.append=func
    Critical
    Remote Asset Decode Execute

    Source fetches a remote non-code asset, decodes its contents, and dynamically executes the decoded payload.

    mcp/nexus.jsView on unpkg · L2
    50`);let $;while(($=jW0.exec(J))!=null){let z=$[1],Z=$[2]||"";Z=Z.trim();let Q=Z[0];if(Z=Z.replace(/^(['"`])([\s\S]*)\1$/mg,"$2"),Q==='"')Z=Z.replace(/\\n/g,` L51: `),Z=Z.replace(/\\r/g,"\r");Y[z]=Z}return Y}function EW0(X){X=X||{};let Y=up(X);X.path=Y;let J=W1.configDotenv(X);if(!J.parsed){let Q=Error(`MISSING_DATA: Cannot parse ${Y} for an ... L52: `).filter((Z)=>Z),$=Math.min(...J.map((Z)=>Z.length-Z.trimStart().length)),z=J.map((Z)=>Z.slice($)).map((Z)=>" ".repeat(this.indent*2)+Z);for(let Z of z)this.content.push(Z)}compil...
    High
    Eval

    Package source references dynamic code evaluation.

    mcp/nexus.jsView on unpkg · L50
    42${w}`;return N.pop(),`{${D}}`}case"number":return isFinite(O)?String(O):Y?Y(O):"null";case"boolean":return O===!0?"true":"false";case"undefined":return;case"bigint":if($)return Str... L43: `))}},forFunctions(X,Y,J){J.forEach(($)=>{X[$]=i$0.warn[Y]($)})},forProperties(X,Y,J){J.forEach(($)=>{let z=i$0.warn[Y]($);Object.defineProperty(X,$,{get:z,set:z})})}}});var Kh=f((... L44: `))};x3.prototype.close=function(){if(this.transport.close)this.transport.close();if(this.transport.__winstonError)this.transport.removeListener("error",this.transport.__winstonErr... L45: `).slice(1);return J.map(function($){if($.match(/^\s*[-]{4,}$/))return Y._createParsedCallSite({fileName:$,lineNumber:null,functionName:null,typeName:null,methodName:null,columnNum... ... L50: `);let $;while(($=jW0.exec(J))!=null){let z=$[1],Z=$[2]||"";Z=Z.trim();let Q=Z[0];if(Z=Z.replace(/^(['"`])([\s\S]*)\1$/mg,"$2"),Q==='"')Z=Z.replace(/\\n/g,` L51: `),Z=Z.replace(/\\r/g,"\r");Y[z]=Z}return Y}function EW0(X){X=X||{};let Y=up(X);X.path=Y;let J=W1.configDotenv(X);if(!J.parsed){let Q=Error(`MISSING_DATA: Cannot parse ${Y} for an ... L52: `).filter((Z)=>Z),$=Math.min(...J.map((Z)=>Z.length-Z.trimStart().length)),z=J.map((
    High
    Same File Env Network Execution

    A single source file combines environment access, network access, and code or shell execution; review context before blocking.

    mcp/nexus.jsView on unpkg · L42
    2import{createRequire as Xc}from"node:module";var ip=Object.create;var{getPrototypeOf:np,defineProperty:pY,getOwnPropertyNames:lp}=Object;var op=Object.prototype.hasOwnProperty;func... L3: `:""},this._extScope=X,this._scope=new O4.Scope({parent:X}),this._nodes=[new UB]}toString(){return this._root.render(this.opts)}name(X){return this._scope.name(X)}scopeName(X){retu... L4: || (${Q} == "string" && ${z} && ${z} == +${z})`).assign(G,x0._`+${z}`);return;case"integer":$.elseIf(x0._`${Q} === "boolean" || ${z} === null L5: || (${Q} === "string" && ${z} && ${z} == +${z} && !(${z} % 1))`).assign(G,x0._`+${z}`);return;case"boolean":$.elseIf(x0._`${z} === "false" || ${z} === 0 || ${z} === null`).assign(G... L6: || ${Q} === "boolean" || ${z} === null`).assign(G,x0._`[${z}]`)}}}function zo({gen:X,parentData:Y,parentDataProperty:J},$){X.if(x0._`${Y} !== undefined`,()=>X.assign(x0._`${Y}[${J}... L7: missingProperty: ${$}, ... L14: */var H9=Jq(),I10=z0("path").extname,$q=/^\s*([^;\s]*)(?:;|\s|$)/,v10=/^text\//i;k10.charset=zq;k10.charsets={lookup:zq};k10.contentType=j10;k10.extension=C10;k10.extensions=Object... L15: `;j0.DEFAULT_CONTENT_TYPE="application/octet-stream";j0.prototype.append=func
    High
    Obfuscated Payload Loader

    Source contains an obfuscator-style string-array loader that reconstructs and executes hidden code.

    mcp/nexus.jsView on unpkg · L2
    5|| (${Q} === "string" && ${z} && ${z} == +${z} && !(${z} % 1))`).assign(G,x0._`+${z}`);return;case"boolean":$.elseIf(x0._`${z} === "false" || ${z} === 0 || ${z} === null`).assign(G... L6: || ${Q} === "boolean" || ${z} === null`).assign(G,x0._`[${z}]`)}}}function zo({gen:X,parentData:Y,parentDataProperty:J},$){X.if(x0._`${Y} !== undefined`,()=>X.assign(x0._`${Y}[${J}... L7: missingProperty: ${$},
    Medium
    Dynamic Require

    Package source references dynamic require/import behavior.

    mcp/nexus.jsView on unpkg · L5
    packages/app/dist/assets/session-eRe7mVtg.jsView file
    40contains invisible/control Unicode U+202A (left-to-right embedding) \`\`\``}})),r}}))}});en.register({name:"edit",render(e){const n=Ct(),r=$o(),i=E(()=>Hp(e.metadata.diagnostics,e.input.filePath)),t=()=>qt(e.input.filePath??"");return s(Vt,ke(e,{icon:"code-lines",get trigger(){return(()=>{var o=zk(),a=o.fir
    Critical
    Trojan Source Unicode

    Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.

    packages/app/dist/assets/session-eRe7mVtg.jsView on unpkg · L40
    bin/sky-codeView file
    path = bin/sky-code kind = native_binary sizeBytes = 133797648 magicHex = [redacted]
    Medium
    Ships Native Binary

    Package ships native binary artifacts.

    bin/sky-codeView on unpkg
    packages/app/dist/assets/KaTeX_Script-Regular-D3wIWfF6.woff2View file
    path = packages/app/dist/assets/KaTeX_Script-Regular-D3wIWfF6.woff2 kind = high_entropy_blob sizeBytes = 9644 magicHex = [redacted]
    High
    Ships High Entropy Blob

    Package ships high-entropy non-source blobs.

    packages/app/dist/assets/KaTeX_Script-Regular-D3wIWfF6.woff2View on unpkg
    mcp/nexus-http.jsView file
    path = mcp/nexus-http.js kind = oversized_source_file sizeBytes = 3377202 magicHex = [redacted]
    High
    Oversized Source File

    Package contains source files above the static scanner size ceiling.

    mcp/nexus-http.jsView on unpkg
    path = mcp/nexus-http.js kind = oversized_cli_entrypoint sizeBytes = 3377202 magicHex = [redacted]
    Medium
    Oversized Cli Entrypoint

    Package contains an oversized executable-looking CLI entrypoint.

    mcp/nexus-http.jsView on unpkg

    Findings

    2 Critical7 High6 Medium5 Low
    CriticalRemote Asset Decode Executemcp/nexus.js
    CriticalTrojan Source Unicodepackages/app/dist/assets/session-eRe7mVtg.js
    HighChild Processpackages/app/dist/assets/cobol-nwyudZeR.js
    HighShell
    HighEvalmcp/nexus.js
    HighSame File Env Network Executionmcp/nexus.js
    HighObfuscated Payload Loadermcp/nexus.js
    HighShips High Entropy Blobpackages/app/dist/assets/KaTeX_Script-Regular-D3wIWfF6.woff2
    HighOversized Source Filemcp/nexus-http.js
    MediumDynamic Requiremcp/nexus.js
    MediumNetwork
    MediumEnvironment Vars
    MediumShips Native Binarybin/sky-code
    MediumOversized Cli Entrypointmcp/nexus-http.js
    MediumStructural Risk Force Deep Review
    LowFilesystem
    LowObfuscated
    LowHigh Entropy Strings
    LowTelemetry
    LowUrl Strings