registry  /  @skyforgeai/skyforge-darwin-x64  /  3.8.0

@skyforgeai/skyforge-darwin-x64@3.8.0

SkyForge binary for darwin x64

AI Security Review

scanned 14h ago · by lpm-firewall-ai

No install-time execution or confirmed malicious chain was found. MCP components run only through explicit CLI/server use and include local state/report writes consistent with the product.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
User invokes the skyforge CLI or starts its MCP server.
Impact
No confirmed credential harvesting, remote payload execution, persistence, destructive action, or unconsented agent-control mutation.
Mechanism
User-invoked native CLI and local MCP service.
Rationale
Direct inspection contradicts the scanner's remote-decode-execute implication: the flagged dynamic-code primitives are bundled library internals, and the observed fetch path is local server routing. No lifecycle hook or concrete malicious behavior was established.
Evidence
package.jsonbin/sky-codemcp/nexus.jsmcp/nexus-http.jspackages/app/dist/assets/session-eRe7mVtg.js

Decision evidence

public snapshot
AI called this Clean at 89.0% confidence as Benign with medium false-positive risk.
Evidence for block
    Evidence against
    • package.json has no preinstall/install/postinstall hooks.
    • package.json exposes only explicit skyforge/sky-code binaries.
    • mcp/nexus.js eval/new Function matches bundled validator/codegen internals, not downloaded payload execution.
    • mcp/nexus-http.js fetch usage is local HTTP request routing.
    • mcp/nexus.js writes tool exports, reports, sessions, and local SkyForge data during user-invoked MCP use.
    • bin/sky-code is a Mach-O executable; no source evidence tied it to persistence or exfiltration.
    Behavioral surface
    Source
    ChildProcessCryptoDynamicRequireEnvironmentVarsEvalFilesystemNativeBindingsNetworkShellWebSocket
    Supply chain
    HighEntropyStringsMinifiedObfuscatedTelemetryUrlStrings
    ManifestNo manifest risk signals triggered.
    scanned 532 file(s), 23.7 MB of source, external domains: api.external.com, cdn.jsdelivr.net, cdnjs.cloudflare.com, company.atlassian.net, dev351277.service-now.com, dotenvx.com, github.com, goo.gl, json-schema.org, mermaid.live, oauth.provider.com, opencode.ai, openoffice.org, opensource.org, purl.oclc.org, purl.org, raw.githubusercontent.com, schemas.microsoft.com, schemas.openxmlformats.org, schemas.zwobble.org, sheetjs.com, sheetjs.openxmlformats.org, skyforgeai.app, skyforgeai.gitbook.io, stuk.github.io, www.npmjs.com, www.w3.org, your-instance.service-now.com
    Oversized source lightweight scan
    mcp/nexus-http.js3.20 MB file, sampled 256 KB
    FilesystemNetworkEnvironmentVarsHighEntropyStringsUrlStringsapi.external.comcompany.atlassian.netdev351277.service-now.comgithub.comskyforgeai.gitbook.io

    Source & flagged code

    11 flagged · loading source
    packages/app/dist/assets/cobol-nwyudZeR.jsView file
    1import e from"./html-GMplVEZG.js";import n from"./java-CylS5w8V.js";import"./javascript-wDzz0qaB.js";import"./css-DPfMkruS.js";const t=Object.freeze(JSON.parse(`{"displayName":"COB...
    High
    Child Process

    Package source references child process execution.

    packages/app/dist/assets/cobol-nwyudZeR.jsView on unpkg · L1
    mcp/nexus.jsView file
    2import{createRequire as tp}from"node:module";var cp=Object.create;var{getPrototypeOf:ip,defineProperty:uY,getOwnPropertyNames:dp}=Object;var np=Object.prototype.hasOwnProperty;func... L3: `:""},this._extScope=X,this._scope=new O4.Scope({parent:X}),this._nodes=[new KB]}toString(){return this._root.render(this.opts)}name(X){return this._scope.name(X)}scopeName(X){retu... L4: || (${G} == "string" && ${z} && ${z} == +${z})`).assign(Q,x0._`+${z}`);return;case"integer":$.elseIf(x0._`${G} === "boolean" || ${z} === null L5: || (${G} === "string" && ${z} && ${z} == +${z} && !(${z} % 1))`).assign(Q,x0._`+${z}`);return;case"boolean":$.elseIf(x0._`${z} === "false" || ${z} === 0 || ${z} === null`).assign(Q... L6: || ${G} === "boolean" || ${z} === null`).assign(Q,x0._`[${z}]`)}}}function Jo({gen:X,parentData:Y,parentDataProperty:J},$){X.if(x0._`${Y} !== undefined`,()=>X.assign(x0._`${Y}[${J}... L7: missingProperty: ${$}, ... L14: */var G9=Xq(),D10=z0("path").extname,Yq=/^\s*([^;\s]*)(?:;|\s|$)/,_10=/^text\//i;E10.charset=Jq;E10.charsets={lookup:Jq};E10.contentType=I10;E10.extension=v10;E10.extensions=Object... L15: `;j0.DEFAULT_CONTENT_TYPE="application/octet-stream";j0.prototype.append=func
    Critical
    Remote Asset Decode Execute

    Source fetches a remote non-code asset, decodes its contents, and dynamically executes the decoded payload.

    mcp/nexus.jsView on unpkg · L2
    50`);let $;while(($=TW0.exec(J))!=null){let z=$[1],Z=$[2]||"";Z=Z.trim();let G=Z[0];if(Z=Z.replace(/^(['"`])([\s\S]*)\1$/mg,"$2"),G==='"')Z=Z.replace(/\\n/g,` L51: `),Z=Z.replace(/\\r/g,"\r");Y[z]=Z}return Y}function _W0(X){X=X||{};let Y=mp(X);X.path=Y;let J=K1.configDotenv(X);if(!J.parsed){let G=Error(`MISSING_DATA: Cannot parse ${Y} for an ... L52: `).filter((Z)=>Z),$=Math.min(...J.map((Z)=>Z.length-Z.trimStart().length)),z=J.map((Z)=>Z.slice($)).map((Z)=>" ".repeat(this.indent*2)+Z);for(let Z of z)this.content.push(Z)}compil...
    High
    Eval

    Package source references dynamic code evaluation.

    mcp/nexus.jsView on unpkg · L50
    42${w}`;return N.pop(),`{${D}}`}case"number":return isFinite(O)?String(O):Y?Y(O):"null";case"boolean":return O===!0?"true":"false";case"undefined":return;case"bigint":if($)return Str... L43: `))}},forFunctions(X,Y,J){J.forEach(($)=>{X[$]=u$0.warn[Y]($)})},forProperties(X,Y,J){J.forEach(($)=>{let z=u$0.warn[Y]($);Object.defineProperty(X,$,{get:z,set:z})})}}});var Qh=f((... L44: `))};q3.prototype.close=function(){if(this.transport.close)this.transport.close();if(this.transport.__winstonError)this.transport.removeListener("error",this.transport.__winstonErr... L45: `).slice(1);return J.map(function($){if($.match(/^\s*[-]{4,}$/))return Y._createParsedCallSite({fileName:$,lineNumber:null,functionName:null,typeName:null,methodName:null,columnNum... ... L50: `);let $;while(($=TW0.exec(J))!=null){let z=$[1],Z=$[2]||"";Z=Z.trim();let G=Z[0];if(Z=Z.replace(/^(['"`])([\s\S]*)\1$/mg,"$2"),G==='"')Z=Z.replace(/\\n/g,` L51: `),Z=Z.replace(/\\r/g,"\r");Y[z]=Z}return Y}function _W0(X){X=X||{};let Y=mp(X);X.path=Y;let J=K1.configDotenv(X);if(!J.parsed){let G=Error(`MISSING_DATA: Cannot parse ${Y} for an ... L52: `).filter((Z)=>Z),$=Math.min(...J.map((Z)=>Z.length-Z.trimStart().length)),z=J.map((
    High
    Same File Env Network Execution

    A single source file combines environment access, network access, and code or shell execution; review context before blocking.

    mcp/nexus.jsView on unpkg · L42
    2import{createRequire as tp}from"node:module";var cp=Object.create;var{getPrototypeOf:ip,defineProperty:uY,getOwnPropertyNames:dp}=Object;var np=Object.prototype.hasOwnProperty;func... L3: `:""},this._extScope=X,this._scope=new O4.Scope({parent:X}),this._nodes=[new KB]}toString(){return this._root.render(this.opts)}name(X){return this._scope.name(X)}scopeName(X){retu... L4: || (${G} == "string" && ${z} && ${z} == +${z})`).assign(Q,x0._`+${z}`);return;case"integer":$.elseIf(x0._`${G} === "boolean" || ${z} === null L5: || (${G} === "string" && ${z} && ${z} == +${z} && !(${z} % 1))`).assign(Q,x0._`+${z}`);return;case"boolean":$.elseIf(x0._`${z} === "false" || ${z} === 0 || ${z} === null`).assign(Q... L6: || ${G} === "boolean" || ${z} === null`).assign(Q,x0._`[${z}]`)}}}function Jo({gen:X,parentData:Y,parentDataProperty:J},$){X.if(x0._`${Y} !== undefined`,()=>X.assign(x0._`${Y}[${J}... L7: missingProperty: ${$}, ... L14: */var G9=Xq(),D10=z0("path").extname,Yq=/^\s*([^;\s]*)(?:;|\s|$)/,_10=/^text\//i;E10.charset=Jq;E10.charsets={lookup:Jq};E10.contentType=I10;E10.extension=v10;E10.extensions=Object... L15: `;j0.DEFAULT_CONTENT_TYPE="application/octet-stream";j0.prototype.append=func
    High
    Obfuscated Payload Loader

    Source contains an obfuscator-style string-array loader that reconstructs and executes hidden code.

    mcp/nexus.jsView on unpkg · L2
    5|| (${G} === "string" && ${z} && ${z} == +${z} && !(${z} % 1))`).assign(Q,x0._`+${z}`);return;case"boolean":$.elseIf(x0._`${z} === "false" || ${z} === 0 || ${z} === null`).assign(Q... L6: || ${G} === "boolean" || ${z} === null`).assign(Q,x0._`[${z}]`)}}}function Jo({gen:X,parentData:Y,parentDataProperty:J},$){X.if(x0._`${Y} !== undefined`,()=>X.assign(x0._`${Y}[${J}... L7: missingProperty: ${$},
    Medium
    Dynamic Require

    Package source references dynamic require/import behavior.

    mcp/nexus.jsView on unpkg · L5
    packages/app/dist/assets/session-eRe7mVtg.jsView file
    40contains invisible/control Unicode U+202A (left-to-right embedding) \`\`\``}})),r}}))}});en.register({name:"edit",render(e){const n=Ct(),r=$o(),i=E(()=>Hp(e.metadata.diagnostics,e.input.filePath)),t=()=>qt(e.input.filePath??"");return s(Vt,ke(e,{icon:"code-lines",get trigger(){return(()=>{var o=zk(),a=o.fir
    Critical
    Trojan Source Unicode

    Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.

    packages/app/dist/assets/session-eRe7mVtg.jsView on unpkg · L40
    bin/sky-codeView file
    path = bin/sky-code kind = native_binary sizeBytes = 133434384 magicHex = [redacted]
    Medium
    Ships Native Binary

    Package ships native binary artifacts.

    bin/sky-codeView on unpkg
    packages/app/dist/assets/KaTeX_Script-Regular-D3wIWfF6.woff2View file
    path = packages/app/dist/assets/KaTeX_Script-Regular-D3wIWfF6.woff2 kind = high_entropy_blob sizeBytes = 9644 magicHex = [redacted]
    High
    Ships High Entropy Blob

    Package ships high-entropy non-source blobs.

    packages/app/dist/assets/KaTeX_Script-Regular-D3wIWfF6.woff2View on unpkg
    mcp/nexus-http.jsView file
    path = mcp/nexus-http.js kind = oversized_source_file sizeBytes = 3358194 magicHex = [redacted]
    High
    Oversized Source File

    Package contains source files above the static scanner size ceiling.

    mcp/nexus-http.jsView on unpkg
    path = mcp/nexus-http.js kind = oversized_cli_entrypoint sizeBytes = 3358194 magicHex = [redacted]
    Medium
    Oversized Cli Entrypoint

    Package contains an oversized executable-looking CLI entrypoint.

    mcp/nexus-http.jsView on unpkg

    Findings

    2 Critical7 High6 Medium5 Low
    CriticalRemote Asset Decode Executemcp/nexus.js
    CriticalTrojan Source Unicodepackages/app/dist/assets/session-eRe7mVtg.js
    HighChild Processpackages/app/dist/assets/cobol-nwyudZeR.js
    HighShell
    HighEvalmcp/nexus.js
    HighSame File Env Network Executionmcp/nexus.js
    HighObfuscated Payload Loadermcp/nexus.js
    HighShips High Entropy Blobpackages/app/dist/assets/KaTeX_Script-Regular-D3wIWfF6.woff2
    HighOversized Source Filemcp/nexus-http.js
    MediumDynamic Requiremcp/nexus.js
    MediumNetwork
    MediumEnvironment Vars
    MediumShips Native Binarybin/sky-code
    MediumOversized Cli Entrypointmcp/nexus-http.js
    MediumStructural Risk Force Deep Review
    LowFilesystem
    LowObfuscated
    LowHigh Entropy Strings
    LowTelemetry
    LowUrl Strings