registry  /  @sofagent/audit  /  1.0.1

@sofagent/audit@1.0.1

sofagent 提交时审计——扫描 git diff,检查 Agent 是否遵守工作纪律

AI Security Review

scanned 2h ago · by lpm-firewall-ai

No unconsented install-time behavior is present. The package can install a repository pre-commit hook after an explicit user command, and can send audit warnings to a user-configured webhook.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs `sofagent-audit --install-hook` or `sofagent-audit --init`; webhook requires explicit platform and URL configuration.
Impact
Future commits invoke the audit CLI; configured webhook receives warning/failure summaries.
Mechanism
Explicit Git-hook setup and opt-in audit-result webhook delivery.
Rationale
Source inspection does not support the scanner's malicious label. The explicit VCS-hook installation is a real lifecycle/persistence risk that warrants a warning, but no concrete malicious chain was found.
Evidence
package.jsondist/index.jsdist/commands/init.jshooks/pre-commitdist/webhook.js.git/hooks/pre-commit.sofagent/config.yml

Decision evidence

public snapshot
AI called this Suspicious at 88.0% confidence as Benign with low false-positive risk.
Evidence for warning
  • `dist/index.js` installs an executable `.git/hooks/pre-commit` only with `--install-hook`.
  • `dist/commands/init.js` explicitly creates `.sofagent/config.yml` and installs the same Git hook.
  • `hooks/pre-commit` runs `sofagent-audit` on future commits, creating user-approved local persistence.
  • `dist/webhook.js` POSTs audit warnings only when a user supplies webhook platform and URL.
Evidence against
  • `package.json` has no `preinstall`, `install`, or `postinstall` lifecycle hook.
  • No hard-coded network endpoint, credential harvesting, remote payload loading, `eval`, or shell-string execution was found.
  • Child-process calls use fixed local tools such as `git`, `npm --version`, `df`, and `bash --version`.
  • Hook/config writes are scoped to the current repository and occur behind explicit CLI flags.
  • Webhook content is audit-rule output and is sent only to a configured user-provided URL.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsEvalFilesystemNetwork
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 51 file(s), 290 KB of source, external domains: github.com, nodejs.org, registry.npmjs.org

Source & flagged code

4 flagged · loading source
dist/env-check.jsView file
6exports.checkEnv = checkEnv; L7: const child_process_1 = require("child_process"); L8: const fs_1 = require("fs");
High
Child Process

Package source references child process execution.

dist/env-check.jsView on unpkg · L6
dist/rules/skill-safety-rules.jsView file
36// === 危险调用 (SUSPICIOUS) === L37: { pattern: /eval\(.*[^0-9"'].*\)/, category: '危险调用', severity: 'SUSPICIOUS', description: 'eval() 非常量参数' }, L38: { pattern: /os\.system\(/, category: '危险调用', severity: 'SUSPICIOUS', description: 'os.system() 系统调用' },
Low
Eval

Package source references a known benign dynamic code generation pattern.

dist/rules/skill-safety-rules.jsView on unpkg · L36
dist/verify/checks.jsView file
300// ao compose 健康检查 L301: const aoComposeOut = (0, utils_js_1.tryExec)('ao', ['compose', '--version']); L302: if (aoComposeOut) { ... L314: if (aoMajor === 0 && (aoMinor < 7 || (aoMinor === 7 && aoPatch < 5))) { L315: v.checkWarn(`ao 版本低于 0.7.5(当前 ${aoVer}),建议升级:npm install -g agency-orchestrator@0.7.5`); L316: }
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

dist/verify/checks.jsView on unpkg · L300
dist/commands/doctor.jsView file
matchType = previous_version_dangerous_delta matchedPackage = @sofagent/audit@1.0.0 matchedIdentity = npm:QHNvZmFnZW50L2F1ZGl0:1.0.0 similarity = 0.840 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/commands/doctor.jsView on unpkg

Findings

1 Critical2 High3 Medium6 Low
CriticalPrevious Version Dangerous Deltadist/commands/doctor.js
HighChild Processdist/env-check.js
HighRuntime Package Installdist/verify/checks.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowEvaldist/rules/skill-safety-rules.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings