AI Security Review
scanned 5d ago · by lpm-firewall-aiNo confirmed malicious attack surface. The package exposes user-invoked deployment and smoke-test helpers that run cloud/docker commands or request project URLs.
Static reason
One or more suspicious static signals were detected.
Trigger
Explicit import and invocation of exported helpers such as deploy(), docker(), kaniko(), site(), or healthcheck().
Impact
Expected CDK deploys, Docker/Kaniko image pushes, Lambda invokes, and HTTP checks against caller/project configured endpoints.
Mechanism
User-invoked CI/deployment and smoke-test command wrappers
Rationale
Static inspection shows a small Vyriy utility package of exported deployment and smoke-test scripts with no lifecycle hook, import-time side effect, hidden persistence, exfiltration, or AI-agent hijack behavior. The risky primitives are package-aligned and require explicit user invocation with project/cloud configuration.
Evidence
package.jsonindex.jsdeploy.jsdocker.jskaniko.jsapi.jshealthcheck.jslambda.jsmfe.jssite.jswebhooks.jsREADME.mdcdk.outcdk.out/cloudformation.ymlcdk.out/cdk-outputs.jsoncdk.out/kaniko.logs.txt
Network endpoints2
vyriy.dev/docs/scripts/github.com/evheniy/vyriy
Decision evidence
public snapshotAI called this Clean at 93.0% confidence as Benign with low false-positive risk.
Evidence for block
Evidence against
- package.json has no npm lifecycle scripts or bin entries; main only re-exports modules.
- deploy.js/docker.js/kaniko.js shell commands are exported script helpers for CDK/ECR/Docker/Kaniko workflows, not install/import-time execution.
- Network requests in api.js/healthcheck.js/mfe.js/site.js/webhooks.js target URLs read from CDK outputs or caller-provided paths.
- No credential harvesting, AI-agent control-surface writes, persistence, obfuscated payloads, eval/vm, or dynamic require/import found.
- Scanner runtime_package_install appears to match README install text or npx CDK commands, not package-manager install at runtime.
Behavioral surface
ChildProcessShell
Source & flagged code
2 flagged · loading sourcekaniko.jsView file
9logger.info('Repository:', repository);
L10: await exec(`/kaniko/executor \
L11: --context "${path}" \
High
deploy.jsView file
7await exec('mkdir cdk.out');
L8: await exec('npx cdk synth > cdk.out/cloudformation.yml');
L9: await exec('npx aws-cdk diff');
High
Runtime Package Install
Package source invokes a package manager install command at runtime.
deploy.jsView on unpkg · L7Findings
3 High
HighChild Processkaniko.js
HighShell
HighRuntime Package Installdeploy.js