registry  /  @zibby/skills  /  0.1.59

@zibby/skills@0.1.59

⚠ Under review

Built-in skill definitions for the Zibby agent-workflow framework

Static Scan Results

scanned 8d ago · by rust-scanner

Static analysis flagged 14 finding(s) at 93.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessDynamicRequireEnvironmentVarsFilesystemNetwork
Supply chain
HighEntropyStringsMinifiedUrlStrings
Manifest
WildcardDependency
scanned 41 file(s), 972 KB of source, external domains: api-prod.zibby.app, api.anthropic.com, api.atlassian.com, api.cursor.com, api.figma.com, api.github.com, api.linear.app, api.linkedin.com, api.notion.com, api.openai.com, api.plane.so, docs.dolthub.com, example.com, github.com, gitlab.com, sentry.io, slack.com, studio.zibby.dev, the-internet.herokuapp.com, www.notion.so

Source & flagged code

6 flagged · loading source
dist/git.jsView file
1import{spawn as T}from"child_process";import{existsSync as p,mkdirSync as O,readdirSync as $,statSync as j,readFileSync as R}from"fs";import{resolve as v,join as l,basename as C}fr... L2: You can clone and explore git repositories locally for codebase analysis:
High
Child Process

Package source references child process execution.

dist/git.jsView on unpkg · L1
bin/mcp-skill.mjsView file
103const modulePath = resolvePath(here, moduleArg); L104: const mod = await import(pathToFileURL(modulePath).href); L105: const skill = mod[exportName];
Medium
Dynamic Require

Package source references dynamic require/import behavior.

bin/mcp-skill.mjsView on unpkg · L103
dist/gitlab.jsView file
26- A code-review flow is: gitlab_get_mr (context + diff_refs) \u2192 gitlab_get_mr_changes (the diff) \u2192 gitlab_post_mr_discussion per inline finding \u2192 gitlab_post_mr_note ... L27: - If an inline position is rejected by GitLab (bad line anchor), fall back to gitlab_post_mr_note with the file/line in the text.`,resolve(){let u=v();if(!u)return{command:null,arg... L28: `).slice(0,30).join(`
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

dist/gitlab.jsView on unpkg · L26
dist/index.jsView file
3763. After OAuth completes, ask me to install GitHub again`},slack:{description:"Slack messages, channels, reactions",integrationProvider:"slack",envKeys:[],setupInstructions:`To con... L377: 1. Go to Settings \u2192 Integrations (https://studio.zibby.dev/integrations) L378: 2. Click "Connect Slack" and authorize ... L382: 3. After OAuth completes, ask me to install Sentry again`},runner:{description:"Run zibby test workflows from chat (parallel supported)",envKeys:[],setupInstructions:"Ready to use.... L383: `)}function gn(){if(process.env.ZIBBY_USER_TOKEN)return process.env.ZIBBY_USER_TOKEN;try{let s=fn(mn(),".zibby","config.json");return pn(s)&&JSON.parse(un(s,"utf-8")).sessionToken|... L384: `)}function jn(s,t){let e=s.cwd?Te(s.cwd,t):t;return Xt(s.command,{cwd:e,encoding:"utf-8",timeout:3e4,maxBuffer:Rn,stdio:["pipe","pipe","pipe"]})||"(no output)"}function $n(s){let{... L385: You have access to the user's Sentry. Use these tools: ... L391: ${t} [${s}] ${e} L392: `;try{process.stderr.write(r)}catch{}}function tt(){Q.length=0;for(let[,s]of P)if(s.status==="queued"&&(s.status="cancelled"),s.status==="running"&&s._child)try{s._child.kill("SIGT... L393: You can run zibby test
High
Command Output Exfiltration

Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.

dist/index.jsView on unpkg · L376
1import{registerSkill as I}from"@zibby/agent-workflow";import{createRequire as Ss}from"module";import{join as vs}from"path";var Is=Ss(import.meta.url);function Ns(){if(process.env.M... L2: If you DO NOT have access to browser tools \u2192 return {"success": false, "steps": [], "browserClosed": false, "notes": "No browser tools available"}. ... L23: L24: `)}function oe(s){return String(s||"").toLowerCase().replace(/\s+/g,"").replace(/[()\-_::"'`]/g,"")}function He(s){return oe(s).replace(/[a-z0-9]+/g,"")}function Ie(s,t){let e=oe(s... L25: You have direct access to the user's Jira. Use these tools proactively: ... L77: ### Discovery L78: - github_list_repos: Lists ALL accessible repos (personal + orgs, private + public, up to 200 repos). Use to find a RELATED repo worth cloning for cross-repo context. L79: - github_search_repos: Search for a specific repo by name (e.g., "electron", "my-app") ... L116: When user just wants to "look at" or "read" files (not clone): L117: - Use github_get_file to read individual files via API`,resolve(){let s=zs();if(!s)return{command:null,args:[],env:{},description:this.description};let t={};for(let e of this.envKe... L118: `).slice(0,30).join(`
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

dist/index.jsView on unpkg · L1
dist/datasetStore.jsView file
matchType = previous_version_dangerous_delta matchedPackage = @zibby/skills@0.1.55 matchedIdentity = npm:QHppYmJ5L3NraWxscw:0.1.55 similarity = 0.925 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version.

dist/datasetStore.jsView on unpkg

Findings

1 Critical4 High5 Medium4 Low
CriticalPrevious Version Dangerous Deltadist/datasetStore.js
HighChild Processdist/git.js
HighSame File Env Network Executiondist/gitlab.js
HighCommand Output Exfiltrationdist/index.js
HighSandbox Evasion Gated Capabilitydist/index.js
MediumDynamic Requirebin/mcp-skill.mjs
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
MediumWildcard Dependency
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings