registry  /  @zibby/skills  /  0.1.70

@zibby/skills@0.1.70

⚠ Under review

Built-in skill definitions for the Zibby agent-workflow framework

Static Scan Results

scanned 5d ago · by rust-scanner

Static analysis flagged 14 finding(s) at 93.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessDynamicRequireEnvironmentVarsFilesystemNetwork
Supply chain
HighEntropyStringsMinifiedUrlStrings
Manifest
WildcardDependency
scanned 44 file(s), 1.02 MB of source, external domains: api-prod.zibby.app, api.anthropic.com, api.atlassian.com, api.cursor.com, api.figma.com, api.github.com, api.linear.app, api.linkedin.com, api.notion.com, api.openai.com, api.plane.so, discord.com, docs.dolthub.com, docs.google.com, docs.googleapis.com, example.com, feishu.cn, github.com, gitlab.com, sentry.io, slack.com, studio.zibby.dev, the-internet.herokuapp.com, www.googleapis.com, www.larksuite.com, www.notion.so

Source & flagged code

6 flagged · loading source
dist/git.jsView file
1import{spawn as T}from"child_process";import{existsSync as p,mkdirSync as O,readdirSync as $,statSync as j,readFileSync as R}from"fs";import{resolve as v,join as l,basename as C}fr... L2: You can clone and explore git repositories locally for codebase analysis:
High
Child Process

Package source references child process execution.

dist/git.jsView on unpkg · L1
bin/mcp-skill.mjsView file
103const modulePath = resolvePath(here, moduleArg); L104: const mod = await import(pathToFileURL(modulePath).href); L105: const skill = mod[exportName];
Medium
Dynamic Require

Package source references dynamic require/import behavior.

bin/mcp-skill.mjsView on unpkg · L103
dist/gitlab.jsView file
26- A code-review flow is: gitlab_get_mr (context + diff_refs) \u2192 gitlab_get_mr_changes (the diff) \u2192 gitlab_post_mr_discussion per inline finding \u2192 gitlab_post_mr_note ... L27: - If an inline position is rejected by GitLab (bad line anchor), fall back to gitlab_post_mr_note with the file/line in the text.`,resolve(){let u=v();if(!u)return{command:null,arg... L28: `).slice(0,30).join(`
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

dist/gitlab.jsView on unpkg · L26
dist/index.jsView file
4033. After OAuth completes, ask me to install GitHub again`},slack:{description:"Slack messages, channels, reactions",integrationProvider:"slack",envKeys:[],setupInstructions:`To con... L404: 1. Go to Settings \u2192 Integrations (https://studio.zibby.dev/integrations) L405: 2. Click "Connect Slack" and authorize ... L409: 3. After OAuth completes, ask me to install Sentry again`},runner:{description:"Run zibby test workflows from chat (parallel supported)",envKeys:[],setupInstructions:"Ready to use.... L410: `)}function xo(){if(process.env.ZIBBY_USER_TOKEN)return process.env.ZIBBY_USER_TOKEN;try{let s=Ao(To(),".zibby","config.json");return Oo(s)&&JSON.parse(Ro(s,"utf-8")).sessionToken|... L411: `)}function Ho(s,t){let e=s.cwd?qe(s.cwd,t):t;return Or(s.command,{cwd:e,encoding:"utf-8",timeout:3e4,maxBuffer:Bo,stdio:["pipe","pipe","pipe"]})||"(no output)"}function zo(s){let{... L412: You have access to the user's Sentry. Use these tools: ... L418: ${t} [${s}] ${e} L419: `;try{process.stderr.write(r)}catch{}}function ft(){X.length=0;for(let[,s]of P)if(s.status==="queued"&&(s.status="cancelled"),s.status==="running"&&s._child)try{s._child.kill("SIGT... L420: You can run zibby test
High
Command Output Exfiltration

Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.

dist/index.jsView on unpkg · L403
1import{registerSkill as N}from"@zibby/agent-workflow";import{createRequire as Ws}from"module";import{join as Zs}from"path";var Vs=Ws(import.meta.url);function Qs(){if(process.env.M... L2: If you DO NOT have access to browser tools \u2192 return {"success": false, "steps": [], "browserClosed": false, "notes": "No browser tools available"}. ... L23: L24: `)}function ae(s){return String(s||"").toLowerCase().replace(/\s+/g,"").replace(/[()\-_::"'`]/g,"")}function st(s){return ae(s).replace(/[a-z0-9]+/g,"")}function xe(s,t){let e=ae(s... L25: You have direct access to the user's Jira. Use these tools proactively: ... L77: ### Discovery L78: - github_list_repos: Lists ALL accessible repos (personal + orgs, private + public, up to 200 repos). Use to find a RELATED repo worth cloning for cross-repo context. L79: - github_search_repos: Search for a specific repo by name (e.g., "electron", "my-app") ... L116: When user just wants to "look at" or "read" files (not clone): L117: - Use github_get_file to read individual files via API`,resolve(){let s=kn();if(!s)return{command:null,args:[],env:{},description:this.description};let t={};for(let e of this.envKe... L118: `).slice(0,30).join(`
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

dist/index.jsView on unpkg · L1
dist/git-write.jsView file
matchType = previous_version_dangerous_delta matchedPackage = @zibby/skills@0.1.55 matchedIdentity = npm:QHppYmJ5L3NraWxscw:0.1.55 similarity = 0.450 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/git-write.jsView on unpkg

Findings

1 Critical4 High5 Medium4 Low
CriticalPrevious Version Dangerous Deltadist/git-write.js
HighChild Processdist/git.js
HighSame File Env Network Executiondist/gitlab.js
HighCommand Output Exfiltrationdist/index.js
HighSandbox Evasion Gated Capabilitydist/index.js
MediumDynamic Requirebin/mcp-skill.mjs
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
MediumWildcard Dependency
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings