registry  /  cabloy  /  5.1.104

cabloy@5.1.104

A Node.js fullstack framework

AI Security Review

scanned 2h ago · by lpm-firewall-ai

Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
User runs `npm run upgrade` in a marked Cabloy project; later Claude Code Write/Edit events match configured source paths.
Impact
Project-local agent behavior and build commands can be configured; no source evidence of credential exfiltration, remote payload execution, or broad host persistence.
Mechanism
Explicit project upgrade installs first-party agent assets and a local PostToolUse hook.
Rationale
Source inspection supports a warning for explicit user-command AI-agent configuration mutation and local command execution. It does not support a malicious block verdict because no unconsented install-time foreign/broad agent hijack or concrete malicious chain was found.
Evidence
package.jsonscripts/upgrade.tsscripts/release.ts.claude/settings.json.claude/hooks/contract-loop-gate.ts.husky/pre-commitvona/packages-cli/cabloy-cli/src/utils.tsvona/packages-utils/utils/src/celjs/utils.tsvona/src/suite-vendor/a-vona/modules/a-orm/src/main.tslint-staged.config.mjsvona/src/suite-vendor/a-file/modules/file-native/src/service/fileNative.ts
Network endpoints2
registry.npmjs.orgapi.anthropic.com

Decision evidence

public snapshot
AI called this Suspicious at 91.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `scripts/upgrade.ts` runs only via explicit `npm run upgrade` and merges `.claude` assets into the target project.
  • `.claude/settings.json` registers a PostToolUse command hook.
  • `.claude/hooks/contract-loop-gate.ts` spawns project `npm run` build/dependency commands after qualifying edits.
  • Root `prepare` runs `husky`, installing a VCS pre-commit hook.
Evidence against
  • No `preinstall`, `install`, or `postinstall` lifecycle hook is present.
  • Upgrade fetches only npm registry metadata/tarball and uses fixed framework-owned copy lists.
  • The Claude hook reads edit input, writes only a temp state file, and has no network calls.
  • `new Function` is a CEL expression utility; CLI network access is an explicit update check.
  • The bidi characters are in an imported identifier, not control-flow-obscuring code.
  • No credential harvesting or non-package-aligned exfiltration was found in inspected paths.
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsEvalFilesystemNetworkShellWebSocket
Supply chain
HighEntropyStringsMinifiedObfuscatedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 2,321 file(s), 8.47 MB of source, external domains: api.anthropic.com, api.cloudflare.com, example.com, fonts.gstatic.com, github.com, imagedelivery.net, petstore.swagger.io, registry.npmjs.org, www.w3.org, zova.js.org

Source & flagged code

10 flagged · loading source
vona/env/.envView file
9patternName = blocked_file severity = critical matchedText = vona/env/.env redactedSecretContext = secretLikeLines = 7 L9: SERVER_KEYS=<redacted:24 token-like> L45: BUILD_DIALECT_DRIVERS=<redacted:24 token-like> L52: TEST_PATTERNS_IGNORE=<redacted:153 token-like> L56: DATABASE_DEFAULT_CLIENT=<redacted:27 token-like> L63: DATABASE_CLIENT_PG_PASSWORD=<redacted:0 empty> L69: DATABASE_CLIENT_MYSQL_PASSWORD=<redacted:0 empty> L76: REDIS_DEFAULT_PASSWORD=<redacted:0 empty>
Critical
Critical Secret

Package contains a critical-looking secret pattern.

vona/env/.envView on unpkg · L9
vona/packages-utils/utils/src/celjs/utils.tsView file
20fn = L21: scopeKeys && scopeKeys.length > 0 ? new Function(scopeKeys.join(','), js) : new Function(js); L22: } catch (_err) {
Low
Eval

Package source references a known benign dynamic code generation pattern.

vona/packages-utils/utils/src/celjs/utils.tsView on unpkg · L20
vona/packages-cli/cabloy-cli/src/utils.tsView file
22// version old L23: const require = createRequire(import.meta.url); L24: const pkg = require(`${packageName}/package.json`);
Medium
Dynamic Require

Package source references dynamic require/import behavior.

vona/packages-cli/cabloy-cli/src/utils.tsView on unpkg · L22
vona/src/suite-vendor/a-file/modules/file-native/src/service/fileNative.tsView file
71L72: private async _getTargetPath( L73: objectKey: string,
Low
Weak Crypto

Package source references weak cryptographic algorithms.

vona/src/suite-vendor/a-file/modules/file-native/src/service/fileNative.tsView on unpkg · L71
vona/src/suite-vendor/a-vona/modules/a-orm/src/main.tsView file
4contains invisible/control Unicode U+200C (zero width non-joiner) import { [redacted], ServiceTransactionConsistency<U+200C> } from 'vona-module-a-orm';
Critical
Trojan Source Unicode

Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.

vona/src/suite-vendor/a-vona/modules/a-orm/src/main.tsView on unpkg · L4
vona/scripts/app-init.shView file
path = vona/scripts/app-init.sh kind = build_helper sizeBytes = 128 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

vona/scripts/app-init.shView on unpkg
vona/src/suite-vendor/a-vona/modules/a-swagger/assets/static/swagger-ui-5.18.2/swagger-ui.jsView file
1patternName = generic_password severity = medium line = 1 matchedText = !functio...)));
Medium
Secret Pattern

Hardcoded password in vona/src/suite-vendor/a-vona/modules/a-swagger/assets/static/swagger-ui-5.18.2/swagger-ui.js

vona/src/suite-vendor/a-vona/modules/a-swagger/assets/static/swagger-ui-5.18.2/swagger-ui.jsView on unpkg · L1
vona/src/suite-vendor/a-vona/modules/a-swagger/assets/static/swagger-ui-5.18.2/swagger-ui-es-bundle-core.jsView file
2patternName = generic_password severity = medium line = 2 matchedText = import*a...lt};
Medium
Secret Pattern

Hardcoded password in vona/src/suite-vendor/a-vona/modules/a-swagger/assets/static/swagger-ui-5.18.2/swagger-ui-es-bundle-core.js

vona/src/suite-vendor/a-vona/modules/a-swagger/assets/static/swagger-ui-5.18.2/swagger-ui-es-bundle-core.jsView on unpkg · L2
vona/src/suite-vendor/a-vona/modules/a-swagger/assets/static/swagger-ui-5.18.2/swagger-ui-bundle.jsView file
2patternName = generic_password severity = medium line = 2 matchedText = !functio...)));
Medium
Secret Pattern

Hardcoded password in vona/src/suite-vendor/a-vona/modules/a-swagger/assets/static/swagger-ui-5.18.2/swagger-ui-bundle.js

vona/src/suite-vendor/a-vona/modules/a-swagger/assets/static/swagger-ui-5.18.2/swagger-ui-bundle.jsView on unpkg · L2
vona/src/suite-vendor/a-vona/modules/a-swagger/assets/static/swagger-ui-5.18.2/swagger-ui-es-bundle.jsView file
2patternName = generic_password severity = medium line = 2 matchedText = (()=>{va...)();
Medium
Secret Pattern

Hardcoded password in vona/src/suite-vendor/a-vona/modules/a-swagger/assets/static/swagger-ui-5.18.2/swagger-ui-es-bundle.js

vona/src/suite-vendor/a-vona/modules/a-swagger/assets/static/swagger-ui-5.18.2/swagger-ui-es-bundle.jsView on unpkg · L2

Findings

2 Critical9 Medium8 Low
CriticalCritical Secretvona/env/.env
CriticalTrojan Source Unicodevona/src/suite-vendor/a-vona/modules/a-orm/src/main.ts
MediumDynamic Requirevona/packages-cli/cabloy-cli/src/utils.ts
MediumNetwork
MediumEnvironment Vars
MediumShips Build Helpervona/scripts/app-init.sh
MediumStructural Risk Force Deep Review
MediumSecret Patternvona/src/suite-vendor/a-vona/modules/a-swagger/assets/static/swagger-ui-5.18.2/swagger-ui.js
MediumSecret Patternvona/src/suite-vendor/a-vona/modules/a-swagger/assets/static/swagger-ui-5.18.2/swagger-ui-es-bundle-core.js
MediumSecret Patternvona/src/suite-vendor/a-vona/modules/a-swagger/assets/static/swagger-ui-5.18.2/swagger-ui-bundle.js
MediumSecret Patternvona/src/suite-vendor/a-vona/modules/a-swagger/assets/static/swagger-ui-5.18.2/swagger-ui-es-bundle.js
LowNon Install Lifecycle Scripts
LowScripts Present
LowEvalvona/packages-utils/utils/src/celjs/utils.ts
LowWeak Cryptovona/src/suite-vendor/a-file/modules/file-native/src/service/fileNative.ts
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings