registry  /  dirextalk-deployer  /  0.1.35

dirextalk-deployer@0.1.35

Versioned Dirextalk deployer agent skill and portable deployment orchestration tools.

AI Security Review

scanned 2h ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. No unconsented install-time attack behavior is established. Explicit user commands can install this first-party deployment skill into agent-specific directories and configure a local Dirextalk bridge.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs `dirextalk-deployer skill install|update|refresh` or `bash scripts/orchestrate.sh`.
Impact
Can add package-owned skill files and a configured bridge service to the selected local agent environment.
Mechanism
User-invoked agent-skill deployment and local bridge setup.
Rationale
Source inspection found explicit, package-aligned agent-extension and bridge setup rather than concrete malicious behavior. Warn because the package can modify selected agent skill environments and provision a local agent bridge when the user invokes its commands.
Evidence
bin/dirextalk-deployer.mjsscripts/phases/s6_wire_local.shscripts/lib/mcp-client-adapters.shscripts/updater/release.envpackage.jsonscripts/lib/http-secrets.shscripts/updater/install.sh
Network endpoints3
github.com/YingSuiAI/dirextalk-connect.gitapi.github.com/repos/YingSuiAI/dirextalk-message-server/releases/latestgithub.com/YingSuiAI/dirextalk-updater/releases/download/v1.0.6/dirextalk-updater-linux-amd64

Decision evidence

public snapshot
AI called this Suspicious at 87.0% confidence as Benign with medium false-positive risk.
Evidence for warning
  • `bin/dirextalk-deployer.mjs` explicitly copies the package into selected AI-agent skill directories, including `.codex`, `.claude`, and `.cursor`.
  • `scripts/phases/s6_wire_local.sh` can install `dirextalk-connect@latest`, write bridge credentials/config, and start its service during user-run orchestration.
  • `skill refresh` invokes `npm install -g dirextalk-deployer@latest` after an explicit CLI refresh request.
Evidence against
  • `package.json` has no preinstall, install, postinstall, or prepare lifecycle hook.
  • The CLI runs only as the declared `dirextalk-deployer` binary; import-time execution is not established.
  • Skill installation refuses unmanaged target directories unless the user supplies `--force`.
  • Host-managed MCP paths require explicit operator readiness and state they do not mutate user-global host configuration.
  • Reviewed network use targets the configured Dirextalk server, AWS, and declared GitHub release/source endpoints; no credential-harvesting or unrelated exfiltration endpoint was found.
  • Updater download configuration is pinned to a version, commit, URL, and SHA-256 in `scripts/updater/release.env`.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemShell
Supply chain
UrlStrings
ManifestNo manifest risk signals triggered.
scanned 3 file(s), 58.6 KB of source, external domains: api.github.com, git-scm.com, github.com

Source & flagged code

4 flagged · loading source
bin/dirextalk-deployer.mjsView file
matchType = previous_version_dangerous_delta matchedPackage = dirextalk-deployer@0.1.34 matchedIdentity = npm:ZGlyZXh0YWxrLWRlcGxveWVy:0.1.34 similarity = 0.667 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

bin/dirextalk-deployer.mjsView on unpkg
1#!/usr/bin/env node L2: import { spawnSync } from "node:child_process"; L3: import { createRequire } from "node:module";
High
Child Process

Package source references child process execution.

bin/dirextalk-deployer.mjsView on unpkg · L1
411latestVersion, L412: updateCommand: `npm install -g ${packageName}@latest` L413: }; ... L416: function runNpmUpdateAndChildInstall({ agent, scope, target, options, freshness }) { L417: const installResult = spawnSync("npm", ["install", "-g", `${packageName}@latest`], { L418: stdio: "inherit",
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

bin/dirextalk-deployer.mjsView on unpkg · L411
scripts/adopt-legacy-node.shView file
path = scripts/adopt-legacy-node.sh kind = build_helper sizeBytes = 3997 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

scripts/adopt-legacy-node.shView on unpkg

Findings

1 Critical3 High3 Medium3 Low
CriticalPrevious Version Dangerous Deltabin/dirextalk-deployer.mjs
HighChild Processbin/dirextalk-deployer.mjs
HighShell
HighRuntime Package Installbin/dirextalk-deployer.mjs
MediumEnvironment Vars
MediumShips Build Helperscripts/adopt-legacy-node.sh
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowUrl Strings