registry  /  giga-semantic-cli  /  1.0.4

giga-semantic-cli@1.0.4

Git-Grounded Autonomous AI Self-Healing Coding Agent

AI Security Review

scanned 2h ago · by lpm-firewall-ai

No confirmed malicious install-time or import-time behavior. The package is a user-invoked coding agent with powerful workspace mutation, GitHub, LLM, and dashboard command-execution capabilities.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
User runs giga commands or starts the dashboard script
Impact
Can read and modify workspace files, run tests/build commands, commit/push/PR changes, store tokens locally, and execute arbitrary commands through the dashboard endpoint if exposed.
Mechanism
User-invoked AI coding agent and local dashboard shell execution
Rationale
Source inspection supports a warn-level dangerous capability verdict rather than malicious: the package intentionally implements a local AI coding agent and dashboard with broad command/file/Git authority, but lacks install-time execution or hidden payload behavior. The scanner's remote decode/execute claim was not confirmed in the inspected source.
Evidence
package.jsondist/cli.jsdist/tools/index.jsdist/agent.jsdist/server.jsdist/binaries/cli.js.env.local.gitignore~/.gigarcworkspace source filesgit index/branches
Network endpoints5
api.openai.com/v1/chat/completionsapi.deepseek.com/chat/completionslocalhost:11434/v1/chat/completionsapi.anthropic.com/v1/messageslocalhost:3000

Decision evidence

public snapshot
AI called this Suspicious at 82.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • dist/server.js exposes POST /api/run that execs arbitrary request body commands when dashboard is started
  • dist/tools/index.js runTests/runCompilation execute npm test, npm run build, or npx tsc during user-invoked heal flow
  • dist/tools/index.js applyPatch/applyUnifiedDiff write model-generated changes into workspace files
  • dist/tools/index.js saveRCConfig writes API_KEY and GITHUB_TOKEN to ~/.gigarc and .env.local after /connect
  • dist/binaries includes native pkg executables, but package bin points to dist/binaries/cli.js
Evidence against
  • package.json has no preinstall/install/postinstall lifecycle hooks
  • No eval, Function, dynamic remote asset decode, or remote payload execution found in inspected JS
  • Command execution in CLI shell uses executeCommandSecurely with an interactive confirmation prompt
  • Network calls are aligned with declared AI/GitHub agent function, not hidden exfiltration
  • Bundled JS under dist/binaries matches dist JS files
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 8 file(s), 185 KB of source, external domains: api.anthropic.com, api.deepseek.com, api.openai.com

Source & flagged code

5 flagged · loading source
dist/tools/index.jsView file
5import * as os from 'os'; L6: import { exec, execSync } from 'child_process'; L7: import chalk from 'chalk'; ... L18: } L19: export async function executeCommandSecurely(command, cwd = process.cwd()) { L20: console.log(chalk.cyan(`\n[Security Check] Requested command to run:`)); ... L27: return new Promise((resolve) => { L28: exec(command, { cwd }, (error, stdout, stderr) => { L29: resolve({ ... L52: catch (err) { L53: const owner = process.env.GITHUB_OWNER || ''; L54: const repo = process.env.GITHUB_REPO || '';
Critical
Remote Asset Decode Execute

Source fetches a remote non-code asset, decodes its contents, and dynamically executes the decoded payload.

dist/tools/index.jsView on unpkg · L5
Trigger-reachable chain: manifest.main -> dist/cli.js -> dist/tools/index.js Reachable file contains a blocking source-risk pattern.
Critical
Trigger Reachable Dangerous Capability

A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.

dist/tools/index.jsView on unpkg
5import * as os from 'os'; L6: import { exec, execSync } from 'child_process'; L7: import chalk from 'chalk';
High
Child Process

Package source references child process execution.

dist/tools/index.jsView on unpkg · L5
326else if (fs.existsSync(path.join(cwd, 'tsconfig.json'))) { L327: command = 'npx tsc --noEmit'; L328: } ... L335: return new Promise((resolve) => { L336: exec(command, { cwd }, (error, stdout, stderr) => { L337: resolve({
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

dist/tools/index.jsView on unpkg · L326
dist/binaries/giga-macosView file
path = dist/binaries/giga-macos kind = native_binary sizeBytes = 72575267 magicHex = [redacted]
Medium
Ships Native Binary

Package ships native binary artifacts.

dist/binaries/giga-macosView on unpkg

Findings

2 Critical3 High4 Medium4 Low
CriticalRemote Asset Decode Executedist/tools/index.js
CriticalTrigger Reachable Dangerous Capabilitydist/tools/index.js
HighChild Processdist/tools/index.js
HighShell
HighRuntime Package Installdist/tools/index.js
MediumNetwork
MediumEnvironment Vars
MediumShips Native Binarydist/binaries/giga-macos
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings