registry  /  gm-skill  /  2.0.1708

gm-skill@2.0.1708

⚠ Under review

Canonical universal harness — AI-native software engineering via skill-driven orchestration; bootstraps plugkit for task execution and session isolation. Install in any AI coding agent host.

Static Scan Results

scanned 1d ago · by rust-scanner

Static analysis flagged 17 finding(s) at 86.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
High-risk behavior combination matched malicious policy.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsEvalFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 17 file(s), 388 KB of source, external domains: 127.0.0.1, github.com, registry.npmjs.org

Source & flagged code

11 flagged · loading source
bin/bootstrap.jsView file
7const crypto = require('crypto'); L8: const { spawnSync } = require('child_process'); L9:
High
Child Process

Package source references child process execution.

bin/bootstrap.jsView on unpkg · L7
3L4: const fs = require('fs'); L5: const path = require('path');
Medium
Dynamic Require

Package source references dynamic require/import behavior.

bin/bootstrap.jsView on unpkg · L3
bin/gm-validate.jsView file
59const child = cp.spawn('bun', ['x', 'gm-plugkit@latest', 'spool'], { L60: cwd: ROOT, detached: true, stdio: ['ignore', 'ignore', 'ignore'], windowsHide: true, shell: true, L61: });
High
Shell

Package source references shell execution.

bin/gm-validate.jsView on unpkg · L59
gm-plugkit/plugkit-wasm-wrapper.jsView file
1027function isPortAliveSync(port) { L1028: const r = spawnSync(process.execPath, ['-e', ` L1029: const net = require('net'); L1030: const s = net.connect({ port: ${port}, host: '127.0.0.1' }); ... L1042: function playwriterHomeFor(cwd, claudeSessionId) { L1043: if (process.env.PLAYWRITER_HOME) return process.env.PLAYWRITER_HOME; L1044: if (!cwd) return path.join(GM_TOOLS_ROOT, `pw-sock-${sessionProfileSlug(claudeSessionId)}`);
Critical
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution with blocking evidence.

gm-plugkit/plugkit-wasm-wrapper.jsView on unpkg · L1027
707if (!_aggregateCpuProfileFn) { L708: _aggregateCpuProfileFn = new Function(AGGREGATE_CPU_PROFILE_SRC + '\nreturn aggregateCpuProfile;')(); L709: }
High
Eval

Package source references dynamic code evaluation.

gm-plugkit/plugkit-wasm-wrapper.jsView on unpkg · L707
1004function isPortReachableSync(host, port, timeoutMs) { L1005: const r = spawnSync(process.execPath, ['-e', ` L1006: const net = require('net'); L1007: const s = net.connect({ port: ${port}, host: ${JSON.stringify(host)} }); ... L1019: const srv = net.createServer(); L1020: srv.listen(0, '127.0.0.1', () => { const p = srv.address().port; srv.close(() => { process.stdout.write(String(p)); }); }); L1021: srv.on('error', e => { process.stderr.write(e.message); process.exit(1); });
High
Command Output Exfiltration

Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.

gm-plugkit/plugkit-wasm-wrapper.jsView on unpkg · L1004
1259logEvent('plugkit', 'browser.chromium-installing', {}); L1260: spawnSync(process.platform === 'win32' ? 'npx.cmd' : 'npx', ['--yes', 'playwright', 'install', 'chromium'], { L1261: encoding: 'utf-8',
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

gm-plugkit/plugkit-wasm-wrapper.jsView on unpkg · L1259
4import crypto from 'crypto'; L5: import https from 'https'; L6: import http from 'http'; L7: import { watch } from 'fs'; L8: import * as _childProcess from 'child_process'; L9: import { spawn as _rawSpawn, spawnSync as _rawSpawnSync } from 'child_process'; ... L27: const __filename = fileURLToPath(import.meta.url); L28: const __dirname = path.dirname(__filename); L29: ... L40: L41: const GM_LOG_ROOT = process.env.GM_LOG_DIR || path.join(os.homedir(), '.claude', 'gm-log'); L42: const ORCHESTRATOR_VERBS = new Set(['instruction', 'transition', 'phase-status', 'prd-add', 'prd-resolve', 'prd-list', 'mutable-add', 'mutable-resolve', 'mutable-list', 'memorize-f...
Low
Weak Crypto

Package source references weak cryptographic algorithms.

gm-plugkit/plugkit-wasm-wrapper.jsView on unpkg · L4
lib/skill-bootstrap.jsView file
501package = gm-skill; repositoryIdentity = gm; dependency = gm-plugkit L501: try { L502: const gmPlugkit = require('gm-plugkit'); L503: const base = path.dirname(gmPlugkit.getPath ? gmPlugkit.getPath() : require.resolve('gm-plugkit'));
High
Copied Package Dependency Bridge

Package metadata claims a different repository identity while copied source loads a runtime dependency bridge.

lib/skill-bootstrap.jsView on unpkg · L501
2Cross-file remote execution chain: lib/sk[redacted] spawns gm-plugkit/plugkit-wasm-wrapper.js; helper contains network access plus dynamic code execution. L2: const path = require('path'); L3: const https = require('https'); L4: const { execSync, execFileSync, spawn } = require('child_process'); L5: const crypto = require('crypto'); ... L9: function resolveToolsDir() { L10: const primary = path.join(os.homedir(), '.gm-tools'); L11: const fallback = path.join(os.homedir(), '.claude', 'gm-tools'); ... L71: } L72: const gm = JSON.parse(fs.readFileSync(gmJsonPath, 'utf8')); L73: const version = gm.plugkitVersion; ... L210: function patchPackageJsonJest(cwd) { L211: const pkgPath = path.join(cwd, 'package.json');
High
Cross File Remote Execution Context

Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.

lib/skill-bootstrap.jsView on unpkg · L2
scripts/run-hook.shView file
path = scripts/run-hook.sh kind = build_helper sizeBytes = 203 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

scripts/run-hook.shView on unpkg

Findings

1 Critical7 High5 Medium4 Low
CriticalSame File Env Network Executiongm-plugkit/plugkit-wasm-wrapper.js
HighChild Processbin/bootstrap.js
HighShellbin/gm-validate.js
HighEvalgm-plugkit/plugkit-wasm-wrapper.js
HighCommand Output Exfiltrationgm-plugkit/plugkit-wasm-wrapper.js
HighCopied Package Dependency Bridgelib/skill-bootstrap.js
HighCross File Remote Execution Contextlib/skill-bootstrap.js
HighRuntime Package Installgm-plugkit/plugkit-wasm-wrapper.js
MediumDynamic Requirebin/bootstrap.js
MediumNetwork
MediumEnvironment Vars
MediumShips Build Helperscripts/run-hook.sh
MediumStructural Risk Force Deep Review
LowWeak Cryptogm-plugkit/plugkit-wasm-wrapper.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings