registry  /  jonggrang  /  0.14.4

jonggrang@0.14.4

Deterministic AI orchestration platform — 16-phase workflow engine for autonomous software development

AI Security Review

scanned 17h ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. No confirmed malicious install-time or import-time attack was found. The main residual risk is explicit user-command setup of first-party AI-agent hooks/extensions for this orchestration tool.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
user runs jonggrang init or related CLI/web commands
Impact
AI-agent command gating and workflow enforcement within the initialized project
Mechanism
first-party agent hook and extension installation
Rationale
Source inspection shows a developer orchestration package with user-invoked setup that writes first-party agent hooks/extensions, but no npm lifecycle mutation, credential exfiltration, remote payload fetch, or stealth persistence. Because it modifies AI-agent control surfaces by design, warn rather than block.
Evidence
package.jsonbin/jonggrang.jslib/hooks.jshooks/opencode/plugin.jshooks/pi/jonggrang-extension.tsapis/secrets/index.jslib/issue-providers.jsserver.js.claude/settings.json.opencode/plugins/jonggrang.js.jonggrang/extensions/jonggrang.tshooks
Network endpoints2
api.github.comgitlab.com/api/v4

Decision evidence

public snapshot
AI called this Suspicious at 82.0% confidence as Benign with medium false-positive risk.
Evidence for warning
  • lib/hooks.js installs Claude hooks into .claude/settings.json and OpenCode/Pi extension files when invoked
  • bin/jonggrang.js runs hooksLib.installHooksForTool during explicit jonggrang init
  • hooks/claude and hooks/opencode include agent command/output enforcement code
Evidence against
  • package.json has no preinstall/install/postinstall lifecycle hooks
  • bin/jonggrang.js dependency npm install occurs only in user-invoked web command
  • apis/secrets/index.js stores user-provided secrets locally via webState, no exfil code seen
  • lib/issue-providers.js only calls GitHub/GitLab APIs with user tokens for issue features
  • server.js binds local dashboard to 127.0.0.1 by default
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsMinifiedObfuscatedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 92 file(s), 2.55 MB of source, external domains: 127.0.0.1, api.github.com, github.com, gitlab.com, opencode.ai, socket.io, www.w3.org

Source & flagged code

14 flagged · loading source
client/dist/assets/ProjectSettingsView-ChFbcEga.jsView file
1patternName = private_key_openssh severity = critical line = 1 matchedText = import{A...----
Critical
Critical Secret

Package contains a critical-looking secret pattern.

client/dist/assets/ProjectSettingsView-ChFbcEga.jsView on unpkg · L1
1patternName = private_key_openssh severity = critical line = 1 matchedText = import{A...----
Critical
Secret Pattern

OpenSSH private key in client/dist/assets/ProjectSettingsView-ChFbcEga.js

client/dist/assets/ProjectSettingsView-ChFbcEga.jsView on unpkg · L1
apis/projects/orchestration-run.jsView file
16const { Router } = require('express'); L17: const { spawn, execFile, execFileSync } = require('child_process'); L18: const path = require('path');
High
Child Process

Package source references child process execution.

apis/projects/orchestration-run.jsView on unpkg · L16
lib/jonggrang.jsView file
1784const result = require('child_process').spawnSync(testCmd, { L1785: shell: true, L1786: cwd: projectRoot,
High
Shell

Package source references shell execution.

lib/jonggrang.jsView on unpkg · L1784
apis/secrets/index.jsView file
2L3: const { Router } = require('express'); L4:
Medium
Dynamic Require

Package source references dynamic require/import behavior.

apis/secrets/index.jsView on unpkg · L2
lib/bot-reviewer/index.jsView file
1'use strict'; L2:
Low
Weak Crypto

Package source references weak cryptographic algorithms.

lib/bot-reviewer/index.jsView on unpkg · L1
hooks/pi/jonggrang-extension.tsView file
17const fs = require("fs") as typeof import("fs"); L18: const { execSync, execFileSync } = require("child_process") as typeof import("child_process"); L19: ... L36: /\bcredentials\b/i, /\.pfx$/i, /\.p12$/i, /\.crt$/i, /\.cer$/i, L37: /\.pkcs12$/i, /\.jks$/i, /\.keystore$/i, /(^|\/)\.ssh\//i, /authorized_keys/i, L38: ]; ... L65: .filter(Boolean); L66: const READERS = "(?:cat|head|tail|less|more|xxd|od|hexdump|strings|awk|sed|cp|mv|tar|zip|base64|openssl|grep|rg|fgrep|egrep|nl|tac|view|vim|vi|nano|emacs|code|subl)"; L67: const SECRETPATH = "(credentials|\\.pem(\\s|$)|\\.key(\\s|$)|id_rsa|id_ed25519|id_ecdsa|id_ed25519_sk|id_ecdsa_sk|id_dsa|identity|ssh_host_.*_key|\\.ssh/|\\.aws/credentials|authori... ... L85: .replace(/(aws_access_key_id\s*=\s*)\S+/gi, "$1<REDACTED>") L86: .replace(/-----BEGIN [A-Z ]*(PRIVATE|CERTIFICATE|EC|OPENSSH) KEY-----/g, "-----BEGIN <REDACTED>-----") L87: .replace(/(eyJ[A-Za-z0-9_-]{4,}\.[A-Za-z0-9_-]+\.)[A-Za-z0-9_-]+/g, "$1<REDACTED>")
Medium
Install Persistence

Source writes installer persistence such as shell profile or service configuration.

hooks/pi/jonggrang-extension.tsView on unpkg · L17
bin/jonggrang.jsView file
matchType = previous_version_dangerous_delta matchedPackage = jonggrang@0.13.5 matchedIdentity = npm:am9uZ2dyYW5n:0.13.5 similarity = 0.946 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

bin/jonggrang.jsView on unpkg
9Detached bundled service listener: bin/jonggrang.js spawns server.js; helper exposes a broad-bound HTTP listener. L9: const path = require('path'); L10: const { spawn, spawnSync, execSync } = require('child_process'); L11: const readline = require('readline'); ... L24: function resolveJonggrangHome() { L25: if (process.env.JONGGRANG_HOME) return process.env.JONGGRANG_HOME; L26: L27: const candidates = [ L28: path.resolve(__dirname, '..'), L29: path.resolve(__dirname, '..', '..'), ... L55: L56: const JONGGRANG_VERSION = require('../package.json').version; L57:
High
Spawned Bundled Service Listener

Source launches a detached bundled service that exposes a broad-bound HTTP listener.

bin/jonggrang.jsView on unpkg · L9
2786try { L2787: execSync('npm install --production', { cwd: WEB_DIR, stdio: 'inherit' }); L2788: } catch {
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

bin/jonggrang.jsView on unpkg · L2786
hooks/claude/secret-final-check.shView file
path = hooks/claude/secret-final-check.sh kind = build_helper sizeBytes = 1567 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

hooks/claude/secret-final-check.shView on unpkg
client/dist/assets/primeicons-C6QP2o4f.woff2View file
path = client/dist/assets/primeicons-C6QP2o4f.woff2 kind = high_entropy_blob sizeBytes = 35148 magicHex = [redacted]
High
Ships High Entropy Blob

Package ships high-entropy non-source blobs.

client/dist/assets/primeicons-C6QP2o4f.woff2View on unpkg
skills/library/testing/unit-testing-patterns/SKILL.mdView file
17patternName = generic_password severity = medium line = 17 matchedText = const dt...' };
Medium
Secret Pattern

Hardcoded password in skills/library/testing/unit-testing-patterns/SKILL.md

skills/library/testing/unit-testing-patterns/SKILL.mdView on unpkg · L17
client/dist/assets/SettingsView-D3DYYBDH.jsView file
164patternName = private_key_openssh severity = critical line = 164 matchedText = In order...----
Critical
Secret Pattern

OpenSSH private key in client/dist/assets/SettingsView-D3DYYBDH.js

client/dist/assets/SettingsView-D3DYYBDH.jsView on unpkg · L164

Findings

4 Critical5 High7 Medium6 Low
CriticalCritical Secretclient/dist/assets/ProjectSettingsView-ChFbcEga.js
CriticalPrevious Version Dangerous Deltabin/jonggrang.js
CriticalSecret Patternclient/dist/assets/ProjectSettingsView-ChFbcEga.js
CriticalSecret Patternclient/dist/assets/SettingsView-D3DYYBDH.js
HighChild Processapis/projects/orchestration-run.js
HighShelllib/jonggrang.js
HighSpawned Bundled Service Listenerbin/jonggrang.js
HighRuntime Package Installbin/jonggrang.js
HighShips High Entropy Blobclient/dist/assets/primeicons-C6QP2o4f.woff2
MediumDynamic Requireapis/secrets/index.js
MediumNetwork
MediumEnvironment Vars
MediumInstall Persistencehooks/pi/jonggrang-extension.ts
MediumShips Build Helperhooks/claude/secret-final-check.sh
MediumStructural Risk Force Deep Review
MediumSecret Patternskills/library/testing/unit-testing-patterns/SKILL.md
LowScripts Present
LowWeak Cryptolib/bot-reviewer/index.js
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings