registry  /  jonggrang  /  0.15.3

jonggrang@0.15.3

Deterministic AI orchestration platform — 16-phase workflow engine for autonomous software development

AI Security Review

scanned 2h ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. Explicit initialization installs project-scoped Claude Code hooks and an OpenCode plugin. These influence AI-agent tool events but are not installed during npm installation.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs `jonggrang init` in a project.
Impact
Can alter local agent behavior and invoke package-provided hook scripts in that initialized project.
Mechanism
Project-scoped AI-agent hook and plugin registration.
Rationale
No concrete malicious chain was found. Flag as warn because explicit setup mutates AI-agent control surfaces and installs event-driven hooks.
Evidence
package.jsonbin/jonggrang.jslib/hooks.jshooks/opencode/plugin.jshooks/pi/jonggrang-extension.tsserver.js.claude/settings.json.opencode/plugins/jonggrang.jshooks/PROJECT_ROOT/.jonggrang/extensions/jonggrang.ts

Decision evidence

public snapshot
AI called this Suspicious at 90.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `bin/jonggrang.js` runs hook setup only through explicit `jonggrang init`.
  • `lib/hooks.js` writes project `.claude/settings.json` hooks and an auto-discovered `.opencode/plugins/jonggrang.js`.
  • Generated hooks invoke copied package scripts during AI-agent tool events.
  • `bin/jonggrang.js` runs `npm install` only from explicit `jonggrang web`, not package lifecycle.
Evidence against
  • `package.json` has no preinstall, install, postinstall, or prepare hook.
  • No reviewed hook source contains outbound network or credential-exfiltration logic.
  • Hook source primarily blocks sensitive-file and secret-command access.
  • Server defaults to `127.0.0.1`; reviewed GitLab requests are a configured product integration.
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsMinifiedObfuscatedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 92 file(s), 2.60 MB of source, external domains: 127.0.0.1, api.github.com, github.com, gitlab.com, opencode.ai, socket.io, www.w3.org

Source & flagged code

13 flagged · loading source
client/dist/assets/ProjectSettingsView-fAz79_zI.jsView file
1patternName = private_key_openssh severity = critical line = 1 matchedText = import{A...----
Critical
Critical Secret

Package contains a critical-looking secret pattern.

client/dist/assets/ProjectSettingsView-fAz79_zI.jsView on unpkg · L1
1patternName = private_key_openssh severity = critical line = 1 matchedText = import{A...----
Critical
Secret Pattern

OpenSSH private key in client/dist/assets/ProjectSettingsView-fAz79_zI.js

client/dist/assets/ProjectSettingsView-fAz79_zI.jsView on unpkg · L1
apis/projects/orchestration-run.jsView file
16const { Router } = require('express'); L17: const { spawn, execFile, execFileSync } = require('child_process'); L18: const path = require('path');
High
Child Process

Package source references child process execution.

apis/projects/orchestration-run.jsView on unpkg · L16
lib/jonggrang.jsView file
1815const result = require('child_process').spawnSync(testCmd, { L1816: shell: true, L1817: cwd: projectRoot,
High
Shell

Package source references shell execution.

lib/jonggrang.jsView on unpkg · L1815
apis/secrets/index.jsView file
2L3: const { Router } = require('express'); L4:
Medium
Dynamic Require

Package source references dynamic require/import behavior.

apis/secrets/index.jsView on unpkg · L2
lib/bot-reviewer/index.jsView file
1'use strict'; L2:
Low
Weak Crypto

Package source references weak cryptographic algorithms.

lib/bot-reviewer/index.jsView on unpkg · L1
hooks/pi/jonggrang-extension.tsView file
17const fs = require("fs") as typeof import("fs"); L18: const { execSync, execFileSync } = require("child_process") as typeof import("child_process"); L19: ... L36: /\bcredentials\b/i, /\.pfx$/i, /\.p12$/i, /\.crt$/i, /\.cer$/i, L37: /\.pkcs12$/i, /\.jks$/i, /\.keystore$/i, /(^|\/)\.ssh\//i, /authorized_keys/i, L38: ]; ... L65: .filter(Boolean); L66: const READERS = "(?:cat|head|tail|less|more|xxd|od|hexdump|strings|awk|sed|cp|mv|tar|zip|base64|openssl|grep|rg|fgrep|egrep|nl|tac|view|vim|vi|nano|emacs|code|subl)"; L67: const SECRETPATH = "(credentials|\\.pem(\\s|$)|\\.key(\\s|$)|id_rsa|id_ed25519|id_ecdsa|id_ed25519_sk|id_ecdsa_sk|id_dsa|identity|ssh_host_.*_key|\\.ssh/|\\.aws/credentials|authori... ... L85: .replace(/(aws_access_key_id\s*=\s*)\S+/gi, "$1<REDACTED>") L86: .replace(/-----BEGIN [A-Z ]*(PRIVATE|CERTIFICATE|EC|OPENSSH) KEY-----/g, "-----BEGIN <REDACTED>-----") L87: .replace(/(eyJ[A-Za-z0-9_-]{4,}\.[A-Za-z0-9_-]+\.)[A-Za-z0-9_-]+/g, "$1<REDACTED>")
Medium
Install Persistence

Source writes installer persistence such as shell profile or service configuration.

hooks/pi/jonggrang-extension.tsView on unpkg · L17
bin/jonggrang.jsView file
matchType = previous_version_dangerous_delta matchedPackage = jonggrang@0.14.8 matchedIdentity = npm:am9uZ2dyYW5n:0.14.8 similarity = 0.902 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

bin/jonggrang.jsView on unpkg
2886try { L2887: execSync('npm install --production', { cwd: WEB_DIR, stdio: 'inherit' }); L2888: } catch {
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

bin/jonggrang.jsView on unpkg · L2886
hooks/claude/secret-final-check.shView file
path = hooks/claude/secret-final-check.sh kind = build_helper sizeBytes = 1567 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

hooks/claude/secret-final-check.shView on unpkg
client/dist/assets/primeicons-C6QP2o4f.woff2View file
path = client/dist/assets/primeicons-C6QP2o4f.woff2 kind = high_entropy_blob sizeBytes = 35148 magicHex = [redacted]
High
Ships High Entropy Blob

Package ships high-entropy non-source blobs.

client/dist/assets/primeicons-C6QP2o4f.woff2View on unpkg
skills/library/testing/unit-testing-patterns/SKILL.mdView file
17patternName = generic_password severity = medium line = 17 matchedText = const dt...' };
Medium
Secret Pattern

Hardcoded password in skills/library/testing/unit-testing-patterns/SKILL.md

skills/library/testing/unit-testing-patterns/SKILL.mdView on unpkg · L17
client/dist/assets/SettingsView-feUFpZAq.jsView file
164patternName = private_key_openssh severity = critical line = 164 matchedText = In order...----
Critical
Secret Pattern

OpenSSH private key in client/dist/assets/SettingsView-feUFpZAq.js

client/dist/assets/SettingsView-feUFpZAq.jsView on unpkg · L164

Findings

4 Critical4 High7 Medium6 Low
CriticalCritical Secretclient/dist/assets/ProjectSettingsView-fAz79_zI.js
CriticalPrevious Version Dangerous Deltabin/jonggrang.js
CriticalSecret Patternclient/dist/assets/ProjectSettingsView-fAz79_zI.js
CriticalSecret Patternclient/dist/assets/SettingsView-feUFpZAq.js
HighChild Processapis/projects/orchestration-run.js
HighShelllib/jonggrang.js
HighRuntime Package Installbin/jonggrang.js
HighShips High Entropy Blobclient/dist/assets/primeicons-C6QP2o4f.woff2
MediumDynamic Requireapis/secrets/index.js
MediumNetwork
MediumEnvironment Vars
MediumInstall Persistencehooks/pi/jonggrang-extension.ts
MediumShips Build Helperhooks/claude/secret-final-check.sh
MediumStructural Risk Force Deep Review
MediumSecret Patternskills/library/testing/unit-testing-patterns/SKILL.md
LowScripts Present
LowWeak Cryptolib/bot-reviewer/index.js
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings