registry  /  lastlight  /  0.7.7

lastlight@0.7.7

GitHub repository maintenance agent — Agent SDK harness

Static Scan Results

scanned 4h ago · by rust-scanner

Static analysis flagged 15 finding(s) at 93.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 93 file(s), 1011 KB of source, external domains: 127.0.0.1, api.anthropic.com, api.github.com, api.openai.com, github.com, lastlight.example.com, openrouter.ai, slack.com, smolmachines.com

Source & flagged code

8 flagged · loading source
dist/cli/setup.jsView file
49patternName = private_key_rsa severity = critical line = 49 matchedText = return (...) ||
Critical
Critical Secret

Package contains a critical-looking secret pattern.

dist/cli/setup.jsView on unpkg · L49
49patternName = private_key_rsa severity = critical line = 49 matchedText = return (...) ||
Critical
Secret Pattern

RSA private key in dist/cli/setup.js

dist/cli/setup.jsView on unpkg · L49
50patternName = private_key_rsa severity = critical line = 50 matchedText = content...."));
Critical
Secret Pattern

RSA private key in dist/cli/setup.js

dist/cli/setup.jsView on unpkg · L50
skills/browser-qa/scripts/agent-browser.mjsView file
84// a `require` that resolves an absolute package-dir path (see loadPlaywright). L85: const require = createRequire(import.meta.url); L86:
Medium
Dynamic Require

Package source references dynamic require/import behavior.

skills/browser-qa/scripts/agent-browser.mjsView on unpkg · L84
dist/cli/cli.jsView file
16* `LASTLIGHT_URL`/`LASTLIGHT_TOKEN` env → `~/.lastlight/config.json` (written L17: * by `login`) → `http://localhost:8644`. L18: */ ... L24: import { fileURLToPath } from "node:url"; L25: import { spawn } from "node:child_process"; L26: import * as p from "@clack/prompts"; ... L100: /** L101: * This CLI's version, read from the bundled package.json. Resolves for both the L102: * compiled (`dist/cli/cli.js` → `../..` = package root) and dev ... L107: const pkgPath = path.resolve(path.dirname(fileURLToPath(import.meta.url)), "../..", "package.json"); L108: const pkg = JSON.parse(readFileSync(pkgPath, "utf8")); L109: return pkg.version ?? "unknown";
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

dist/cli/cli.jsView on unpkg · L16
dist/sandbox/egress-firewall-config.jsView file
17* inside the sandbox (especially the OpenAI/Anthropic SDKs that build L18: * their own undici dispatchers) don't honour HTTP_PROXY / HTTPS_PROXY. L19: * Forcing them to cooperate is a losing battle. By spoofing DNS and ... L74: * mode — known SSRF magnets. nginx's `ssl_preread` SNI inspection alone L75: * can't catch hostnames that resolve to private IPs (the DNS server L76: * we control gets the first say), so this is the right layer to enforce ... L115: L116: error_log /dev/stderr warn; L117: pid /tmp/nginx.pid; ... L355: export function renderOtelCollectorConfig(opts) { L356: const env = opts.env ?? process.env; L357: const exporterBlocks = [];
High
Cloud Metadata Access

Source reaches cloud instance metadata or link-local credential endpoints.

dist/sandbox/egress-firewall-config.jsView on unpkg · L17
deploy/native/install.shView file
path = deploy/native/install.sh kind = build_helper sizeBytes = 5030 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

deploy/native/install.shView on unpkg
dist/workflows/phase-executor.jsView file
matchType = previous_version_dangerous_delta matchedPackage = lastlight@0.7.6 matchedIdentity = npm:bGFzdGxpZ2h0:0.7.6 similarity = 0.955 summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/workflows/phase-executor.jsView on unpkg

Findings

3 Critical3 High5 Medium4 Low
CriticalCritical Secretdist/cli/setup.js
CriticalSecret Patterndist/cli/setup.js
CriticalSecret Patterndist/cli/setup.js
HighSandbox Evasion Gated Capabilitydist/cli/cli.js
HighCloud Metadata Accessdist/sandbox/egress-firewall-config.js
HighPrevious Version Dangerous Deltadist/workflows/phase-executor.js
MediumDynamic Requireskills/browser-qa/scripts/agent-browser.mjs
MediumNetwork
MediumEnvironment Vars
MediumShips Build Helperdeploy/native/install.sh
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings