AI Security Review
scanned 2d ago · by lpm-firewall-aiNo confirmed malicious npm attack surface. The package provides a local secret scanner and optional user-run installers for agent rules/hooks.
Static reason
One or more suspicious static signals were detected.
Trigger
User invokes CLI/API scan or explicitly runs scripts/install.sh or scripts/install.ps1
Impact
May read target files during scans and may write agent rule/hook files only through explicit installer commands; no install-time mutation or exfiltration found.
Mechanism
Local secret-pattern scanning plus optional agent rule/pre-commit setup
Rationale
Static inspection shows a package-aligned secret scanner with explicit user-command setup for agent rules and git hooks, but no npm lifecycle install mutation, credential harvesting beyond user-requested local scanning, exfiltration, or remote payload execution. The scanner hint on patterns/crypto.json is a false positive caused by detection regex strings for private-key headers.
Evidence
package.jsonbin/leash-secrets.jssrc/loader.jssrc/scanner.jssrc/reporter.jsscripts/install.shscripts/install.ps1AGENTS.mdskills/leash-secrets.mdpatterns/crypto.jsonhooks/pre-commit.shhooks/hooks.json$HOME/.cursor/rules/leash-secrets.mdc$HOME/.claude/skills/leash-secrets.md$HOME/.codex/AGENTS.md.github/copilot-instructions.md.windsurf/rules/leash-secrets.md.clinerules/leash-secrets.md.git/hooks/pre-commit-leash-secrets.git/hooks/pre-commit
Network endpoints2
raw.githubusercontent.com/FasterApiWeb/leash-secrets/maingithub.com/FasterApiWeb/leash-secrets
Decision evidence
public snapshotAI called this Clean at 93.0% confidence as Benign with low false-positive risk.
Evidence for block
- Installer writes agent config/rule files when explicitly run, including $HOME/.codex/AGENTS.md and .cursor/.claude paths.
Evidence against
- No npm preinstall/install/postinstall; package.json only has prepublishOnly for publisher-side tests.
- CLI and API perform local filesystem scanning/reporting and redact matches; no exfiltration code seen.
- patterns/crypto.json contains regex signatures, not embedded private keys.
- Network URLs are documentation/installer fetches from the package GitHub repo, not import-time or install-time callbacks.
- Agent instructions are package-aligned secret-detection guidance, not prompt hijack for data theft or remote execution.
Behavioral surface
ChildProcessFilesystem
Source & flagged code
8 flagged · loading sourcepatterns/crypto.jsonView file
9patternName = private_key_rsa
severity = critical
line = 9
matchedText = "regex":...--",
Critical
Critical Secret
Package contains a critical-looking secret pattern.
patterns/crypto.jsonView on unpkg · L99patternName = private_key_rsa
severity = critical
line = 9
matchedText = "regex":...--",
Critical
18patternName = private_key_openssh
severity = critical
line = 18
matchedText = "regex":...--",
Critical
27patternName = private_key_ec
severity = critical
line = 27
matchedText = "regex":...--",
Critical
54patternName = private_key_rsa
severity = critical
line = 54
matchedText = "regex":...--",
Critical
hooks/pre-commit.shView file
•path = hooks/pre-commit.sh
kind = build_helper
sizeBytes = 4548
magicHex = [redacted]
Medium
Ships Build Helper
Package ships non-JavaScript build or shell helper files.
hooks/pre-commit.shView on unpkgpatterns/aws.jsonView file
14patternName = aws_access_key
severity = critical
line = 14
matchedText = "false_p...LE"]
Critical
README.mdView file
123patternName = private_key_openssh
severity = critical
line = 123
matchedText = Value: ...----
Critical
Findings
7 Critical1 Medium3 Low
CriticalCritical Secretpatterns/crypto.json
CriticalSecret Patternpatterns/crypto.json
CriticalSecret Patternpatterns/crypto.json
CriticalSecret Patternpatterns/crypto.json
CriticalSecret Patternpatterns/crypto.json
CriticalSecret Patternpatterns/aws.json
CriticalSecret PatternREADME.md
MediumShips Build Helperhooks/pre-commit.sh
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem