registry  /  leash-secrets  /  1.2.1

leash-secrets@1.2.1

Keep your secrets on a leash — AI agent skill that catches exposed API keys, tokens, and credentials before they hit your codebase

AI Security Review

scanned 2d ago · by lpm-firewall-ai

No confirmed malicious npm attack surface. The package provides a local secret scanner and optional user-run installers for agent rules/hooks.

Static reason
One or more suspicious static signals were detected.
Trigger
User invokes CLI/API scan or explicitly runs scripts/install.sh or scripts/install.ps1
Impact
May read target files during scans and may write agent rule/hook files only through explicit installer commands; no install-time mutation or exfiltration found.
Mechanism
Local secret-pattern scanning plus optional agent rule/pre-commit setup
Rationale
Static inspection shows a package-aligned secret scanner with explicit user-command setup for agent rules and git hooks, but no npm lifecycle install mutation, credential harvesting beyond user-requested local scanning, exfiltration, or remote payload execution. The scanner hint on patterns/crypto.json is a false positive caused by detection regex strings for private-key headers.
Evidence
package.jsonbin/leash-secrets.jssrc/loader.jssrc/scanner.jssrc/reporter.jsscripts/install.shscripts/install.ps1AGENTS.mdskills/leash-secrets.mdpatterns/crypto.jsonhooks/pre-commit.shhooks/hooks.json$HOME/.cursor/rules/leash-secrets.mdc$HOME/.claude/skills/leash-secrets.md$HOME/.codex/AGENTS.md.github/copilot-instructions.md.windsurf/rules/leash-secrets.md.clinerules/leash-secrets.md.git/hooks/pre-commit-leash-secrets.git/hooks/pre-commit
Network endpoints2
raw.githubusercontent.com/FasterApiWeb/leash-secrets/maingithub.com/FasterApiWeb/leash-secrets

Decision evidence

public snapshot
AI called this Clean at 93.0% confidence as Benign with low false-positive risk.
Evidence for block
  • Installer writes agent config/rule files when explicitly run, including $HOME/.codex/AGENTS.md and .cursor/.claude paths.
Evidence against
  • No npm preinstall/install/postinstall; package.json only has prepublishOnly for publisher-side tests.
  • CLI and API perform local filesystem scanning/reporting and redact matches; no exfiltration code seen.
  • patterns/crypto.json contains regex signatures, not embedded private keys.
  • Network URLs are documentation/installer fetches from the package GitHub repo, not import-time or install-time callbacks.
  • Agent instructions are package-aligned secret-detection guidance, not prompt hijack for data theft or remote execution.
Behavioral surface
Source
ChildProcessFilesystem
Supply chainNo supply-chain packaging signals triggered.
ManifestNo manifest risk signals triggered.
scanned 10 file(s), 24.3 KB of source

Source & flagged code

8 flagged · loading source
patterns/crypto.jsonView file
9patternName = private_key_rsa severity = critical line = 9 matchedText = "regex":...--",
Critical
Critical Secret

Package contains a critical-looking secret pattern.

patterns/crypto.jsonView on unpkg · L9
9patternName = private_key_rsa severity = critical line = 9 matchedText = "regex":...--",
Critical
Secret Pattern

RSA private key in patterns/crypto.json

patterns/crypto.jsonView on unpkg · L9
18patternName = private_key_openssh severity = critical line = 18 matchedText = "regex":...--",
Critical
Secret Pattern

OpenSSH private key in patterns/crypto.json

patterns/crypto.jsonView on unpkg · L18
27patternName = private_key_ec severity = critical line = 27 matchedText = "regex":...--",
Critical
Secret Pattern

EC private key in patterns/crypto.json

patterns/crypto.jsonView on unpkg · L27
54patternName = private_key_rsa severity = critical line = 54 matchedText = "regex":...--",
Critical
Secret Pattern

RSA private key in patterns/crypto.json

patterns/crypto.jsonView on unpkg · L54
hooks/pre-commit.shView file
path = hooks/pre-commit.sh kind = build_helper sizeBytes = 4548 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

hooks/pre-commit.shView on unpkg
patterns/aws.jsonView file
14patternName = aws_access_key severity = critical line = 14 matchedText = "false_p...LE"]
Critical
Secret Pattern

AWS access key ID in patterns/aws.json

patterns/aws.jsonView on unpkg · L14
README.mdView file
123patternName = private_key_openssh severity = critical line = 123 matchedText = Value: ...----
Critical
Secret Pattern

OpenSSH private key in README.md

README.mdView on unpkg · L123

Findings

7 Critical1 Medium3 Low
CriticalCritical Secretpatterns/crypto.json
CriticalSecret Patternpatterns/crypto.json
CriticalSecret Patternpatterns/crypto.json
CriticalSecret Patternpatterns/crypto.json
CriticalSecret Patternpatterns/crypto.json
CriticalSecret Patternpatterns/aws.json
CriticalSecret PatternREADME.md
MediumShips Build Helperhooks/pre-commit.sh
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem