registry  /  leash-secrets  /  1.3.0

leash-secrets@1.3.0

Keep your secrets on a leash — AI agent skill that catches exposed API keys, tokens, and credentials before they hit your codebase

AI Security Review

scanned 2h ago · by lpm-firewall-ai

Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.

Static reason
One or more suspicious static signals were detected.
Trigger
User manually runs `scripts/install.sh` or `scripts/install.ps1`.
Impact
Can alter local agent behavior and commit-time scanning after user invocation; remote branch changes affect fetched content.
Mechanism
Explicit AI-agent configuration and Git-hook installation with remote content fetch.
Rationale
Source behavior is package-aligned secret scanning, but the optional installer has real, broad agent-control mutation and mutable remote-content risk. This warrants a warning rather than a block.
Evidence
package.jsonsrc/scanner.jsbin/leash-secrets.jsscripts/install.shscripts/install.ps1hooks/pre-commit.shpatterns/crypto.jsonAGENTS.md.cursor/rules/leash-secrets.mdc.github/copilot-instructions.mdskills/leash-secrets.md
Network endpoints2
raw.githubusercontent.com/FasterApiWeb/leash-secrets/maingithub.com/FasterApiWeb/leash-secrets

Decision evidence

public snapshot
AI called this Suspicious at 89.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `scripts/install.sh` explicitly writes AI-agent rules and a Git pre-commit hook.
  • `scripts/install.sh` downloads mutable `main` branch content before writing those files.
  • `scripts/install.ps1` explicitly writes Cursor, Claude, and Copilot instruction files.
Evidence against
  • `package.json` has no preinstall/install/postinstall hook; only `prepublishOnly` runs tests.
  • `src/scanner.js` only reads user-selected files and matches local JSON regex patterns.
  • `bin/leash-secrets.js` exposes explicit scan/report/validate commands with no network client.
  • No credential exfiltration, remote code execution, eval, or hidden import-time mutation found.
  • `patterns/crypto.json` contains detection regexes, not a private key or credential.
Behavioral surface
Source
ChildProcessFilesystem
Supply chainNo supply-chain packaging signals triggered.
ManifestNo manifest risk signals triggered.
scanned 10 file(s), 24.5 KB of source

Source & flagged code

8 flagged · loading source
patterns/crypto.jsonView file
9patternName = private_key_rsa severity = critical line = 9 matchedText = "regex":...--",
Critical
Critical Secret

Package contains a critical-looking secret pattern.

patterns/crypto.jsonView on unpkg · L9
9patternName = private_key_rsa severity = critical line = 9 matchedText = "regex":...--",
Critical
Secret Pattern

RSA private key in patterns/crypto.json

patterns/crypto.jsonView on unpkg · L9
18patternName = private_key_openssh severity = critical line = 18 matchedText = "regex":...--",
Critical
Secret Pattern

OpenSSH private key in patterns/crypto.json

patterns/crypto.jsonView on unpkg · L18
27patternName = private_key_ec severity = critical line = 27 matchedText = "regex":...--",
Critical
Secret Pattern

EC private key in patterns/crypto.json

patterns/crypto.jsonView on unpkg · L27
54patternName = private_key_rsa severity = critical line = 54 matchedText = "regex":...--",
Critical
Secret Pattern

RSA private key in patterns/crypto.json

patterns/crypto.jsonView on unpkg · L54
hooks/pre-commit.shView file
path = hooks/pre-commit.sh kind = build_helper sizeBytes = 4548 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

hooks/pre-commit.shView on unpkg
patterns/aws.jsonView file
14patternName = aws_access_key severity = critical line = 14 matchedText = "false_p...LE"]
Critical
Secret Pattern

AWS access key ID in patterns/aws.json

patterns/aws.jsonView on unpkg · L14
README.mdView file
123patternName = private_key_openssh severity = critical line = 123 matchedText = Value: ...----
Critical
Secret Pattern

OpenSSH private key in README.md

README.mdView on unpkg · L123

Findings

7 Critical1 Medium3 Low
CriticalCritical Secretpatterns/crypto.json
CriticalSecret Patternpatterns/crypto.json
CriticalSecret Patternpatterns/crypto.json
CriticalSecret Patternpatterns/crypto.json
CriticalSecret Patternpatterns/crypto.json
CriticalSecret Patternpatterns/aws.json
CriticalSecret PatternREADME.md
MediumShips Build Helperhooks/pre-commit.sh
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem