registry  /  takomi  /  2.1.40

takomi@2.1.40

🎯 Stop wrestling with AI. Start building with purpose. The artisan's toolkit for agent workflows, Codex skills, and original Takomi capabilities like 21st.dev integration.

AI Security Review

scanned 6d ago · by lpm-firewall-ai

No confirmed install-time malware, but the package carries an AI-agent settings payload with an embedded token and permissive auto-execution settings. Activation requires user-invoked setup or manual import of Takomi-Agents settings.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs takomi init/setup selecting Agent YAMLs or imports assets/Takomi-Agents/kilo-code-settings.json
Impact
Could install unsafe KiloCode agent settings and expose/use a bundled credential if imported by the target tool.
Mechanism
staged AI-agent configuration payload
Attack narrative
The dangerous artifact is not executed during npm install. It is bundled as KiloCode settings and can be copied into a project by Takomi's user-invoked agent YAML install path. If a user imports or activates it, the settings include a token and broad auto-approval for writes, command execution, MCP, and subtasks.
Rationale
Source inspection does not show unconsented install-time execution, exfiltration, persistence, or destructive behavior, but the bundled KiloCode configuration is a real staged unsafe AI-agent control payload with a credential. Treat as suspicious/warn rather than clean or publish-block malware.
Evidence
package.jsonsrc/postinstall.jsbin/takomi.jssrc/cli.jssrc/utils.jssrc/pi-installer.jssrc/skills-installer.jsassets/Takomi-Agents/kilo-code-settings.jsonplugins/takomi-flow/scripts/lib/flow-media.mjsplugins/takomi-codex/scripts/takomi-pi-dispatch.ps1plugins/takomi-codex/scripts/takomi-policy.ps1plugins/takomi-codex/scripts/takomi-harness.ps1Takomi-Agents/*.agent/*.pi/*~/.takomi/*~/.agents/skills/*~/.pi/agent/*
Network endpoints4
raw.githubusercontent.com/J-StaR-Films-Studios/VibeCode-Protocol-Suite/mainapi.github.com/repos/J-StaR-Films-Studios/VibeCode-Protocol-Suite/contentslabs.google127.0.0.1:9222

Decision evidence

public snapshot
AI called this Suspicious at 86.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • assets/Takomi-Agents/kilo-code-settings.json contains a KiloCode JWT-like token value.
  • Same settings file enables autoApprovalEnabled, yoloMode, alwaysAllowWrite, alwaysAllowExecute, alwaysAllowMcp.
  • src/utils.js copyAgentYamls copies all assets/Takomi-Agents into a project when selected.
  • src/cli.js init can install Takomi-Agents via the user-selected yamls component.
  • PowerShell helpers can dispatch takomi/pi commands, but require -Execute.
Evidence against
  • package.json postinstall only prints guidance and exits in CI or TAKOMI_SUPPRESS_POSTINSTALL.
  • bin/takomi.js only imports src/cli.js; no install-time payload beyond postinstall guidance.
  • No credential harvesting or exfiltration logic found in inspected JS/PS1 files.
  • flow-media.mjs only parses/clicks Google Flow media URLs in a browser automation feature.
  • Pi asset copier explicitly excludes .pi/settings.json and takomi-profile.json from default bundled Pi copy.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 60 file(s), 386 KB of source, external domains: 127.0.0.1, api.github.com, github.com, labs.google, raw.githubusercontent.com, registry.npmjs.org

Source & flagged code

7 flagged · loading source
package.jsonView file
•scripts.postinstall = node src/postinstall.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
•scripts.postinstall = node src/postinstall.js
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
assets/Takomi-Agents/kilo-code-settings.jsonView file
1patternName = supabase_service_key severity = critical line = 1 matchedText = {"provid...l"}}
Critical
Critical Secret

Package contains a critical-looking secret pattern.

assets/Takomi-Agents/kilo-code-settings.jsonView on unpkg · L1
1patternName = supabase_service_key severity = critical line = 1 matchedText = {"provid...l"}}
Critical
Secret Pattern

Supabase service role key (JWT) in assets/Takomi-Agents/kilo-code-settings.json

assets/Takomi-Agents/kilo-code-settings.jsonView on unpkg · L1
plugins/takomi-codex/scripts/takomi-pi-dispatch.ps1View file
•path = plugins/takomi-codex/scripts/takomi-pi-dispatch.ps1 kind = build_helper sizeBytes = 2668 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

plugins/takomi-codex/scripts/takomi-pi-dispatch.ps1View on unpkg
assets/.agent/skills/ui-ux-pro-max/scripts/design_system.pyView file
•path = assets/.agent/skills/ui-ux-pro-max/scripts/design_system.py kind = payload_in_excluded_dir sizeBytes = 44681 magicHex = [redacted]
High
Payload In Excluded Dir

Package hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.

assets/.agent/skills/ui-ux-pro-max/scripts/design_system.pyView on unpkg
plugins/takomi-flow/scripts/lib/flow-media.mjsView file
•matchType = previous_version_dangerous_delta matchedPackage = takomi@2.1.39 matchedIdentity = npm:dGFrb21p:2.1.39 similarity = 0.793 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version.

plugins/takomi-flow/scripts/lib/flow-media.mjsView on unpkg

Findings

3 Critical2 High5 Medium4 Low
CriticalCritical Secretassets/Takomi-Agents/kilo-code-settings.json
CriticalPrevious Version Dangerous Deltaplugins/takomi-flow/scripts/lib/flow-media.mjs
CriticalSecret Patternassets/Takomi-Agents/kilo-code-settings.json
HighInstall Time Lifecycle Scriptspackage.json
HighPayload In Excluded Dirassets/.agent/skills/ui-ux-pro-max/scripts/design_system.py
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
MediumEnvironment Vars
MediumShips Build Helperplugins/takomi-codex/scripts/takomi-pi-dispatch.ps1
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings