registry  /  thumbgate  /  1.27.20

thumbgate@1.27.20

⚠ Under review

ThumbGate self-improving agent governance: thumbs-up/down turns every mistake into a prevention rule and blocks repeat patterns. 36 pre-action checks, budget enforcement, and self-protection for Claude Code, Cursor, Codex, Gemini CLI, and Amp.

Static Scan Results

scanned 3h ago · by rust-scanner

Static analysis flagged 19 finding(s) at 86.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
High-risk behavior combination matched malicious policy.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsEvalFilesystemNetworkShell
Supply chain
HighEntropyStringsTelemetryUrlStrings
ManifestNo manifest risk signals triggered.
scanned 223 file(s), 3.36 MB of source, external domains: 127.0.0.1, aistudio.google.com, api.github.com, api.oraclestechnologies.com, api.perplexity.ai, api.resend.com, api.z.ai, arxiv.org, buy.stripe.com, chatgpt.com, generativelanguage.googleapis.com, github.com, help.openai.com, huggingface.co, openai.com, plausible.io, schema.org, searchengineland.com, thumbgate-production.up.railway.app, thumbgate.ai, thumbgate.invalid, volta.sh, www.googletagmanager.com, www.sitemaps.org, x.com

Source & flagged code

9 flagged · loading source
package.jsonView file
scripts.postinstall = node bin/postinstall.js || true
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node bin/postinstall.js || true
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
bin/cli.jsView file
36const http = require('http'); L37: const { execSync, execFileSync, execFile, spawn } = require('child_process'); L38: const {
High
Child Process

Package source references child process execution.

bin/cli.jsView on unpkg · L36
35Cross-file remote execution chain: bin/cli.js spawns src/api/server.js; helper contains network access plus dynamic code execution. L35: const crypto = require('crypto'); L36: const http = require('http'); L37: const { execSync, execFileSync, execFile, spawn } = require('child_process'); L38: const { ... L44: resolveMcpEntry, L45: } = require(path.join(__dirname, '..', 'scripts', 'mcp-config')); L46: const { trackEvent } = require(path.join(__dirname, '..', 'scripts', 'cli-telemetry')); ... L125: function upgradeNudge() { L126: if (process.env.THUMBGATE_NO_NUDGE === '1') return; L127: try { ... L132: const diagnosticUrl = diagnosticUrlFor('cli_upgrade_nudge', COMMAND || 'general'); L133: process.stderr.write(
High
Cross File Remote Execution Context

Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.

bin/cli.jsView on unpkg · L35
scripts/security-scanner.jsView file
66fileTypes: ['.js', '.ts', '.mjs', '.cjs'], L67: remediation: 'Use JSON.parse() or a safe parser library instead of eval() or dynamic Function constructors.', L68: },
High
Eval

Package source references dynamic code evaluation.

scripts/security-scanner.jsView on unpkg · L66
bin/postinstall.jsView file
18TEAM_PRICE_LABEL, L19: } = require('../scripts/commercial-offer'); L20:
Medium
Dynamic Require

Package source references dynamic require/import behavior.

bin/postinstall.jsView on unpkg · L18
scripts/internal-agent-bootstrap.jsView file
7const crypto = require('crypto'); L8: const { execFileSync } = require('child_process'); L9: ... L21: function loadIntentRouterModule() { L22: const modulePath = path.resolve(__dirname, 'intent-router.js'); L23: if (!fs.existsSync(modulePath)) return null; ... L139: title: normalizeText(input.task && input.task.title) || thread.title || null, L140: body: normalizeText(input.task && input.task.body) || null, L141: number: normalizeText(input.task && input.task.number) || null, ... L149: const prepareSandbox = input.prepareSandbox !== false && Boolean(repoPath); L150: const sandboxRoot = path.resolve(input.sandboxRoot || process.env.THUMBGATE_AGENT_SANDBOX_ROOT || DEFAULT_SANDBOX_ROOT); L151:
Low
Weak Crypto

Package source references weak cryptographic algorithms.

scripts/internal-agent-bootstrap.jsView on unpkg · L7
src/api/server.jsView file
1#!/usr/bin/env node L2: const http = require('http'); L3: const https = require('https'); ... L7: const { EventEmitter } = require('node:events'); L8: const pkg = require('../../package.json'); L9: const { ... L69: readRecentConversationWindow, L70: } = loadOptionalModule(path.join(__dirname, '../../scripts/feedback-history-distiller'), () => ({ L71: readRecentConversationWindow: () => [], ... L360: res.setHeader('Content-Type', 'application/json; charset=utf-8'); L361: res.end(JSON.stringify({ error: 'Not found' })); L362: return;
Critical
Credential Exfiltration

Source appears to send environment or credential material to an external endpoint.

src/api/server.jsView on unpkg · L1
scripts/statusline.shView file
path = scripts/statusline.sh kind = build_helper sizeBytes = 9792 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

scripts/statusline.shView on unpkg

Findings

1 Critical5 High6 Medium7 Low
CriticalCredential Exfiltrationsrc/api/server.js
HighInstall Time Lifecycle Scriptspackage.json
HighChild Processbin/cli.js
HighShell
HighEvalscripts/security-scanner.js
HighCross File Remote Execution Contextbin/cli.js
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumDynamic Requirebin/postinstall.js
MediumNetwork
MediumEnvironment Vars
MediumShips Build Helperscripts/statusline.sh
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowWeak Cryptoscripts/internal-agent-bootstrap.js
LowFilesystem
LowHigh Entropy Strings
LowTelemetry
LowUrl Strings