registry  /  vegas-chat  /  2.0.8

vegas-chat@2.0.8

Package no longer supported. Contact Support at https://www.npmjs.com/support for more info.

AI CLI Agent — REPL with tools, multi-LLM support, auto-fix loop, cyberpunk TUI

AI Security Review

scanned 10d ago · by lpm-firewall-ai

No confirmed malicious install-time or import-time attack surface. The package is an AI CLI agent with user-invoked shell, file, web, and LLM-provider tools.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
User runs vegas CLI and grants prompts/tool calls during chat
Impact
Can execute commands and modify files during intended CLI use, but no unconsented package-install behavior was found
Mechanism
interactive AI agent tools
Rationale
Static inspection shows risky agent capabilities, but they are the advertised runtime functionality and are not triggered by install or import. The lifecycle scripts are benign version/check permission maintenance, with no credential harvesting, persistence, exfiltration, or AI-agent control-surface mutation found.
Evidence
package.jsondist/index.jsdist/repl.jsdist/tools/bash.jsdist/tools/write.jsdist/tools/edit.jsdist/provider/registry.jsdist/config.js~/.vegas/config.json~/.vegas/vegas.db~/.vegas/skills/*.md
Network endpoints12
api.openai.com/v1api.anthropic.com/v1/messagesgenerativelanguage.googleapis.com/v1betaopencode.ai/zen/v1google.serper.dev/searchapi.groq.com/openai/v1api.deepseek.com/v1openrouter.ai/api/v1api.together.xyz/v1api.x.ai/v1api.mistral.ai/v1localhost:20128/v1

Decision evidence

public snapshot
AI called this Clean at 90.0% confidence as Benign with low false-positive risk.
Evidence for block
  • dist/tools/bash.js exposes an LLM-callable execSync shell tool at runtime.
  • dist/tools/write.js and dist/tools/edit.js can write arbitrary user-specified paths when invoked in chat.
  • dist/config.js stores API keys in ~/.vegas/config.json for the CLI's providers.
Evidence against
  • package.json preinstall only checks Node major version; postinstall only chmods dist/index.js.
  • dist/index.js only starts the interactive REPL; no import-time exfiltration or payload fetch found.
  • Network calls are package-aligned LLM/search providers in dist/provider/* and dist/tools/webSearch.js.
  • No lifecycle script writes AI-agent control files or alters project instructions.
  • Filesystem writes are CLI features, user/LLM-invoked after running the vegas binary.
Behavioral surface
Source
ChildProcessCryptoFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 44 file(s), 169 KB of source, external domains: api.anthropic.com, api.deepseek.com, api.groq.com, api.mistral.ai, api.openai.com, api.together.xyz, api.x.ai, generativelanguage.googleapis.com, google.serper.dev, opencode.ai, openrouter.ai, serper.dev

Source & flagged code

3 flagged · loading source
package.jsonView file
scripts.preinstall = node -e "process.exit(process.version.slice(1).split('.')[0] < 18 ? 1 : 0)" || echo "vegas requires Node.js >= 18"
Critical
Red Install Lifecycle Script

Install-time lifecycle script matches a deterministic static-gate block pattern.

package.jsonView on unpkg
scripts.preinstall = node -e "process.exit(process.version.slice(1).split('.')[0] < 18 ? 1 : 0)" || echo "vegas requires Node.js >= 18"
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node -e "try{require('fs').chmodSync('dist/index.js',0o755)}catch(e){}"
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg

Findings

1 Critical1 High3 Medium5 Low
CriticalRed Install Lifecycle Scriptpackage.json
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings