registry  /  vigiles  /  12.1.0

vigiles@12.1.0

Lint & test the harness your AI agent runs on — verify the references in your CLAUDE.md / AGENTS.md and test that your hooks and skills actually work.

AI Security Review

scanned 13d ago · by lpm-firewall-ai

No confirmed malicious attack surface was established. The package is an AI-harness lint/test CLI that can modify project config and agent hook files only through explicit vigiles commands or plugin installation flows.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs vigiles CLI commands such as init, compile, hook install, test, eval, or installs the optional Claude/Codex plugin hooks.
Impact
Project files and harness configs may be updated as documented; no unconsented npm install-time execution or exfiltration was found.
Mechanism
User-invoked harness setup, spec compilation, hook wiring, lint/test execution, and local mock servers.
Rationale
Static source inspection shows powerful CLI and agent-hook capabilities, but they are explicit, package-aligned functions for managing and testing AI harness instructions rather than hidden lifecycle behavior. Scanner hits for child_process, runtime install, network, and AI-agent control surfaces map to user-invoked setup/test/eval paths and transparent plugin hooks, not concrete malicious behavior.
Evidence
package.jsondist/cli.jsdist/setup-plan.jsdist/hook-install.jsdist/core/spec.jshooks/pre-edit.shhooks/post-edit.shhooks/refs-nudge.shhooks/eval-lock-nudge.shhooks/session-start.sh.claude-plugin/plugin.jsonaction.yml.vigiles/generated.d.ts.vigiles/schema.json.vigiles/hooks/*.json.codex/config.toml.claude/settings.jsonCLAUDE.mdAGENTS.mdSKILL.md
Network endpoints5
github.com/zernie/vigilesgithub.com/zernie/vigiles/issues127.0.0.1:<dynamic>localhost:<dynamic>example.com/

Decision evidence

public snapshot
AI called this Clean at 88.0% confidence as Benign with medium false-positive risk.
Evidence for block
  • dist/cli.js can write project instruction files, .vigiles files, package.json, .codex/config.toml, and hook settings when user runs CLI commands.
  • dist/setup-plan.js plans user-invoked global Claude plugin install commands and Codex hook wiring.
  • hooks/*.sh run npx vigiles commands when installed as agent hooks.
Evidence against
  • package.json has no preinstall/install/postinstall lifecycle hooks.
  • dist/core/spec.js main export is builder functions only; no import-time network, shell, or file mutation observed.
  • CLI mutations are command-driven setup/compile/lint/test behavior aligned with an AI-harness lint/test tool.
  • Network references are localhost mock/audit servers, GitHub metadata, example test URLs, and user-invoked npx/claude/gh commands; no credential exfiltration endpoint found.
  • Shell/child_process usage is for linters, harness tests, local Claude/Codex drivers, MCP verification, and explicit setup actions.
  • Shipped .claude-plugin/hooks are transparent lint/compile nudges, not lifecycle-installed automatically by npm.
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsEvalFilesystemNativeBindingsNetwork
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 148 file(s), 1.32 MB of source, external domains: 127.0.0.1, code.claude.com, example.com, github.com, json-schema.org, vigiles.dev

Source & flagged code

5 flagged · loading source
dist/dialect-drift.jsView file
47const node_path_1 = require("node:path"); L48: const node_child_process_1 = require("node:child_process"); L49: /**
High
Child Process

Package source references child process execution.

dist/dialect-drift.jsView on unpkg · L47
dist/eval-baseline.jsView file
26*/ L27: const node_fs_1 = require("node:fs"); L28: const node_path_1 = require("node:path");
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/eval-baseline.jsView on unpkg · L26
dist/cli.jsView file
matchType = previous_version_dangerous_delta matchedPackage = vigiles@12.0.0 matchedIdentity = npm:dmlnaWxlcw:12.0.0 similarity = 0.933 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version.

dist/cli.jsView on unpkg
122const script = `import(${JSON.stringify(fullPath)}).then(m => { const d = m.default?.default ?? m.default; console.log(JSON.stringify(d)); })`; L123: const output = execSync(`npx tsx -e '${script.replace(/'/g, "'\\''")}'`, { L124: encoding: "utf-8",
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

dist/cli.jsView on unpkg · L122
hooks/post-edit.shView file
path = hooks/post-edit.sh kind = build_helper sizeBytes = 887 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

hooks/post-edit.shView on unpkg

Findings

1 Critical2 High5 Medium5 Low
CriticalPrevious Version Dangerous Deltadist/cli.js
HighChild Processdist/dialect-drift.js
HighRuntime Package Installdist/cli.js
MediumDynamic Requiredist/eval-baseline.js
MediumNetwork
MediumEnvironment Vars
MediumShips Build Helperhooks/post-edit.sh
MediumStructural Risk Force Deep Review
LowScripts Present
LowEval
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings