registry  /  vigiles  /  12.2.0

vigiles@12.2.0

Lint & test the harness your AI agent runs on — verify the references in your CLAUDE.md / AGENTS.md and test that your hooks and skills actually work.

AI Security Review

scanned 11d ago · by lpm-firewall-ai

No confirmed malicious attack surface. Risky primitives are aligned with an AI-harness lint/test tool and require explicit CLI, CI action, or installed hook invocation.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User invokes vigiles CLI/action or installs and triggers bundled agent hooks.
Impact
Project files/configs may be generated or updated as documented; no source-grounded exfiltration or persistence beyond requested harness wiring.
Mechanism
User-invoked harness generation, hook testing, and lint/eval orchestration
Rationale
Static inspection shows powerful but package-aligned functionality for compiling/testing agent harnesses, with no lifecycle execution, credential theft, or unconsented control-surface mutation. Scanner hits are explained by documented CLI/action/hook behavior that is user-invoked.
Evidence
package.jsondist/core/spec.jsdist/cli.jsdist/hook-install.jsdist/run-hook.jsdist/adapters/claude-code/skill-runtime.jshooks/pre-edit.shhooks/post-edit.shhooks/session-start.shaction.yml.codex/config.toml.vigiles/hooks/*.json.vigiles/generated.d.ts.vigiles/schema.json.vigiles/active-skill.json

Decision evidence

public snapshot
AI called this Clean at 86.0% confidence as Benign with medium false-positive risk.
Evidence for block
  • Ships AI-agent hooks/skills and CLI code that can write harness configs when user runs init/compile.
  • dist/run-hook.js can spawn shell commands for user-supplied hook tests; default behavior is user-invoked test/runtime functionality.
  • action.yml uses npx to run vigiles@version in GitHub Actions, package-aligned CI behavior.
Evidence against
  • package.json has no install/preinstall/postinstall/prepare lifecycle scripts.
  • Main export dist/core/spec.js only exposes spec builder functions; no import-time network, shell, or file mutation.
  • dist/cli.js writes generated specs, hooks, configs, and devDependency only in explicit CLI commands.
  • dist/hook-install.js preserves existing hooks and merges compiled vigiles hook entries by path.
  • hooks/*.sh run npx vigiles commands only when installed as agent hooks and triggered by project edits/session events.
  • No credential harvesting or hardcoded exfiltration endpoint found in inspected source.
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsEvalFilesystemNativeBindingsNetwork
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 148 file(s), 1.32 MB of source, external domains: 127.0.0.1, code.claude.com, example.com, github.com, json-schema.org, vigiles.dev

Source & flagged code

5 flagged · loading source
dist/dialect-drift.jsView file
47const node_path_1 = require("node:path"); L48: const node_child_process_1 = require("node:child_process"); L49: /**
High
Child Process

Package source references child process execution.

dist/dialect-drift.jsView on unpkg · L47
dist/eval-baseline.jsView file
26*/ L27: const node_fs_1 = require("node:fs"); L28: const node_path_1 = require("node:path");
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/eval-baseline.jsView on unpkg · L26
dist/cli.jsView file
matchType = previous_version_dangerous_delta matchedPackage = vigiles@12.1.0 matchedIdentity = npm:dmlnaWxlcw:12.1.0 similarity = 0.958 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version.

dist/cli.jsView on unpkg
121const script = `import(${JSON.stringify(fullPath)}).then(m => { const d = m.default?.default ?? m.default; console.log(JSON.stringify(d)); })`; L122: const output = execSync(`npx tsx -e '${script.replace(/'/g, "'\\''")}'`, { L123: encoding: "utf-8",
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

dist/cli.jsView on unpkg · L121
hooks/post-edit.shView file
path = hooks/post-edit.sh kind = build_helper sizeBytes = 887 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

hooks/post-edit.shView on unpkg

Findings

1 Critical2 High5 Medium5 Low
CriticalPrevious Version Dangerous Deltadist/cli.js
HighChild Processdist/dialect-drift.js
HighRuntime Package Installdist/cli.js
MediumDynamic Requiredist/eval-baseline.js
MediumNetwork
MediumEnvironment Vars
MediumShips Build Helperhooks/post-edit.sh
MediumStructural Risk Force Deep Review
LowScripts Present
LowEval
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings