registry  /  vigiles  /  12.3.0

vigiles@12.3.0

Lint & test the harness your AI agent runs on — verify the references in your CLAUDE.md / AGENTS.md and test that your hooks and skills actually work.

AI Security Review

scanned 6d ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. No confirmed malicious attack surface was found. The package does expose first-party AI-agent hook/plugin setup that can modify Claude/Codex hook configs when explicitly invoked.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs vigiles init/setup/compile/plugin or installs the Claude plugin explicitly
Impact
Agent hooks may run local vigiles commands during agent sessions; no unconsented install-time mutation or exfiltration found
Mechanism
first-party agent hook and harness configuration setup
Rationale
vigiles@12.3.0 is an AI harness testing/linting package whose suspicious primitives are aligned with its stated purpose and are user-invoked. Because it ships and can wire first-party agent hooks, downgrade to warn rather than block.
Evidence
package.jsondist/cli.jsdist/setup-plan.jsdist/hook-install.js.claude-plugin/plugin.jsonhooks/post-edit.shhooks/pre-edit.shhooks/session-start.shdist/eval.jsdist/dialect-drift.js.codex/config.toml.claude/settings.json.vigiles/hooks/*.jsonvigiles-report.jsonvigiles-report.html
Network endpoints3
github.com/zernie/vigilesgithub.com/zernie/vigiles/issues127.0.0.1

Decision evidence

public snapshot
AI called this Suspicious at 86.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • .claude-plugin/plugin.json registers first-party Claude hooks that run package scripts from hooks/*.sh
  • dist/cli.js wireCodexHooks writes .codex/config.toml with npx vigiles hook-runtime commands during explicit plugin init
  • dist/cli.js installHookFile can merge compiled user-authored hooks into .claude/settings.json or .codex/config.toml
  • dist/eval.js and harness code spawn local claude/codex processes for explicit eval/test features
Evidence against
  • package.json has no preinstall/install/postinstall lifecycle scripts
  • package main dist/core/spec.js is builder/helper exports, not import-time attack code
  • Hook and config mutation paths are CLI/user-invoked, not automatic npm install behavior
  • Network references are package-aligned testing/sandbox/model endpoints; no credential exfiltration endpoint found
  • Shell hooks run local npx vigiles lint/compile/generate tasks and do not harvest secrets
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsEvalFilesystemNativeBindingsNetwork
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 148 file(s), 1.33 MB of source, external domains: 127.0.0.1, code.claude.com, example.com, github.com, json-schema.org, vigiles.dev

Source & flagged code

6 flagged · loading source
dist/dialect-drift.jsView file
47const node_path_1 = require("node:path"); L48: const node_child_process_1 = require("node:child_process"); L49: /**
High
Child Process

Package source references child process execution.

dist/dialect-drift.jsView on unpkg · L47
dist/cli.jsView file
121const script = `import(${JSON.stringify(fullPath)}).then(m => { const d = m.default?.default ?? m.default; console.log(JSON.stringify(d)); })`; L122: const output = execSync(`npx tsx -e '${script.replace(/'/g, "'\\''")}'`, { L123: encoding: "utf-8",
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

dist/cli.jsView on unpkg · L121
3598"runs the real model on your subscription. Refusing to fire them all non-interactively.\n" + L3599: " → name the eval(s): vigiles eval path/to/x.eval.mjs\n" + L3600: " → or opt in to all: vigiles eval --all");
Low
Eval

Package source references a known benign dynamic code generation pattern.

dist/cli.jsView on unpkg · L3598
dist/eval-baseline.jsView file
26*/ L27: const node_fs_1 = require("node:fs"); L28: const node_path_1 = require("node:path");
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/eval-baseline.jsView on unpkg · L26
hooks/post-edit.shView file
path = hooks/post-edit.sh kind = build_helper sizeBytes = 887 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

hooks/post-edit.shView on unpkg
dist/eval.jsView file
matchType = previous_version_dangerous_delta matchedPackage = vigiles@12.2.0 matchedIdentity = npm:dmlnaWxlcw:12.2.0 similarity = 0.983 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/eval.jsView on unpkg

Findings

1 Critical2 High5 Medium5 Low
CriticalPrevious Version Dangerous Deltadist/eval.js
HighChild Processdist/dialect-drift.js
HighRuntime Package Installdist/cli.js
MediumDynamic Requiredist/eval-baseline.js
MediumNetwork
MediumEnvironment Vars
MediumShips Build Helperhooks/post-edit.sh
MediumStructural Risk Force Deep Review
LowScripts Present
LowEvaldist/cli.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings