中文 EN

Scan Report

Scan New Files

Low Risk — Risk Score 15/100
Last scan:2 days ago Rescan
15 /100
mia-trust
MIA-Trust Pipeline - Memory-Intelligent Assistant Trust Guard + Memory Evolution
MIA-Trust is a legitimate security guard pipeline that performs prompt injection detection, plan evaluation, and memory management. The skill has minor documentation gaps (undeclared execSync usage) but no malicious behavior detected.
Skill Namemia-trust
Duration40.7s
Enginepi
Safe to install
Add explicit documentation of execSync child process spawning and API key environment variable usage in SKILL.md. No blocking actions needed.

Findings 3 items

Severity Finding Location
Low
Undeclared child process execution
run.mjs uses execSync to spawn child Node processes for trust and planner modules, but this is not declared in SKILL.md
execSync(`node ${join(__dirname, 'trust/mia-trust.mjs')} guard_blocked...`
→ Document execSync usage in SKILL.md capabilities section or refactor to use native module imports
 run.mjs:42
Info
API key environment variable access
Multiple environment variables for API keys (MIA_PLANNER_API_KEY, MIA_TRUST_API_KEY) are read but not declared
MIA_PLANNER_API_KEY: process.env.MIA_PLANNER_API_KEY || ''
→ Add environment variable access to capability documentation
 run.mjs, trust/mia-trust.mjs:28
Info
Query injection in execSync (mitigated)
User input is passed to execSync with basic quote escaping, which is a potential injection vector
QUESTION.replace(/"/g, '\"')
→ Current escaping is minimal but functional for basic protection. Consider more robust input validation.
 run.mjs:45
ResourceDeclaredInferredStatusEvidence
Shell NONE WRITE ✗ Violation run.mjs:42 - execSync spawns child node processes
Network NONE READ ✓ Aligned planner/mia-planner.mjs:65, trust/mia-trust.mjs - API calls to external endpoint…
Filesystem NONE WRITE ✓ Aligned memory/mia-memory.mjs:appendFileSync, trust/mia-trust.mjs - writes to memory.jso…
Environment NONE READ ✗ Violation run.mjs:28-36, trust/mia-trust.mjs:10-14 - reads API keys from process.env
3 findings
🔗
Medium External URL 外部 URL
https://your-api-endpoint/v1/chat/completions
PIPELINE.md:134
🔗
Medium External URL 外部 URL
https://paypal.me/jimmywarting
package-lock.json:35
🔗
Medium External URL 外部 URL
https://opencollective.com/node-fetch
package-lock.json:94

File Tree

11 files · 211.5 KB · 3056 lines
JavaScript 6f · 2064L JSON 3f · 716L Markdown 2f · 276L
├─ 📁 feedback
│ └─ 📜 mia-feedback.mjs JavaScript 95L · 2.4 KB
├─ 📁 memory
│ └─ 📜 mia-memory.mjs JavaScript 426L · 12.4 KB
├─ 📁 planner
│ └─ 📜 mia-planner.mjs JavaScript 191L · 6.0 KB
├─ 📁 trust
│ ├─ 📜 mia-trust.mjs JavaScript 1190L · 47.8 KB
│ └─ 📋 trust_experience.json JSON 579L · 128.2 KB
├─ 📜 _sync_trust_exp.mjs JavaScript 5L · 266 B
├─ 📋 package-lock.json JSON 107L · 3.3 KB
├─ 📋 package.json JSON 30L · 691 B
├─ 📝 PIPELINE.md Markdown 157L · 3.5 KB
├─ 📜 run.mjs JavaScript 157L · 4.2 KB
└─ 📝 SKILL.md Markdown 119L · 2.6 KB

Dependencies 1 items

PackageVersionSourceKnown VulnsNotes
node-fetch ^3.3.2 npm No Modern fetch implementation, no known vulnerabilities

Security Positives

✓ Purpose is clearly legitimate: prompt injection detection and plan security evaluation
✓ Implements multi-layer security: regex scanning + LLM deep analysis + historical experience
✓ Uses constitutional principles for safety evaluation (Authenticity, Safety, Privacy, Robustness, Fairness)
✓ Memory storage is for legitimate experience tracking, not credential harvesting
✓ No base64 decoding, direct IP connections, or C2 communication patterns
✓ API calls are to user-configured endpoints only (no hardcoded exfiltration URLs)
✓ Includes anti-bypass patterns for common prompt injection techniques
✓ No access to sensitive paths like ~/.ssh, ~/.aws, or .env files outside normal config