yp
Audited by Socket on Jul 13, 2026
3 alerts found:
Anomalyx3SUSPICIOUS: overall purpose and capabilities mostly align, and the declared package install path appears proportionate for a developer CLI. Main concerns are transitive skill installation, credential forwarding through the external `yp` CLI to AI providers, and broad real-world write actions (git push, PR/work-item mutation, deletion) that exceed a read-only helper profile. No clear evidence of credential theft, hidden exfiltration, or fundamentally incompatible behavior was provided.
No clear malicious/backdoor behavior is evident in this code fragment; it behaves like a legitimate AI API client with local config/model caching. However, there are meaningful security hygiene and configuration risks: (1) Gemini API keys are included in the URL query string, increasing leakage likelihood, and (2) baseUrl/customBaseUrl are used without strict allowlisting, so tampering with ~/.yitpush/config.json or providing a malicious customBaseUrl could redirect requests to attacker-controlled endpoints while credentials are attached (credential exfiltration risk).
No explicit malicious/stealth behavior is evident in this fragment. However, it performs a high-impact supply-chain operation: it uses `npx` to non-interactively install a third-party package by name without visible version/integrity pinning. This creates a meaningful risk that upstream package changes or compromise could lead to arbitrary code execution during installation. Additional assessment requires reviewing the implementations of `RunCommandCapture`/`RunCommandPassthrough` and any package/skills security controls elsewhere in the project.