ast-deobfuscation

This module is a local pipeline orchestrator that reads an input JS file, detects patterns to select a pipeline, and then executes multiple Node.js step scripts via spawnSync. In this fragment, there is no direct evidence of data theft, network exfiltration, or obfuscated malicious behavior; however, it creates a strong arbitrary code execution surface because the executed script paths (step.scriptPath) are dynamically determined by pipeline configuration and indirectly influenced by untrusted input. It also passes the full process environment to child steps and writes intermediate/final artifacts and child output/error text into attacker-influenced outputDir locations. The overall security risk is therefore moderate and largely depends on the trustworthiness and immutability of pipeline-config and the referenced step scripts.

整体判断为 SUSPICIOUS：目的与能力基本一致，且未见凭证请求、外部数据回传或可疑安装链；但该技能明确赋予 AI 代理反混淆/对抗分析能力，属于高风险安全工具类别，即使当前文本未显示恶意数据流。