@tryghost/ghst
Unknown developer
Threat Summary
Key Security Threats
YARA rule match: -credential_env_files
/tmp/extract-b4ea3e51dfec7ae9766473546f4b82022847ec8902abd578de3b7e64fdec7a01-3376962494/dist/index.js.map
YARA rule match: -postinstall_persistence_mechanism
/tmp/extract-b4ea3e51dfec7ae9766473546f4b82022847ec8902abd578de3b7e64fdec7a01-3376962494/dist/index.js.map
YARA rule match: -postinstall_crypto_operations
/tmp/extract-b4ea3e51dfec7ae9766473546f4b82022847ec8902abd578de3b7e64fdec7a01-3376962494/dist/index.js.map
YARA rule match: -postinstall_obfuscation
/tmp/extract-b4ea3e51dfec7ae9766473546f4b82022847ec8902abd578de3b7e64fdec7a01-3376962494/dist/index.js.map
YARA rule match: -UsingShellInterpreterWhenExecutingOSCommands
/tmp/extract-b4ea3e51dfec7ae9766473546f4b82022847ec8902abd578de3b7e64fdec7a01-3376962494/dist/index.js.map
All Findings (281)
View all 281 security findings
YARA rule match: -credential_env_files
YARA rule match: -postinstall_persistence_mechanism
YARA rule match: -postinstall_crypto_operations
YARA rule match: -postinstall_obfuscation
YARA rule match: -UsingShellInterpreterWhenExecutingOSCommands
YARA rule match: -NoDisableSanitizeHtml
YARA rule match: -postinstall_file_manipulation
YARA rule match: -postinstall_network_communication
YARA rule match: -postinstall_file_download
YARA rule match: -postinstall_system_command
MCP tool poisoning risk: FILESYSTEM-ACCESS-dist/index.js-9634
YARA rule match: -credential_env_files
YARA rule match: -postinstall_system_command
YARA rule match: -postinstall_persistence_mechanism
YARA rule match: -postinstall_crypto_operations
YARA rule match: -postinstall_obfuscation
YARA rule match: -UsingCommandLineArguments
YARA rule match: -UsingShellInterpreterWhenExecutingOSCommands
YARA rule match: -NoDisableSanitizeHtml
YARA rule match: -postinstall_file_manipulation
YARA rule match: -postinstall_network_communication
YARA rule match: -postinstall_file_download
YARA rule match: -postinstall_network_communication
MCP tool poisoning risk: CREDENTIAL-ACCESS-dist/index.js-8781
MCP tool poisoning risk: FILESYSTEM-ACCESS-dist/index.js-9204
YARA rule match: -credential_env_files
YARA rule match: -postinstall_file_manipulation
YARA rule match: -postinstall_network_communication
YARA rule match: -postinstall_file_download
YARA rule match: -postinstall_system_command
MCP tool poisoning risk: FILESYSTEM-ACCESS-dist/index.js-9480
MCP tool poisoning risk: FILESYSTEM-ACCESS-dist/index.js-1127
YARA rule match: -postinstall_file_manipulation
MCP tool poisoning risk: FILESYSTEM-ACCESS-dist/index.js-1159
MCP tool poisoning risk: FILESYSTEM-ACCESS-dist/index.js-12244
Network call of type 'fetch' detected.
Network call of type 'fetch' detected.
Network call of type 'fetch' detected.
XIOC detected Domain: params.next
Network call of type 'fetch' detected.
XIOC detected URL: https://app.example.com
XIOC detected URL: https://ghost.org/trademark/)
XIOC detected URL: https://example.com).
XIOC detected URL: https://.
XIOC detected URL: https://example.com):
XIOC detected URL: https://app.example.com.
XIOC detected URL: https://example.com).',
XIOC detected Domain: z.email
XIOC detected Domain: fs.watch
XIOC detected Domain: github.com
XIOC detected URL: https://myblog.ghost.io
XIOC detected URL: https://hooks.example.com/ghost
XIOC detected URL: https://example.com/.ghost/activitypub/note/1
XIOC detected URL: https://example.com/users/alice/statuses/1
XIOC detected Domain: options.events
XIOC detected Domain: parsed.data.events
XIOC detected Domain: parsed.data.host
XIOC detected Domain: event.host
XIOC detected Domain: event.id
XIOC detected Domain: program.name
XIOC detected Domain: index.js.map
XIOC detected Domain: options.zip
XIOC detected Domain: parsed.data.zip
XIOC detected Domain: parsed.data.watch
XIOC detected Domain: date.now
XIOC detected Domain: first.id
XIOC detected Domain: hook.id
XIOC detected Domain: request.off
XIOC detected Domain: rangedata.to
XIOC detected Domain: options.to
XIOC detected Domain: payload.items.map
XIOC detected Domain: parsed2.data
XIOC detected Domain: options.post
XIOC detected Domain: options.watch
XIOC detected Domain: fs14.watch
XIOC detected Domain: z9.email
XIOC detected Domain: options.at
XIOC detected Domain: parsed.data.at
XIOC detected Domain: options.next
XIOC detected Domain: options.bio
XIOC detected Domain: parsed.data.next
XIOC detected Domain: parsedpagination.data.next
XIOC detected Domain: data.email
XIOC detected Domain: data.search
XIOC detected Domain: values.map
XIOC detected Domain: parsed.data.email
XIOC detected Domain: parsed.data.search
XIOC detected Domain: headers.map
XIOC detected Domain: postdata.author
XIOC detected Domain: args.post
XIOC detected Domain: options.host
XIOC detected Domain: appserver.off
XIOC detected Domain: process.off
XIOC detected Domain: parsed.search
XIOC detected Domain: options.tools
XIOC detected Domain: z7.email
XIOC detected Domain: args.at
XIOC detected Domain: args.email
XIOC detected Domain: items.map
XIOC detected Domain: args.page
XIOC detected Domain: args.top
XIOC detected Domain: args.target
XIOC detected Domain: args.bio
XIOC detected Domain: client.users.me
XIOC detected Domain: value.next
XIOC detected Domain: value.name
XIOC detected Domain: value.bio
XIOC detected Domain: args.to
XIOC detected Domain: args.next
XIOC detected Domain: args.id
XIOC detected Domain: growth.summary.total
XIOC detected Domain: client.tags.read
XIOC detected Domain: tags.map
XIOC detected Domain: uploadedtheme.name
XIOC detected Domain: client.tiers.read
XIOC detected Domain: tiers.map
XIOC detected Domain: client.users.read
XIOC detected Domain: row.delta
XIOC detected Domain: entry.id
XIOC detected Domain: selectedrows.map
XIOC detected Domain: selected.map
XIOC detected Domain: input.id
XIOC detected Domain: postgrowthsummary.free
XIOC detected Domain: emailsummary.email
XIOC detected Domain: row.name
XIOC detected Domain: statsconfig.id
XIOC detected Domain: payload.data
XIOC detected Domain: subscriptionsmeta.totals.map
XIOC detected Domain: entry.total
XIOC detected Domain: mrr.map
XIOC detected Domain: subscriptionshistory.map
XIOC detected Domain: source.email
XIOC detected Domain: source.open
XIOC detected Domain: source.click
XIOC detected Domain: newsletter.id
XIOC detected Domain: newsletter.name
XIOC detected Domain: summary.email
XIOC detected Domain: existing.date
XIOC detected Domain: row.free
XIOC detected Domain: row.total
XIOC detected Domain: row.email
XIOC detected Domain: row.open
XIOC detected Domain: row.click
XIOC detected Domain: basicstatsrows.map
XIOC detected Domain: source.free
XIOC detected Domain: range.to
XIOC detected Domain: row.date
XIOC detected Domain: input.to
XIOC detected Domain: rows.map
XIOC detected Domain: row.id
XIOC detected Domain: row.post
XIOC detected Domain: keys.map
XIOC detected Domain: settings.social
XIOC detected Domain: patch.name
XIOC detected URL: https://.',
XIOC detected Domain: myblog.ghost.io
XIOC detected URL: https://app.example.com.',
XIOC detected Domain: patch.bio
XIOC detected URL: https://github.com/TryGhost/ghst/issues
XIOC detected Domain: params.email
XIOC detected Domain: current.tags.map
XIOC detected Domain: this.global
XIOC detected Domain: siteinfo.site
XIOC detected Domain: settings.map
XIOC detected Domain: next.next
XIOC detected Domain: page.next
XIOC detected Domain: client.newsletters.read
XIOC detected Domain: newsletters.map
XIOC detected Domain: client.offers.read
XIOC detected Domain: offers.map
XIOC detected Domain: client.pages.read
XIOC detected Domain: pages.map
XIOC detected Domain: client.posts.read
XIOC detected Domain: client.members.read
XIOC detected Domain: options.email
XIOC detected Domain: existing.id
XIOC detected Domain: options.labels.map
XIOC detected Domain: l.name
XIOC detected Domain: options.search
XIOC detected Domain: members.map
XIOC detected Domain: label.id
XIOC detected Domain: labels.map
XIOC detected Domain: options.name
XIOC detected Domain: data.id
XIOC detected Domain: data.name
XIOC detected Domain: parsed.data
XIOC detected Domain: parsed.data.name
XIOC detected Domain: parsed.data.id
XIOC detected Domain: program.commands.map
XIOC detected Domain: entry.name
XIOC detected Domain: program.options.map
XIOC detected Domain: value.map
XIOC detected Domain: client.labels.read
XIOC detected Domain: options.id
XIOC detected Domain: options.params.page
XIOC detected Domain: current.data
XIOC detected Domain: result.data
XIOC detected Domain: chalk2.green
XIOC detected Domain: options.page
XIOC detected Domain: value.page
XIOC detected Domain: parsed.data.page
XIOC detected Domain: payload.referrers.map
XIOC detected Domain: payload.growth.map
XIOC detected Domain: item.date
XIOC detected Domain: item.free
XIOC detected Domain: payload.newsletter.open
XIOC detected Domain: payload.newsletter.click
XIOC detected Domain: entries.map
XIOC detected Domain: item.open
XIOC detected Domain: item.click
XIOC detected Domain: payload.newsletters.map
XIOC detected Domain: payload.clicks.map
XIOC detected Domain: item.post
XIOC detected Domain: payload.summary.free
XIOC detected Domain: payload.summary.email
XIOC detected Domain: theme.name
XIOC detected Domain: payload.site
XIOC detected Domain: site.site
XIOC detected Domain: client.post
XIOC detected Domain: payload.range.to
XIOC detected Domain: payload.summary.total
XIOC detected Domain: payload.posts.map
XIOC detected Domain: notification.post
XIOC detected Domain: payload.post
XIOC detected Domain: ancestor.id
XIOC detected Domain: child.post
XIOC detected Domain: child.post.id
XIOC detected Domain: record.group
XIOC detected Domain: comments.map
XIOC detected Domain: report.settings.social
XIOC detected Domain: account.bio
XIOC detected Domain: payload.next
XIOC detected Domain: single.author
XIOC detected Domain: single.id
XIOC detected Domain: notifications.map
XIOC detected Domain: notification.actor
XIOC detected Domain: record.name
XIOC detected Domain: record.email
XIOC detected Domain: posts.map
XIOC detected Domain: post.author
XIOC detected Domain: accounts.map
XIOC detected Domain: account.id
XIOC detected Domain: account.name
XIOC detected Domain: member.name
XIOC detected Domain: member.email
XIOC detected Domain: record.post
XIOC detected Domain: record.in
XIOC detected Domain: record.id
XIOC detected Domain: member.id
XIOC detected Domain: post.id
XIOC detected Domain: chalk.red
XIOC detected Domain: chalk.blue
XIOC detected Domain: row.map
XIOC detected Domain: pagination.page
XIOC detected Domain: pagination.total
XIOC detected Domain: fields.map
XIOC detected Domain: collection.map
XIOC detected Domain: global.site
XIOC detected Domain: projectconfig.site
XIOC detected Domain: process.env.no
XIOC detected Domain: options.site
XIOC detected Domain: data.map
XIOC detected Domain: collectionvalue.map
XIOC detected Domain: chalk.green
XIOC detected Domain: ghost.org
XIOC detected Domain: launch.md
XIOC detected Domain: contributing.md
XIOC detected Domain: this.name
XIOC detected Domain: parsed.error.issues.map
XIOC detected Domain: parsed.id
XIOC detected Domain: count.direct
XIOC detected URL: https://github.com/TryGhost/ghst#readme
Network call of type 'fetch' detected.
XIOC detected URL: https://github.com/TryGhost/ghst.git
XIOC detected Domain: current.bio
XIOC detected Domain: current.name
XIOC detected Domain: args.name
MCP tool poisoning risk: CODE-SMELL-dist/index.js-690
HASH-3dcd493a23843457
HASH-56df280a26071c1e
HASH-ba6dfb1c4ef11b1c
Recommended Action
This extension has significant security concerns that warrant careful review. Consider uninstalling or finding a safer alternative. If you must use it, limit the permissions and monitor for suspicious activity.