registry  /  @1agh/maude  /  0.42.0

@1agh/maude@0.42.0

⚠ Under review

Marketplace of Claude Code plugins by Michal Dovrtěl: `design` (canvas-first design iteration) + `flow` (generic agentic workflow loop with .ai second brain). Ships the `maude` CLI (with `mdcc` legacy alias) to scaffold workspace, run the design dev serve

Static Scan Results

scanned 7d ago · by rust-scanner

Static analysis flagged 23 finding(s) at 93.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShellWebSocket
Supply chain
HighEntropyStringsMinifiedObfuscatedProtestwareUrlStrings
ManifestNo manifest risk signals triggered.
scanned 265 file(s), 6.94 MB of source, external domains: 127.0.0.1, api.github.com, backend.assistant-api.com, cdn.example.com, cdn.jsdelivr.net, example.com, foo.example.com, github.com, googlechromelabs.github.io, h.example, hub.example.com, hub.invalid, hub.yourteam.dev, motion.dev, nope.example, raw.githubusercontent.com, react.dev, registry.npmjs.org, remotion.dev, schemas.openxmlformats.org, ui.shadcn.com, www.canva.com, www.framer.com, www.pixijs.com, www.remotion.dev, www.w3.org

Source & flagged code

13 flagged · loading source
package.jsonView file
scripts.postinstall = node cli/install.cjs
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
cli/cli-wrapper.cjsView file
13const path = require('node:path'); L14: const { spawnSync } = require('node:child_process'); L15:
High
Child Process

Package source references child process execution.

cli/cli-wrapper.cjsView on unpkg · L13
11L12: const fs = require('node:fs'); L13: const path = require('node:path');
Medium
Dynamic Require

Package source references dynamic require/import behavior.

cli/cli-wrapper.cjsView on unpkg · L11
apps/studio/bin/_ensure-browser.mjsView file
51export const CDN_HOSTS = new Set(['storage.googleapis.com', 'googlechromelabs.github.io']); L52: // The CfT version string flows into cache paths and (on Windows) a PowerShell L53: // `-Command` string, so validate it before ANY use (defender F3).
High
Shell

Package source references shell execution.

apps/studio/bin/_ensure-browser.mjsView on unpkg · L51
apps/studio/server.mjsView file
9// can detect a running instance instead of accidentally starting a second one. L10: // Tabs in the UI push their active state over WebSocket; server persists to L11: // <designRoot>/_active.json so /design:edit "<feedback>" knows which canvas to edit. ... L18: import crypto from 'node:crypto'; L19: import { exec } from 'node:child_process'; L20: import { fileURLToPath } from 'node:url'; ... L22: const __filename = fileURLToPath(import.meta.url); L23: const __dirname = path.dirname(__filename); L24: ... L30: if (i !== -1 && process.argv[i + 1]) return path.resolve(process.argv[i + 1]); L31: if (process.env.CLAUDE_PROJECT_DIR) return path.resolve(process.env.CLAUDE_PROJECT_DIR); L32: return process.cwd();
Low
Weak Crypto

Package source references weak cryptographic algorithms.

apps/studio/server.mjsView on unpkg · L9
cli/lib/update-check.mjsView file
12L13: import { spawn } from 'node:child_process'; L14: import { mkdirSync, readFileSync, writeFileSync } from 'node:fs'; ... L19: const PKG_NAME = '@1agh/maude'; L20: const REGISTRY_URL = `https://registry.npmjs.org/${PKG_NAME}/latest`; L21: const CACHE_TTL_MS = 24 * 60 * 60 * 1000; ... L24: function cachePath() { L25: const base = process.env.XDG_CACHE_HOME || join(homedir(), '.cache'); L26: return join(base, 'maude', 'update-check.json');
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

cli/lib/update-check.mjsView on unpkg · L12
8// • Opt-out via MAUDE_NO_UPDATE_CHECK=1, NO_UPDATE_NOTIFIER=1, CI=true, L9: // or any non-TTY stderr (pipes, CI logs, etc.). L10: // • Best-effort everywhere: cache read/write, registry fetch, and spawn ... L12: L13: import { spawn } from 'node:child_process'; L14: import { mkdirSync, readFileSync, writeFileSync } from 'node:fs'; ... L19: const PKG_NAME = '@1agh/maude'; L20: const REGISTRY_URL = `https://registry.npmjs.org/${PKG_NAME}/latest`; L21: const CACHE_TTL_MS = 24 * 60 * 60 * 1000; ... L24: function cachePath() { L25: const base = process.env.XDG_CACHE_HOME || join(homedir(), '.cache'); L26: return join(base, 'maude', 'update-check.json');
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

cli/lib/update-check.mjsView on unpkg · L8
cli/commands/hub.mjsView file
142const record = addToken(dataDir, { label: 'dev', dev: true }); L143: process.stdout.write( L144: `[hub] --dev token written to ${dataDir}/tokens.db:\n label: ${record.label}\n value: ${record.value}\n\n Connect from a peer:\n maude design link http://loca... L145: ); ... L148: const entry = resolveHubEntry(hubRoot); L149: const child = spawn(process.execPath, [entry], { L150: stdio: 'inherit',
High
Command Output Exfiltration

Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.

cli/commands/hub.mjsView on unpkg · L142
cli/lib/fetch-asset.test.mjsView file
33// ── SSRF classifier: BLOCKED addresses ─────────────────────────────────────── L34: test('classifyAddress blocks private / loopback / link-local / reserved IPv4', () => { L35: const blocked = [ ... L140: test('parseHttpsTarget accepts https and extracts host/port', () => { L141: assert.deepEqual(parseHttpsTarget('https://example.com/a.png'), { L142: host: 'example.com', ... L165: test('sniffImageExt recognises png/jpg/gif/webp and rejects SVG/HTML/empty', () => { L166: const png = Buffer.from([0x89, 0x50, 0x4e, 0x47, 0x0d, 0x0a, 0x1a, 0x0a, 0, 0]); L167: const jpg = Buffer.from([0xff, 0xd8, 0xff, 0xe0, 0, 0]);
High
Cloud Metadata Access

Source reaches cloud instance metadata or link-local credential endpoints.

cli/lib/fetch-asset.test.mjsView on unpkg · L33
cli/commands/design.mjsView file
matchType = previous_version_dangerous_delta matchedPackage = @1agh/maude@0.37.0 matchedIdentity = npm:QDFhZ2gvbWF1ZGU:0.37.0 similarity = 0.500 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

cli/commands/design.mjsView on unpkg
1Cross-file remote execution chain: cli/commands/design.mjs spawns apps/studio/server.mjs; helper contains network access plus dynamic code execution. L1: import { execSync, spawn, spawnSync } from 'node:child_process'; L2: import { chmodSync, existsSync, readFileSync } from 'node:fs'; ... L61: if (!sub || sub === 'help') { L62: process.stdout.write(usage()); L63: return; ... L109: const rest = args.slice(args.indexOf(verb) + 1); // everything after the verb token L110: const childEnv = { ...process.env, CLAUDE_PLUGIN_ROOT: pluginRoot }; L111: // For verbs that boot the dev-server, resolve the compiled platform binary the ... L113: // yjs + every runtime dep; `bun server.ts` from source does NOT (the deps live L114: // in a nested package.json the npm tarball excludes), so on a production install L115: // server.ts crashes at boot on `yjs`. server-up.sh prefers MAUDE_DEV_SERVER_BIN ... L262: process.stderr.write(
High
Cross File Remote Execution Context

Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.

cli/commands/design.mjsView on unpkg · L1
cli/bin/mdcc.exeView file
path = cli/bin/mdcc.exe kind = native_binary sizeBytes = 569 magicHex = [redacted]
Medium
Ships Native Binary

Package ships native binary artifacts.

cli/bin/mdcc.exeView on unpkg
apps/studio/bin/prep.shView file
path = apps/studio/bin/prep.sh kind = build_helper sizeBytes = 9685 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

apps/studio/bin/prep.shView on unpkg

Findings

1 Critical8 High7 Medium7 Low
CriticalPrevious Version Dangerous Deltacli/commands/design.mjs
HighInstall Time Lifecycle Scriptspackage.json
HighChild Processcli/cli-wrapper.cjs
HighShellapps/studio/bin/_ensure-browser.mjs
HighSame File Env Network Executioncli/lib/update-check.mjs
HighCommand Output Exfiltrationcli/commands/hub.mjs
HighSandbox Evasion Gated Capabilitycli/lib/update-check.mjs
HighCloud Metadata Accesscli/lib/fetch-asset.test.mjs
HighCross File Remote Execution Contextcli/commands/design.mjs
MediumDynamic Requirecli/cli-wrapper.cjs
MediumNetwork
MediumEnvironment Vars
MediumProtestware
MediumShips Native Binarycli/bin/mdcc.exe
MediumShips Build Helperapps/studio/bin/prep.sh
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowWeak Cryptoapps/studio/server.mjs
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings