registry  /  @agentconnect.md/daemon  /  1.5.0

@agentconnect.md/daemon@1.5.0

AgentConnect daemon — edge message + agent execution unit

Static Scan Results

scanned 1d ago · by rust-scanner

Static analysis flagged 15 finding(s) at 93.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsEvalFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 30 file(s), 1.75 MB of source, external domains: cdn.agentclientprotocol.com, datatracker.ietf.org, github.com, github.com.helper, github.com.usehttppath, json-schema.org, raw.githubusercontent.com, www.apple.com
Oversized source lightweight scan
dist/index.js2.47 MB file, sampled 256 KB
FilesystemEnvironmentVarsHighEntropyStrings
dist/run-foreground-CRZ17asA.js10.5 MB file, sampled 256 KB
FilesystemNetworkEnvironmentVarsCryptoHighEntropyStrings

Source & flagged code

8 flagged · loading source
dist/bridge-NEdX_EzI.jsView file
5321ref: validation_error_1.default, L5322: code: (0, codegen_1._)`require("ajv/dist/runtime/validation_error").default` L5323: });
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/bridge-NEdX_EzI.jsView on unpkg · L5321
5360if (this.opts.code.process) sourceCode = this.opts.code.process(sourceCode, sch); L5361: const validate = new Function(`${names_1.default.self}`, `${names_1.default.scope}`, sourceCode)(this, this.scope.get()); L5362: this.scope.value(validateName, { ref: validate });
Low
Eval

Package source references a known benign dynamic code generation pattern.

dist/bridge-NEdX_EzI.jsView on unpkg · L5360
dist/acp-host-Cg7JjBEn.jsView file
7import { accessSync, constants, existsSync, mkdirSync, promises, readFileSync, readdirSync, realpathSync, renameSync, rmSync, statSync, writeFileSync } from "node:fs"; L8: import { spawn } from "child_process"; L9: import { EventEmitter } from "node:events"; ... L37: function platformKey() { L38: const os = process.platform === "win32" ? "windows" : process.platform === "darwin" ? "darwin" : process.platform === "linux" ? "linux" : null; L39: const arch = process.arch === "arm64" ? "aarch64" : process.arch === "x64" ? "x86_64" : null; ... L73: } L74: const REGISTRY_URL = "https://cdn.agentclientprotocol.com/registry/v1/latest/registry.json"; L75: const DEFAULT_TIMEOUT_MS = 4500; ... L79: try { L80: return RegistryDocSchema.parse(JSON.parse(readFileSync(file, "utf8"))); L81: } catch {
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

dist/acp-host-Cg7JjBEn.jsView on unpkg · L7
matchType = previous_version_dangerous_delta matchedPackage = @agentconnect.md/daemon@1.4.0 matchedIdentity = npm:QGFnZW50Y29ubmVjdC5tZC9kYWVtb24:1.4.0 similarity = 0.833 summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/acp-host-Cg7JjBEn.jsView on unpkg
7import { accessSync, constants, existsSync, mkdirSync, promises, readFileSync, readdirSync, realpathSync, renameSync, rmSync, statSync, writeFileSync } from "node:fs"; L8: import { spawn } from "child_process"; L9: import { EventEmitter } from "node:events"; ... L37: function platformKey() { L38: const os = process.platform === "win32" ? "windows" : process.platform === "darwin" ? "darwin" : process.platform === "linux" ? "linux" : null; L39: const arch = process.arch === "arm64" ? "aarch64" : process.arch === "x64" ? "x86_64" : null; ... L73: } L74: const REGISTRY_URL = "https://cdn.agentclientprotocol.com/registry/v1/latest/registry.json"; L75: const DEFAULT_TIMEOUT_MS = 4500; ... L79: try { L80: return RegistryDocSchema.parse(JSON.parse(readFileSync(file, "utf8"))); L81: } catch {
Low
Weak Crypto

Package source references weak cryptographic algorithms.

dist/acp-host-Cg7JjBEn.jsView on unpkg · L7
dist/service-BQVw7wbz.jsView file
3import { existsSync, mkdirSync, rmSync, writeFileSync } from "node:fs"; L4: import { execFile } from "node:child_process"; L5: import { homedir } from "node:os"; ... L9: const defaultExec = (cmd, args) => new Promise((resolve) => { L10: execFile(cmd, args, (err, stdout, stderr) => { L11: resolve({ ... L20: /** macOS launchd controller. Writes a LaunchAgent plist that runs L21: * `<node> <cli-entry> run`, and drives it with `launchctl bootstrap/bootout` L22: * (falling back to legacy `load/unload` on older macOS). */ ... L234: const root = resolveRoot(opts.root); L235: return pickController(opts.platform ?? process.platform, { L236: root,
Medium
Install Persistence

Source writes installer persistence such as shell profile or service configuration.

dist/service-BQVw7wbz.jsView on unpkg · L3
dist/index.jsView file
path = dist/index.js kind = oversized_source_file sizeBytes = 2590022 magicHex = [redacted]
High
Oversized Source File

Package contains source files above the static scanner size ceiling.

dist/index.jsView on unpkg
path = dist/index.js kind = oversized_cli_entrypoint sizeBytes = 2590022 magicHex = [redacted]
Medium
Oversized Cli Entrypoint

Package contains an oversized executable-looking CLI entrypoint.

dist/index.jsView on unpkg

Findings

3 High6 Medium6 Low
HighSandbox Evasion Gated Capabilitydist/acp-host-Cg7JjBEn.js
HighOversized Source Filedist/index.js
HighPrevious Version Dangerous Deltadist/acp-host-Cg7JjBEn.js
MediumDynamic Requiredist/bridge-NEdX_EzI.js
MediumNetwork
MediumEnvironment Vars
MediumInstall Persistencedist/service-BQVw7wbz.js
MediumOversized Cli Entrypointdist/index.js
MediumStructural Risk Force Deep Review
LowScripts Present
LowEvaldist/bridge-NEdX_EzI.js
LowWeak Cryptodist/acp-host-Cg7JjBEn.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings