registry  /  @agentpager/cli  /  0.2.13

@agentpager/cli@0.2.13

⚠ Under review

AgentPager daemon — 手机遥控你电脑上的编程 Agent(Claude Code/Codex/Gemini 等 7 家)。配对后在微信小程序里实时查看会话、续聊、语音输入、发图。

Static Scan Results

scanned 4h ago · by rust-scanner

Static analysis flagged 17 finding(s) at 86.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
High-risk behavior combination matched malicious policy.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsEvalFilesystemNetworkWebSocket
Supply chain
HighEntropyStringsMinifiedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 1 file(s), 1.06 MB of source, external domains: api.anthropic.com, beacon.claude-ai.staging.ant.dev, claude-staging.fedstart.com, claude.ai, claude.com, claude.fedstart.com, docs.anthropic.com, docs.expo.dev, github.com, hooks.example.com, json-schema.org, mcp-proxy.anthropic.com, platform.claude.com, raw.githubusercontent.com, reviews.example.com, to50.cn, www.apple.com

Source & flagged code

9 flagged · loading source
dist/cli.jsView file
31`).filter(n=>n.startsWith("worktree ")).map(n=>vl(n.slice(9))):[]}catch{return[]}}function Pz(e){let t=0;for(let r=0;r<e.length;r++)t=(t<<5)-t+e.charCodeAt(r)|0;return t}function O... L32: `).find(s=>s.includes('"parentUuid":'))??e,i=ml(n,"sessionKind");return i==="daemon"||i==="daemon-worker"}function ir(e){return typeof e!="string"?null:Cz.test(e)?e:null}function L... L33: `)||await Dw(n,"drain");n.end(),await Dw(n,"finish")}catch(i){throw n.destroy(),i}}function zx(e){let t=0,r={commandFallback:""};for(;t<e.length;){let n=e.indexOf(` ... L42: `:`[${n[l]}\r L43: ]`;continue}i+=n[l],n[l]==="\\"?s=!0:a&&n[l]==="]"?a=!1:!a&&n[l]==="["&&(a=!0)}try{new RegExp(i)}catch{return console.warn(`Could not convert regex pattern at ${t.currentPath.join(... L44: `;try{s.appendFileSync(n,a)}catch{try{s.mkdirSync(MZ(n)),s.appendFileSync(n,a)}catch{}}}function UZ(){return process.env.CLAUDE_CODE_DIAGNOSTICS_FILE}function DZ(e){let{buffer:t,by... ... L46: `,` L47: `),encoding:i,lineEndings:a}}function Pf(e){return zZ(e).content}function TP(e){return e.startsWith("\uFEFF")?e.slice(1):e}function ZZ(e,{suffix:t="nodejs"}={}){if(typeof e!="strin... L48: `):e.streamInput(r).catch(i=>n.abort(i))}asy
Critical
Remote Asset Decode Execute

Source fetches a remote non-code asset, decodes its contents, and dynamically executes the decoded payload.

dist/cli.jsView on unpkg · L31
2Trigger-reachable chain: manifest.bin -> dist/cli.js L2: import{createRequire as __cr}from'node:module';const require=__cr(import.meta.url); L3: var XO=Object.create;var rp=Object.defineProperty;var QO=Object.getOwnPropertyDescriptor;var eC=Object.getOwnPropertyNames;var tC=Object.getPrototypeOf,rC=Object.prototype.hasOwnPr... L4: `)[0],r=t.match(SC);return r?r[0]:t.slice(0,24)}async function $C(e){if(ap.has(e))return ap.get(e)??"";let t=Su[e],r=t&&t.versionBin?t.versionBin():e,n="";try{let{stdout:i}=await v... L5: `)){let n=r.indexOf("=");if(n<0)continue;let i=r.slice(0,n),s=r.slice(n+1);if(i==="PATH"){let a=new Set((process.env.PATH||"").split(":"));for(let o of s.split(":"))o&&a.add(o);pro... L6: `).join(`\r
Critical
Trigger Reachable Dangerous Capability

A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.

dist/cli.jsView on unpkg · L2
2import{createRequire as __cr}from'node:module';const require=__cr(import.meta.url); L3: var XO=Object.create;var rp=Object.defineProperty;var QO=Object.getOwnPropertyDescriptor;var eC=Object.getOwnPropertyNames;var tC=Object.getPrototypeOf,rC=Object.prototype.hasOwnPr... L4: `)[0],r=t.match(SC);return r?r[0]:t.slice(0,24)}async function $C(e){if(ap.has(e))return ap.get(e)??"";let t=Su[e],r=t&&t.versionBin?t.versionBin():e,n="";try{let{stdout:i}=await v...
High
Child Process

Package source references child process execution.

dist/cli.jsView on unpkg · L2
102`))}Tt(`[Query.streamInput] Finished processing ${r} messages from input stream`),r>0&&this.hasBidirectionalNeeds()&&(Tt("[Query.streamInput] Has bidirectional needs, waiting for f... L103: `)).catch(i=>{Tt(`[Query.sendMcpServerMessageToCli] Transport write failed: ${i}`,{level:"error"})})}handleMcpControlRequest(t,r,n){let i="id"in r.message?r.message.id:null,s=`${t}... L104: `).filter(s=>s),n=Math.min(...r.map(s=>s.length-s.trimStart().length)),i=r.map(s=>s.slice(n)).map(s=>" ".repeat(this.indent*2)+s);for(let s of i)this.content.push(s)}compile(){let ...
High
Eval

Package source references dynamic code evaluation.

dist/cli.jsView on unpkg · L102
2import{createRequire as __cr}from'node:module';const require=__cr(import.meta.url); L3: var XO=Object.create;var rp=Object.defineProperty;var QO=Object.getOwnPropertyDescriptor;var eC=Object.getOwnPropertyNames;var tC=Object.getPrototypeOf,rC=Object.prototype.hasOwnPr... L4: `)[0],r=t.match(SC);return r?r[0]:t.slice(0,24)}async function $C(e){if(ap.has(e))return ap.get(e)??"";let t=Su[e],r=t&&t.versionBin?t.versionBin():e,n="";try{let{stdout:i}=await v...
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

dist/cli.jsView on unpkg · L2
2import{createRequire as __cr}from'node:module';const require=__cr(import.meta.url); L3: var XO=Object.create;var rp=Object.defineProperty;var QO=Object.getOwnPropertyDescriptor;var eC=Object.getOwnPropertyNames;var tC=Object.getPrototypeOf,rC=Object.prototype.hasOwnPr... L4: `)[0],r=t.match(SC);return r?r[0]:t.slice(0,24)}async function $C(e){if(ap.has(e))return ap.get(e)??"";let t=Su[e],r=t&&t.versionBin?t.versionBin():e,n="";try{let{stdout:i}=await v... L5: `)){let n=r.indexOf("=");if(n<0)continue;let i=r.slice(0,n),s=r.slice(n+1);if(i==="PATH"){let a=new Set((process.env.PATH||"").split(":"));for(let o of s.split(":"))o&&a.add(o);pro... L6: `).join(`\r
High
Command Output Exfiltration

Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.

dist/cli.jsView on unpkg · L2
2import{createRequire as __cr}from'node:module';const require=__cr(import.meta.url); L3: var XO=Object.create;var rp=Object.defineProperty;var QO=Object.getOwnPropertyDescriptor;var eC=Object.getOwnPropertyNames;var tC=Object.getPrototypeOf,rC=Object.prototype.hasOwnPr... L4: `)[0],r=t.match(SC);return r?r[0]:t.slice(0,24)}async function $C(e){if(ap.has(e))return ap.get(e)??"";let t=Su[e],r=t&&t.versionBin?t.versionBin():e,n="";try{let{stdout:i}=await v... L5: `)){let n=r.indexOf("=");if(n<0)continue;let i=r.slice(0,n),s=r.slice(n+1);if(i==="PATH"){let a=new Set((process.env.PATH||"").split(":"));for(let o of s.split(":"))o&&a.add(o);pro... L6: `).join(`\r ... L10: \r L11: `+r)}function _s(e,t,r,n,i,s){if(e.listenerCount("wsClientError")){let a=new Error(i);Error.captureStackTrace(a,_s),e.emit("wsClientError",a,r,t)}else Ao(r,n,i,s)}});var N0=Dt((TJ,... L12: `).map((u,c)=>({sign:"+",n:c+1,text:u}));return{path:a,verb:s,add:l.length,del:0,hunks:[{lines:l}]}}return{path:a,verb:s,...Mp(o)}}function Q0(e,t){let r=String(t||"").replace(/\n$... ... L18: `)){if(o.startsWith("diff --git")||o.startsWith("index ")||o.startsWith("--- ")||o.startsWith("+++ ")||o.startsWith("new file")||o.st
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

dist/cli.jsView on unpkg · L2
2import{createRequire as __cr}from'node:module';const require=__cr(import.meta.url); L3: var XO=Object.create;var rp=Object.defineProperty;var QO=Object.getOwnPropertyDescriptor;var eC=Object.getOwnPropertyNames;var tC=Object.getPrototypeOf,rC=Object.prototype.hasOwnPr... L4: `)[0],r=t.match(SC);return r?r[0]:t.slice(0,24)}async function $C(e){if(ap.has(e))return ap.get(e)??"";let t=Su[e],r=t&&t.versionBin?t.versionBin():e,n="";try{let{stdout:i}=await v... L5: `)){let n=r.indexOf("=");if(n<0)continue;let i=r.slice(0,n),s=r.slice(n+1);if(i==="PATH"){let a=new Set((process.env.PATH||"").split(":"));for(let o of s.split(":"))o&&a.add(o);pro... L6: `).join(`\r ... L10: \r L11: `+r)}function _s(e,t,r,n,i,s){if(e.listenerCount("wsClientError")){let a=new Error(i);Error.captureStackTrace(a,_s),e.emit("wsClientError",a,r,t)}else Ao(r,n,i,s)}});var N0=Dt((TJ,... L12: `).map((u,c)=>({sign:"+",n:c+1,text:u}));return{path:a,verb:s,add:l.length,del:0,hunks:[{lines:l}]}}return{path:a,verb:s,...Mp(o)}}function Q0(e,t){let r=String(t||"").replace(/\n$... ... L18: `)){if(o.startsWith("diff --git")||o.startsWith("index ")||o.startsWith("--- ")||o.startsWith("+++ ")||o.startsWith("new file")||o.st
Medium
Install Persistence

Source writes installer persistence such as shell profile or service configuration.

dist/cli.jsView on unpkg · L2
2import{createRequire as __cr}from'node:module';const require=__cr(import.meta.url); L3: var XO=Object.create;var rp=Object.defineProperty;var QO=Object.getOwnPropertyDescriptor;var eC=Object.getOwnPropertyNames;var tC=Object.getPrototypeOf,rC=Object.prototype.hasOwnPr... L4: `)[0],r=t.match(SC);return r?r[0]:t.slice(0,24)}async function $C(e){if(ap.has(e))return ap.get(e)??"";let t=Su[e],r=t&&t.versionBin?t.versionBin():e,n="";try{let{stdout:i}=await v... L5: `)){let n=r.indexOf("=");if(n<0)continue;let i=r.slice(0,n),s=r.slice(n+1);if(i==="PATH"){let a=new Set((process.env.PATH||"").split(":"));for(let o of s.split(":"))o&&a.add(o);pro... L6: `).join(`\r ... L10: \r L11: `+r)}function _s(e,t,r,n,i,s){if(e.listenerCount("wsClientError")){let a=new Error(i);Error.captureStackTrace(a,_s),e.emit("wsClientError",a,r,t)}else Ao(r,n,i,s)}});var N0=Dt((TJ,... L12: `).map((u,c)=>({sign:"+",n:c+1,text:u}));return{path:a,verb:s,add:l.length,del:0,hunks:[{lines:l}]}}return{path:a,verb:s,...Mp(o)}}function Q0(e,t){let r=String(t||"").replace(/\n$... ... L18: `)){if(o.startsWith("diff --git")||o.startsWith("index ")||o.startsWith("--- ")||o.startsWith("+++ ")||o.startsWith("new file")||o.st
Low
Weak Crypto

Package source references weak cryptographic algorithms.

dist/cli.jsView on unpkg · L2

Findings

2 Critical5 High4 Medium6 Low
CriticalRemote Asset Decode Executedist/cli.js
CriticalTrigger Reachable Dangerous Capabilitydist/cli.js
HighChild Processdist/cli.js
HighEvaldist/cli.js
HighSame File Env Network Executiondist/cli.js
HighCommand Output Exfiltrationdist/cli.js
HighSandbox Evasion Gated Capabilitydist/cli.js
MediumNetwork
MediumEnvironment Vars
MediumInstall Persistencedist/cli.js
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowWeak Cryptodist/cli.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings