registry  /  @agentrix/cli  /  0.51.0

@agentrix/cli@0.51.0

⚠ Under review

Mobile and Web client for Claude Code and Codex

Static Scan Results

scanned 3h ago · by rust-scanner

Static analysis flagged 17 finding(s) at 93.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNativeBindingsNetworkShellWebSocket
Supply chain
HighEntropyStringsMinifiedUrlStrings
Manifest
NoLicense
scanned 11 file(s), 1.44 MB of source, external domains: agentrix.xmz.ai, api.anthropic.com, api.openai.com, github.com, registry.npmjs.org

Source & flagged code

8 flagged · loading source
package.jsonView file
scripts.postinstall = node scripts/ensure-better-sqlite3.cjs
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
bin/agentrix.mjsView file
2L3: import { execFileSync } from 'child_process'; L4: import { fileURLToPath } from 'url';
High
Child Process

Package source references child process execution.

bin/agentrix.mjsView on unpkg · L2
7// Check if we're already running with the flags L8: const hasNoWarnings = process.execArgv.includes('--no-warnings'); L9: const hasNoDeprecation = process.execArgv.includes('--no-deprecation');
High
Shell

Package source references shell execution.

bin/agentrix.mjsView on unpkg · L7
2Cross-file remote execution chain: bin/agentrix.mjs spawns dist/index.mjs; helper contains network access plus dynamic code execution. L2: L3: import { execFileSync } from 'child_process'; L4: import { fileURLToPath } from 'url'; ... L24: stdio: 'inherit', L25: env: process.env L26: });
High
Cross File Remote Execution Context

Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.

bin/agentrix.mjsView on unpkg · L2
dist/index.cjsView file
matchType = previous_version_dangerous_delta matchedPackage = @agentrix/cli@0.46.0 matchedIdentity = npm:QGFnZW50cml4L2NsaQ:0.46.0 similarity = 0.600 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/index.cjsView on unpkg
1"use strict";var os=require("node:os"),fs=require("node:fs"),path=require("node:path"),yargs=require("yargs"),helpers=require("yargs/helpers"),chalk=require("chalk"),shared=require...
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

dist/index.cjsView on unpkg · L1
1"use strict";var os=require("node:os"),fs=require("node:fs"),path=require("node:path"),yargs=require("yargs"),helpers=require("yargs/helpers"),chalk=require("chalk"),shared=require...
High
Command Output Exfiltration

Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.

dist/index.cjsView on unpkg · L1
1"use strict";var os=require("node:os"),fs=require("node:fs"),path=require("node:path"),yargs=require("yargs"),helpers=require("yargs/helpers"),chalk=require("chalk"),shared=require...
Low
Weak Crypto

Package source references weak cryptographic algorithms.

dist/index.cjsView on unpkg · L1

Findings

1 Critical6 High3 Medium7 Low
CriticalPrevious Version Dangerous Deltadist/index.cjs
HighInstall Time Lifecycle Scriptspackage.json
HighChild Processbin/agentrix.mjs
HighShellbin/agentrix.mjs
HighSame File Env Network Executiondist/index.cjs
HighCommand Output Exfiltrationdist/index.cjs
HighCross File Remote Execution Contextbin/agentrix.mjs
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowWeak Cryptodist/index.cjs
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License