registry  /  @agentskit/tools  /  0.11.4

@agentskit/tools@0.11.4

Reusable executable tools for AgentsKit agents.

Static Scan Results

scanned 2h ago · by rust-scanner

Static analysis flagged 8 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessDynamicRequireEnvironmentVarsNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 8 file(s), 180 KB of source, external domains: api.airtable.com, api.tavily.com, google.serper.dev, html.duckduckgo.com

Source & flagged code

2 flagged · loading source
dist/mcp.cjsView file
2L3: var core = require('@agentskit/core'); L4:
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/mcp.cjsView on unpkg · L2
dist/index.jsView file
2import { resolve, relative, isAbsolute, sep } from 'path'; L3: import { execFile } from 'child_process'; L4: import { promisify } from 'util'; ... L9: async function serperSearch(query, apiKey, maxResults) { L10: const response = await fetch("https://google.serper.dev/search", { L11: method: "POST", ... L15: }, L16: body: JSON.stringify({ q: query, num: maxResults }) L17: }); ... L23: } L24: const data = await response.json(); L25: return (data.organic ?? []).map((r) => ({
High
Cloud Metadata Access

Source reaches cloud instance metadata or link-local credential endpoints.

dist/index.jsView on unpkg · L2

Findings

1 High4 Medium3 Low
HighCloud Metadata Accessdist/index.js
MediumDynamic Requiredist/mcp.cjs
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowHigh Entropy Strings
LowUrl Strings