registry  /  @argosvix/cli  /  0.1.0-alpha.6

@argosvix/cli@0.1.0-alpha.6

Argosvix CLI — one-command onboarding for AI agent observability. `npx @argosvix/cli init` authenticates in the browser, installs the SDK, wires the MCP server, and sends a test event.

Static Scan Results

scanned 2d ago · by rust-scanner

Static analysis flagged 8 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 5 file(s), 43.9 KB of source, external domains: 127.0.0.1, d.example.com, dashboard.argosvix.com, ingest.argosvix.com

Source & flagged code

1 flagged · loading source
dist/index.jsView file
11*/ L12: import { createServer } from "node:http"; L13: import { spawn } from "node:child_process"; L14: import { chmodSync, existsSync, mkdirSync, readFileSync, writeFileSync } from "node:fs"; ... L35: import { buildAuthorizeUrl, buildGateQuery, detectRuntime, ensureGitignoreEnv, installCommand, mergeMcpConfig, resolveProjectFlag, upsertEnv, wrapSnippet, } from "./project.js"; L36: const API_BASE = process.env["ARGOSVIX_API_BASE"] ?? "https://ingest.argosvix.com"; L37: const DASHBOARD_BASE = process.env["ARGOSVIX_DASHBOARD_BASE"] ?? "https://dashboard.argosvix.com"; ... L39: // ロケールに追従 (日本語環境で /en に飛ばされる不整合の解消。ARGOSVIX_LOCALE で明示上書き可)。 L40: const SYSTEM_LOCALE = Intl.DateTimeFormat().resolvedOptions().locale ?? "en"; L41: const LOCALE = process.env["ARGOSVIX_LOCALE"] ?? (SYSTEM_LOCALE.startsWith("ja") ? "ja" : "en"); ... L95: if (u.pathname !== callbackPath) { L96: res.writeHead(404).end("not found");
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

dist/index.jsView on unpkg · L11

Findings

1 High3 Medium4 Low
HighSandbox Evasion Gated Capabilitydist/index.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings