registry  /  @askalf/dario  /  4.8.136

@askalf/dario@4.8.136

⚠ Under review

Use your Claude Pro/Max subscription in any tool — Cursor, Cline, Aider, the Agent SDK, your scripts — at subscription pricing, not per-token API bills. One local Anthropic + OpenAI-compatible endpoint.

Static Scan Results

scanned 3d ago · by rust-scanner

Static analysis flagged 13 finding(s) at 93.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 51 file(s), 915 KB of source, external domains: 127.0.0.1, api.anthropic.com, api.groq.com, api.openai.com, bun.com, bun.sh, claude.ai, claude.com, github.com, openrouter.ai, platform.claude.com

Source & flagged code

5 flagged · loading source
dist/proxy.jsView file
2import { randomUUID, randomBytes, timingSafeEqual, createHash } from 'node:crypto'; L3: import { execSync } from 'node:child_process'; L4: import { readFileSync, readdirSync, createWriteStream } from 'node:fs';
High
Child Process

Package source references child process execution.

dist/proxy.jsView on unpkg · L2
dist/live-fingerprint.jsView file
406} L407: // Node 20+ won't spawn `.cmd`/`.bat` without `shell: true` (CVE-2024-27980). L408: // `useShell` triggers cmd.exe on Windows — reject overrides that carry
High
Shell

Package source references shell execution.

dist/live-fingerprint.jsView on unpkg · L406
dist/runtime-fingerprint.jsView file
31*/ L32: import { execFileSync } from 'node:child_process'; L33: /** ... L63: * the real environment. Production callers pass L64: * `classifyRuntimeFingerprint(typeof Bun !== 'undefined', probeBunVersion(), process.env)`. L65: * ... L99: detail: `Node ${nodeVersion} — Bun not installed; proxy-mode TLS fingerprint diverges from Claude Code`, L100: hint: 'Install Bun (https://bun.sh) so dario can auto-relaunch under it, or use shim mode ' + L101: '(`dario shim -- claude …`) which runs inside CC\'s own process and inherits its TLS stack.', ... L128: * happening (the install can take 10-30 s on a slow link). Returns the L129: * exit code; non-zero is surfaced by the caller as a fail row. L130: *
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

dist/runtime-fingerprint.jsView on unpkg · L31
dist/cli.jsView file
1838async function upgrade() { L1839: // Thin wrapper over `npm install -g @askalf/dario@latest`. The value L1840: // isn't in saving the user typing — it's in the pre-flight (print ... L1842: // fail with a clear hint if npm is missing). L1843: const { spawnSync } = await import('node:child_process'); L1844: const { fileURLToPath } = await import('node:url');
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

dist/cli.jsView on unpkg · L1838
dist/doctor.jsView file
matchType = previous_version_dangerous_delta matchedPackage = @askalf/dario@4.8.109 matchedIdentity = npm:QGFza2FsZi9kYXJpbw:4.8.109 similarity = 0.667 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/doctor.jsView on unpkg

Findings

1 Critical4 High3 Medium5 Low
CriticalPrevious Version Dangerous Deltadist/doctor.js
HighChild Processdist/proxy.js
HighShelldist/live-fingerprint.js
HighSandbox Evasion Gated Capabilitydist/runtime-fingerprint.js
HighRuntime Package Installdist/cli.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings