registry  /  @asterworks/agent-console  /  0.1.2

@asterworks/agent-console@0.1.2

Local-first AI coding agent safety, work audit, and outcome dashboard for Claude Code and Codex.

Static Scan Results

scanned 13h ago · by rust-scanner

Static analysis flagged 12 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsMinifiedProtestwareTelemetryUrlStrings
ManifestNo manifest risk signals triggered.
scanned 4 file(s), 841 KB of source, external domains: api.example.com, fb.me, reactjs.org, www.w3.org

Source & flagged code

3 flagged · loading source
dist-cli/index.jsView file
531patternName = private_key_rsa severity = critical line = 531 matchedText = if (kind...d]";
Critical
Critical Secret

Package contains a critical-looking secret pattern.

dist-cli/index.jsView on unpkg · L531
531patternName = private_key_rsa severity = critical line = 531 matchedText = if (kind...d]";
Critical
Secret Pattern

RSA private key in dist-cli/index.js

dist-cli/index.jsView on unpkg · L531
16Manifest entrypoint (manifest.bin) carries capability families absent from dist/build output: environment+network, sensitive-file+network, execution+network L16: }); L17: import { spawn } from "child_process"; L18: function openBrowser(url) { L19: try { L20: const platform = process.platform; L21: const cmd = platform === "darwin" ? "open" : platform === "win32" ? "cmd" : "xdg-open"; ... L56: import { homedir } from "os"; L57: var DEFAULT_CONFIG_DIR = join(homedir(), ".aster-agent-console"); L58: var DEFAULT_DB_PATH = join(DEFAULT_CONFIG_DIR, "agent-console.db"); ... L301: try { L302: m = JSON.parse(row.metrics_json); L303: } catch {
High
Entrypoint Build Divergence

Manifest entrypoint contains risky behavior absent from dist/build output.

dist-cli/index.jsView on unpkg · L16

Findings

2 Critical1 High4 Medium5 Low
CriticalCritical Secretdist-cli/index.js
CriticalSecret Patterndist-cli/index.js
HighEntrypoint Build Divergencedist-cli/index.js
MediumNetwork
MediumEnvironment Vars
MediumProtestware
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowTelemetry
LowUrl Strings