Static analysis flagged 14 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Package source references child process execution.
dist/cli/init/index.jsView on unpkg · L3A single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/cli/agent/run.jsView on unpkg · L6526Source exposes local file and command tools to a remote model endpoint.
dist/cli/agent/run.jsView on unpkg · L289Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
dist/cli/local/index.jsView on unpkg · L375Package source references child process execution.
dist/cli/init/index.jsView on unpkg · L3Source exposes local file and command tools to a remote model endpoint.
dist/cli/agent/run.jsView on unpkg · L289A single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/cli/agent/run.jsView on unpkg · L6526Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
dist/cli/local/index.jsView on unpkg · L375