registry  /  @bin.zhou/aegis  /  0.2.15

@bin.zhou/aegis@0.2.15

Aegis - local-first, policy-gated CLI agent. All effects go through a Policy Gateway; changes happen in an isolated worktree; every action is auditable.

Static Scan Results

scanned 2h ago · by rust-scanner

Static analysis flagged 13 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
Manifest
NoLicense
scanned 70 file(s), 333 KB of source, external domains: api.anthropic.com, api.deepseek.com, api.openai.com, generativelanguage.googleapis.com

Source & flagged code

4 flagged · loading source
dist/policy/canary-scanner.jsView file
31patternName = private_key_rsa severity = critical line = 31 matchedText = this.reg...-`),
Critical
Critical Secret

Package contains a critical-looking secret pattern.

dist/policy/canary-scanner.jsView on unpkg · L31
31patternName = private_key_rsa severity = critical line = 31 matchedText = this.reg...-`),
Critical
Secret Pattern

RSA private key in dist/policy/canary-scanner.js

dist/policy/canary-scanner.jsView on unpkg · L31
dist/cli/setup.jsView file
3import { join } from "node:path"; L4: import { execFileSync } from "node:child_process"; L5: import { globalHome, loadMergedConfig } from "./context.js"; ... L8: { kind: "openai-compatible", label: "OpenAI-compatible (DeepSeek, Qwen, Kimi, ollama, vLLM, any /v1/chat/completions endpoint)" }, L9: { kind: "anthropic", label: "Anthropic-compatible (Claude official, MiniMax /anthropic, any /v1/messages endpoint)", defaultUrl: "https://api.anthropic.com" }, L10: { kind: "gemini", label: "Google Gemini", defaultUrl: "https://generativelanguage.googleapis.com" }, ... L20: return (q) => new Promise((resolve) => { L21: process.stdout.write(q); L22: if (lines.length) ... L28: function keychainAvailable() { L29: if (process.platform === "darwin") L30: return hasBin("security");
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

dist/cli/setup.jsView on unpkg · L3
3import { join } from "node:path"; L4: import { execFileSync } from "node:child_process"; L5: import { globalHome, loadMergedConfig } from "./context.js"; ... L8: { kind: "openai-compatible", label: "OpenAI-compatible (DeepSeek, Qwen, Kimi, ollama, vLLM, any /v1/chat/completions endpoint)" }, L9: { kind: "anthropic", label: "Anthropic-compatible (Claude official, MiniMax /anthropic, any /v1/messages endpoint)", defaultUrl: "https://api.anthropic.com" }, L10: { kind: "gemini", label: "Google Gemini", defaultUrl: "https://generativelanguage.googleapis.com" }, ... L20: return (q) => new Promise((resolve) => { L21: process.stdout.write(q); L22: if (lines.length) ... L28: function keychainAvailable() { L29: if (process.platform === "darwin") L30: return hasBin("security");
Medium
Install Persistence

Source writes installer persistence such as shell profile or service configuration.

dist/cli/setup.jsView on unpkg · L3

Findings

2 Critical1 High4 Medium6 Low
CriticalCritical Secretdist/policy/canary-scanner.js
CriticalSecret Patterndist/policy/canary-scanner.js
HighSandbox Evasion Gated Capabilitydist/cli/setup.js
MediumNetwork
MediumEnvironment Vars
MediumInstall Persistencedist/cli/setup.js
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License