registry  /  @byteask/cli  /  0.1.2

@byteask/cli@0.1.2

ByteAsk - AI coding agent CLI for your terminal. Run `npx @byteask/cli` or `npm i -g @byteask/cli`.

Static Scan Results

scanned 12d ago · by rust-scanner

Static analysis flagged 5 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystem
Supply chain
UrlStrings
Manifest
NoLicense
scanned 1 file(s), 2.27 KB of source, external domains: code.byteask.ai

Source & flagged code

1 flagged · loading source
bin/byteask.jsView file
10L11: const { spawnSync } = require("child_process"); L12: const { existsSync, mkdirSync } = require("fs"); ... L15: L16: const BUNDLE = (process.env.BYTEASK_BUNDLE_URL || "https://code.byteask.ai").replace(/\/+$/, ""); L17: const HOME = process.env.BYTEASK_HOME || path.join(os.homedir(), ".byteask"); L18: const VENDOR = path.join(HOME, "runtime"); L19: const isWin = process.platform === "win32"; L20: const wrapper = path.join(VENDOR, isWin ? "byteask.ps1" : "byteask"); ... L29: mkdirSync(VENDOR, { recursive: true }); L30: process.stderr.write("[byteask] first run: fetching the ByteAsk engine (one time)...\n"); L31: let r;
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

bin/byteask.jsView on unpkg · L10

Findings

1 High1 Medium3 Low
HighSandbox Evasion Gated Capabilitybin/byteask.js
MediumEnvironment Vars
LowFilesystem
LowUrl Strings
LowNo License