registry  /  @byteask/cli  /  0.1.6

@byteask/cli@0.1.6

ByteAsk - AI coding agent CLI for your terminal. Run `npx @byteask/cli` or `npm i -g @byteask/cli`.

Static Scan Results

scanned 2h ago · by rust-scanner

Static analysis flagged 5 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystem
Supply chain
UrlStrings
Manifest
NoLicense
scanned 1 file(s), 5.64 KB of source, external domains: code.byteask.ai

Source & flagged code

1 flagged · loading source
bin/byteask.jsView file
12L13: const { spawnSync } = require("child_process"); L14: const { existsSync, mkdirSync, copyFileSync, writeFileSync, chmodSync, renameSync } = require("fs"); ... L17: L18: const BUNDLE = (process.env.BYTEASK_BUNDLE_URL || "https://code.byteask.ai").replace(/\/+$/, ""); L19: const GATEWAY = (process.env.BYTEASK_GATEWAY || BUNDLE).replace(/\/+$/, ""); L20: const HOME = process.env.BYTEASK_HOME || path.join(os.homedir(), ".byteask"); L21: const VENDOR = path.join(HOME, "runtime"); L22: const isWin = process.platform === "win32"; L23: const engine = path.join(VENDOR, isWin ? "byteask-engine.exe" : "byteask-engine"); ... L43: const r = "\x1b[0m"; L44: process.stderr.write(
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

bin/byteask.jsView on unpkg · L12

Findings

1 High1 Medium3 Low
HighSandbox Evasion Gated Capabilitybin/byteask.js
MediumEnvironment Vars
LowFilesystem
LowUrl Strings
LowNo License