registry  /  @c4t4/heyamigo  /  0.12.5

@c4t4/heyamigo@0.12.5

WhatsApp and Telegram AI bot powered by Claude, Codex, or Grok with long-term memory, browser control, and role-based access

Static Scan Results

scanned 3h ago · by rust-scanner

Static analysis completed at 93.0% confidence. No malicious behavior was detected; 10 low-signal pattern(s) were surfaced and cleared.

Static reason
No blocking static signals were detected.; previous stored version diff introduced dangerous source

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 87 file(s), 494 KB of source, external domains: api.elevenlabs.io, api.telegram.org, docs.anthropic.com, github.com, nodejs.org, x.ai

Source & flagged code

2 flagged · loading source
scripts/start-browser.shView file
path = scripts/start-browser.sh kind = build_helper sizeBytes = 5583 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

scripts/start-browser.shView on unpkg
dist/cli/setup.jsView file
matchType = previous_version_dangerous_delta matchedPackage = @c4t4/heyamigo@0.12.3 matchedIdentity = npm:QGM0dDQvaGV5YW1pZ28:0.12.3 similarity = 0.964 summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/cli/setup.jsView on unpkg

Findings

1 High4 Medium5 Low
HighPrevious Version Dangerous Deltadist/cli/setup.js
MediumNetwork
MediumEnvironment Vars
MediumShips Build Helperscripts/start-browser.sh
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings