registry  /  @catena/cli  /  0.1.0

@catena/cli@0.1.0

⚠ Under review

Catena CLI for agent runtimes

Static Scan Results

scanned 3h ago · by rust-scanner

Static analysis flagged 13 finding(s) at 93.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetwork
Supply chain
HighEntropyStringsMinifiedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 5 file(s), 476 KB of source, external domains: 127.0.0.1, api.catena.com, api.example.com, basescan.org, github.com, sepolia.basescan.org, www.apache.org

Source & flagged code

6 flagged · loading source
dist/index.mjsView file
matchType = previous_version_dangerous_delta matchedPackage = @catena/cli@0.0.3 matchedIdentity = npm:QGNhdGVuYS9jbGk:0.0.3 similarity = 0.800 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/index.mjsView on unpkg
1#!/usr/bin/env node L2: import{defineCommand as e,renderUsage as t,runMain as n}from"citty";import*as r from"valibot";import*as i from"node:crypto";import{ECDH as a,createECDH as o,createHash as s,randomB... L3: `}var fn=class{runSecurity;constructor(e={}){if((e.platform??process.platform)!==`darwin`)throw Error(`macOS Keychain credential storage is only supported on macOS`);this.runSecuri...
High
Child Process

Package source references child process execution.

dist/index.mjsView on unpkg · L1
1#!/usr/bin/env node L2: import{defineCommand as e,renderUsage as t,runMain as n}from"citty";import*as r from"valibot";import*as i from"node:crypto";import{ECDH as a,createECDH as o,createHash as s,randomB... L3: `}var fn=class{runSecurity;constructor(e={}){if((e.platform??process.platform)!==`darwin`)throw Error(`macOS Keychain credential storage is only supported on macOS`);this.runSecuri... L4: `,{encoding:`utf-8`,mode:384}),g(n,t)}function Mn(e,t){En(e);let n=r.parse(xn,t);_n(n.bank_url,`profile "${e}" bank_url`);let i=kn();jn({...i,profiles:{...i.profiles,[e]:n}})}funct...
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

dist/index.mjsView on unpkg · L1
1#!/usr/bin/env node L2: import{defineCommand as e,renderUsage as t,runMain as n}from"citty";import*as r from"valibot";import*as i from"node:crypto";import{ECDH as a,createECDH as o,createHash as s,randomB... L3: `}var fn=class{runSecurity;constructor(e={}){if((e.platform??process.platform)!==`darwin`)throw Error(`macOS Keychain credential storage is only supported on macOS`);this.runSecuri...
High
Command Output Exfiltration

Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.

dist/index.mjsView on unpkg · L1
1#!/usr/bin/env node L2: import{defineCommand as e,renderUsage as t,runMain as n}from"citty";import*as r from"valibot";import*as i from"node:crypto";import{ECDH as a,createECDH as o,createHash as s,randomB... L3: `}var fn=class{runSecurity;constructor(e={}){if((e.platform??process.platform)!==`darwin`)throw Error(`macOS Keychain credential storage is only supported on macOS`);this.runSecuri... L4: `,{encoding:`utf-8`,mode:384}),g(n,t)}function Mn(e,t){En(e);let n=r.parse(xn,t);_n(n.bank_url,`profile "${e}" bank_url`);let i=kn();jn({...i,profiles:{...i.profiles,[e]:n}})}funct... L5: ... L266: `}const Hr=e({meta:{name:`guide`,description:`Print the Catena CLI agent operating guide`},run(){console.log(Vr(I))}}),Ur=W({id:Te({description:`Intent id (e.g. int_…)`,required:!0... L267: Keep this generated keypair if the approval completed before the CLI failed:`),console.log(`\n CATENA_AGENT_PUBLIC_KEY=${e.publicKeyHex}`),console.log(` CATENA_AGENT_PRIVATE_KEY=... L268: Catena — Agent Setup`),console.log(`─`.repeat(25));let c=pn(),l=await oi(c,s),u={bankUrl:n,clientInstanceId:s,log:e=>console.log(` ${e}`),clientInfo:{name:`cli`,version:I},existin...
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

dist/index.mjsView on unpkg · L1
406`)}else{if(!t)throw Error(`Required argument 'tag' is missed`);return this.encodeStruct({type:t,rawData:r.BufferSourceConverter.toArrayBuffer(e)})}}static encodeStruct(e){let t=e.t... L407: `)}};K.CertificateTag=`CERTIFICATE`,K.CrlTag=`CRL`,K.CertificateRequestTag=`CERTIFICATE REQUEST`,K.PublicKeyTag=`PUBLIC KEY`,K.PrivateKeyTag=`PRIVATE KEY`;var Ie=class e extends z{... L408: `);case`asn`:return t.AsnConvert.toString(n);case`hex`:return r.Convert.ToHex(n);case`base64`:return r.Convert.ToBase64(n);case`base64url`:return r.Convert.ToBase64Url(n);case`text...
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/index.mjsView on unpkg · L406

Findings

1 Critical4 High4 Medium4 Low
CriticalPrevious Version Dangerous Deltadist/index.mjs
HighChild Processdist/index.mjs
HighSame File Env Network Executiondist/index.mjs
HighCommand Output Exfiltrationdist/index.mjs
HighSandbox Evasion Gated Capabilitydist/index.mjs
MediumDynamic Requiredist/index.mjs
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings