registry  /  @claude-flow/cli  /  3.20.0

@claude-flow/cli@3.20.0

⚠ Under review

Ruflo CLI - Enterprise AI agent orchestration with 60+ specialized agents, swarm coordination, MCP server, self-learning hooks, and vector memory for Claude Code

Static Scan Results

scanned 9h ago · by rust-scanner

Static analysis flagged 32 finding(s) at 93.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsEvalFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 299 file(s), 5.56 MB of source, external domains: agentbbs.local, aistudio.google.com, api.anthropic.com, api.npmjs.org, api.openai.com, api.pinata.cloud, api.web3.storage, cli.github.com, cloud.google.com, cloudflare-ipfs.com, datasets-server.huggingface.co, dweb.link, gateway.pinata.cloud, generativelanguage.googleapis.com, git-scm.com, github.com, html.duckduckgo.com, hub.docker.com, huggingface.co, ipfs.io, no-such-registry-9c8c43.example.invalid, nodejs.org, ollama.com, openrouter.ai, pinata.cloud, raw.githubusercontent.com, registry.npmjs.org, storage.googleapis.com, us-central1-claude-flow.cloudfunctions.net, w3s.link, web3.storage, www.apple.com

Source & flagged code

24 flagged · loading source
package.jsonView file
scripts.postinstall = node ./scripts/postinstall.cjs
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node ./scripts/postinstall.cjs
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
dist/src/init/statusline-generator.jsView file
47const path = require('path'); L48: const { execSync } = require('child_process'); L49: const os = require('os');
High
Child Process

Package source references child process execution.

dist/src/init/statusline-generator.jsView on unpkg · L47
149? '"' + process.execPath + '" "' + cliBin + '" hooks statusline --json 2>/dev/null' L150: : 'npx --prefer-offline @claude-flow/cli hooks statusline --json 2>/dev/null'; L151: const raw = execSync( L152: cmd,
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

dist/src/init/statusline-generator.jsView on unpkg · L149
47const path = require('path'); L48: const { execSync } = require('child_process'); L49: const os = require('os'); ... L60: // RUFLO_STATUSLINE_HIDE_COST 1/true/yes/on removes the segment entirely. L61: costSymbol: process.env.RUFLO_STATUSLINE_COST_SYMBOL ?? '$', L62: hideCost: /^(1|true|yes|on)$/i.test(process.env.RUFLO_STATUSLINE_HIDE_COST || ''), ... L64: L65: const CWD = process.cwd(); L66: ... L116: if (fs.existsSync(CACHE_FILE)) { L117: const raw = JSON.parse(fs.readFileSync(CACHE_FILE, 'utf-8')); L118: if (raw && raw._ts && (Date.now() - raw._ts) < CACHE_TTL_MS) {
Medium
Install Persistence

Source writes installer persistence such as shell profile or service configuration.

dist/src/init/statusline-generator.jsView on unpkg · L47
dist/src/init/executor.jsView file
234// Platform-specific command wrappers L235: // Windows: Use PowerShell-compatible commands L236: // Mac/Linux: Use bash-compatible commands with 2>/dev/null
High
Shell

Package source references shell execution.

dist/src/init/executor.jsView on unpkg · L234
252// Uses node -e with git rev-parse so hooks work regardless of CWD (#1259, #1284). L253: const gitRootResolver = "var c=require('child_process'),p=require('path'),u=require('url'),r;" L254: + "try{r=c.execSync('git rev-parse --show-toplevel',{encoding:'utf8'}).trim()}"
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/src/init/executor.jsView on unpkg · L252
dist/src/commands/security.jsView file
142const codePatterns = [ L143: { pattern: /eval\s*\(/g, type: 'Eval Usage', severity: 'medium', desc: 'eval() can execute arbitrary code' }, L144: { pattern: /innerHTML\s*=/g, type: 'innerHTML', severity: 'medium', desc: 'XSS risk with innerHTML' },
Low
Eval

Package source references a known benign dynamic code generation pattern.

dist/src/commands/security.jsView on unpkg · L142
dist/src/benchmarks/gaia-tools/grounded_query.js#virtual:normalized:round1View file
49// 1. Environment variable (fastest path, used in test mocks and CI) L50: const envKey = process.env['GOOGLE_AI_API_KEY']; L51: if (envKey) ... L54: try { L55: const { execSync } = await import('node:child_process'); L56: const key = execSync('gcloud secrets versions access latest --secret=GOOGLE_AI_API_KEY --project=ruv-dev 2>/dev/null', { encoding: 'utf-8', timeout: 5_000 }).trim(); ... L62: } L63: throw new Error("grounded_query: No Google AI API key found.\nSet GOOGLE_AI_API_KEY env var, or ensure `gcloud` is authenticated and\nthe secret GOOGLE_AI_API_KEY exists in GCP pro... L64: }
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

dist/src/benchmarks/gaia-tools/grounded_query.js#virtual:normalized:round1View on unpkg · L49
dist/src/memory/neural-package-bridge.jsView file
38package = @claude-flow/cli; repositoryIdentity = claude-flow; dependency = @claude-flow/neural L38: try { L39: const m = await import('@claude-flow/neural'); L40: const sys = m.createNeuralLearningSystem(mode);
High
Copied Package Dependency Bridge

Package metadata claims a different repository identity while copied source loads a runtime dependency bridge.

dist/src/memory/neural-package-bridge.jsView on unpkg · L38
plugins/ruflo-metaharness/scripts/smoke.shView file
path = plugins/ruflo-metaharness/scripts/smoke.sh kind = build_helper sizeBytes = 129569 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

plugins/ruflo-metaharness/scripts/smoke.shView on unpkg
.claude/helpers/validate-v3-config.shView file
path = .claude/helpers/validate-v3-config.sh kind = payload_in_excluded_dir sizeBytes = 5677 magicHex = [redacted]
High
Payload In Excluded Dir

Package hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.

.claude/helpers/validate-v3-config.shView on unpkg
dist/src/commands/neural.jsView file
matchType = previous_version_dangerous_delta matchedPackage = @claude-flow/cli@3.16.3 matchedIdentity = npm:QGNsYXVkZS1mbG93L2NsaQ:3.16.3 similarity = 0.867 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/src/commands/neural.jsView on unpkg
.claude/agents/flow-nexus/authentication.mdView file
22patternName = generic_password severity = medium line = 22 matchedText = password...rd",
Medium
Secret Pattern

Hardcoded password in .claude/agents/flow-nexus/authentication.md

.claude/agents/flow-nexus/authentication.mdView on unpkg · L22
29patternName = generic_password severity = medium line = 29 matchedText = passwo...
Medium
Secret Pattern

Hardcoded password in .claude/agents/flow-nexus/authentication.md

.claude/agents/flow-nexus/authentication.mdView on unpkg · L29
43patternName = generic_password severity = medium line = 43 matchedText = new_pass...ord"
Medium
Secret Pattern

Hardcoded password in .claude/agents/flow-nexus/authentication.md

.claude/agents/flow-nexus/authentication.mdView on unpkg · L43
.claude/agents/sparc/refinement.mdView file
339patternName = generic_password severity = medium line = 339 matchedText = password...23!'
Medium
Secret Pattern

Hardcoded password in .claude/agents/sparc/refinement.md

.claude/agents/sparc/refinement.mdView on unpkg · L339
367patternName = generic_password severity = medium line = 367 matchedText = password...ord'
Medium
Secret Pattern

Hardcoded password in .claude/agents/sparc/refinement.md

.claude/agents/sparc/refinement.mdView on unpkg · L367
543patternName = generic_password severity = medium line = 543 matchedText = passwo...
Medium
Secret Pattern

Hardcoded password in .claude/agents/sparc/refinement.md

.claude/agents/sparc/refinement.mdView on unpkg · L543
.claude/skills/flow-nexus-platform/SKILL.mdView file
30patternName = generic_password severity = medium line = 30 matchedText = password...rd",
Medium
Secret Pattern

Hardcoded password in .claude/skills/flow-nexus-platform/SKILL.md

.claude/skills/flow-nexus-platform/SKILL.mdView on unpkg · L30
40patternName = generic_password severity = medium line = 40 matchedText = password...ord"
Medium
Secret Pattern

Hardcoded password in .claude/skills/flow-nexus-platform/SKILL.md

.claude/skills/flow-nexus-platform/SKILL.mdView on unpkg · L40
67patternName = generic_password severity = medium line = 67 matchedText = new_pass...ord"
Medium
Secret Pattern

Hardcoded password in .claude/skills/flow-nexus-platform/SKILL.md

.claude/skills/flow-nexus-platform/SKILL.mdView on unpkg · L67
872patternName = generic_password severity = medium line = 872 matchedText = password...3!",
Medium
Secret Pattern

Hardcoded password in .claude/skills/flow-nexus-platform/SKILL.md

.claude/skills/flow-nexus-platform/SKILL.mdView on unpkg · L872
879patternName = generic_password severity = medium line = 879 matchedText = password...23!"
Medium
Secret Pattern

Hardcoded password in .claude/skills/flow-nexus-platform/SKILL.md

.claude/skills/flow-nexus-platform/SKILL.mdView on unpkg · L879

Findings

1 Critical7 High18 Medium6 Low
CriticalPrevious Version Dangerous Deltadist/src/commands/neural.js
HighInstall Time Lifecycle Scriptspackage.json
HighChild Processdist/src/init/statusline-generator.js
HighShelldist/src/init/executor.js
HighSame File Env Network Executiondist/src/benchmarks/gaia-tools/grounded_query.js#virtual:normalized:round1
HighCopied Package Dependency Bridgedist/src/memory/neural-package-bridge.js
HighRuntime Package Installdist/src/init/statusline-generator.js
HighPayload In Excluded Dir.claude/helpers/validate-v3-config.sh
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumDynamic Requiredist/src/init/executor.js
MediumNetwork
MediumEnvironment Vars
MediumInstall Persistencedist/src/init/statusline-generator.js
MediumShips Build Helperplugins/ruflo-metaharness/scripts/smoke.sh
MediumStructural Risk Force Deep Review
MediumSecret Pattern.claude/agents/flow-nexus/authentication.md
MediumSecret Pattern.claude/agents/flow-nexus/authentication.md
MediumSecret Pattern.claude/agents/flow-nexus/authentication.md
MediumSecret Pattern.claude/agents/sparc/refinement.md
MediumSecret Pattern.claude/agents/sparc/refinement.md
MediumSecret Pattern.claude/agents/sparc/refinement.md
MediumSecret Pattern.claude/skills/flow-nexus-platform/SKILL.md
MediumSecret Pattern.claude/skills/flow-nexus-platform/SKILL.md
MediumSecret Pattern.claude/skills/flow-nexus-platform/SKILL.md
MediumSecret Pattern.claude/skills/flow-nexus-platform/SKILL.md
MediumSecret Pattern.claude/skills/flow-nexus-platform/SKILL.md
LowNon Install Lifecycle Scripts
LowScripts Present
LowEvaldist/src/commands/security.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings