registry  /  @cnrai/pave  /  0.11.26

@cnrai/pave@0.11.26

PAVE - Personal AI Virtual Environment. AI agent framework for the terminal.

Static Scan Results

scanned 9d ago · by rust-scanner

Static analysis flagged 9 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessDynamicRequireEnvironmentVarsFilesystem
Supply chain
HighEntropyStringsMinifiedTrivial
ManifestNo manifest risk signals triggered.
scanned 4 file(s), 472 KB of source
Oversized source lightweight scan
pave.js45.3 MB file, sampled 256 KB
FilesystemChildProcessEnvironmentVarsDynamicRequireHighEntropyStringsMinified

Source & flagged code

4 flagged · loading source
sandbox/permission.jsView file
1const a0p=a0d;(function(stringArrayFunction,comparisonValue){const l=a0d,a=stringArrayFunction();while(!![]){try{const expression=-parseInt(l(0x121))/0x1+-parseInt(l(0x23e))/0x2+pa...
High
Obfuscated Payload Loader

Source contains an obfuscator-style string-array loader that reconstructs and executes hidden code.

sandbox/permission.jsView on unpkg · L1
1const a0p=a0d;(function(stringArrayFunction,comparisonValue){const l=a0d,a=stringArrayFunction();while(!![]){try{const expression=-parseInt(l(0x121))/0x1+-parseInt(l(0x23e))/0x2+pa...
Medium
Dynamic Require

Package source references dynamic require/import behavior.

sandbox/permission.jsView on unpkg · L1
pave.jsView file
path = pave.js kind = oversized_source_file sizeBytes = 47507224 magicHex = [redacted]
High
Oversized Source File

Package contains source files above the static scanner size ceiling.

pave.jsView on unpkg
path = pave.js kind = oversized_cli_entrypoint sizeBytes = 47507224 magicHex = [redacted]
Medium
Oversized Cli Entrypoint

Package contains an oversized executable-looking CLI entrypoint.

pave.jsView on unpkg

Findings

2 High4 Medium3 Low
HighObfuscated Payload Loadersandbox/permission.js
HighOversized Source Filepave.js
MediumDynamic Requiresandbox/permission.js
MediumEnvironment Vars
MediumOversized Cli Entrypointpave.js
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings