registry  /  @coralai/sps-cli  /  0.58.40

@coralai/sps-cli@0.58.40

⚠ Under review

SPS CLI — AI-driven development pipeline orchestrator

Static Scan Results

scanned 2h ago · by rust-scanner

Static analysis flagged 20 finding(s) at 93.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
High-risk behavior combination matched malicious policy.; previous stored version diff introduced dangerous source

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShellWebSocket
Supply chain
HighEntropyStringsMinifiedObfuscatedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 221 file(s), 2.69 MB of source, external domains: 127.0.0.1, api.anthropic.com, api.deepseek.com, api.dingtalk.com, api.example.com, api.minimax.io, api.minimaxi.com, api.moonshot.ai, api.moonshot.cn, api.telegram.org, api.z.ai, auth.openai.com, chatgpt.com, dashscope.aliyuncs.com, discord.com, github.com, gitlab.com, matrix.org, open.bigmodel.cn, open.feishu.cn, openrouter.ai, raw.githubusercontent.com, react.dev, reactflow.dev, slack.com, www.npmjs.com, www.w3.org

Source & flagged code

10 flagged · loading source
dist/infra/spawn.jsView file
10*/ L11: import { spawn } from 'node:child_process'; L12: import { existsSync, mkdirSync, openSync } from 'node:fs';
High
Child Process

Package source references child process execution.

dist/infra/spawn.jsView on unpkg · L10
dist/core/agents/sidecar/CodexProxyManager.jsView file
30export function codexProxyPort() { L31: const n = Number(process.env.SPS_CODEX_PROXY_PORT); L32: return Number.isFinite(n) && n > 0 ? n : DEFAULT_PORT; ... L35: export function codexProxyBaseUrl() { L36: return `http://127.0.0.1:${codexProxyPort()}`; L37: } ... L39: export function codexProxyBinPath() { L40: const r = spawnSync('which', [BIN], { encoding: 'utf-8' }); L41: const p = r.stdout?.trim();
Critical
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution with blocking evidence.

dist/core/agents/sidecar/CodexProxyManager.jsView on unpkg · L30
11*/ L12: import { spawn, spawnSync } from 'node:child_process'; L13: import { existsSync, mkdirSync, openSync, readFileSync, rmSync, writeFileSync } from 'node:fs'; ... L18: /** 官方安装脚本(检测 os/arch→下 release 二进制→/usr/local/bin 或 ~/.local/bin)。 */ L19: export const CODEX_PROXY_INSTALL_SH = 'https://raw.githubusercontent.com/raine/claude-code-proxy/main/scripts/install.sh'; L20: /** 默认展示的主力模型(用户指定);「显示全部」再列 codexProxyModels().all。 */ ... L23: const DEFAULT_PORT = 18765; // claude-code-proxy README 默认 L24: const DIR = join(homedir(), '.coral', 'codex-proxy'); L25: const PID_FILE = join(DIR, 'proxy.pid'); ... L30: export function codexProxyPort() { L31: const n = Number(process.env.SPS_CODEX_PROXY_PORT); L32: return Number.isFinite(n) && n > 0 ? n : DEFAULT_PORT;
Critical
Download Execute

Source downloads or fetches remote code and executes it.

dist/core/agents/sidecar/CodexProxyManager.jsView on unpkg · L11
dist/commands/codexProxyCommand.jsView file
8Trigger-reachable chain: manifest.main -> dist/main.js -> dist/commands/codexProxyCommand.js L8: */ L9: import { spawnSync } from 'node:child_process'; L10: import { CODEX_PROXY_INSTALL_SH, codexProxyBinPath, codexProxyStatus, ensureCodexProxyRunning, stopCodexProxy, } from '../[redacted].js'; L11: const INSTALL_SH = CODEX_PROXY_INSTALL_SH; L12: const RELEASES = 'https://github.com/raine/claude-code-proxy/releases'; L13: export async function executeCodexProxyCommand(sub) { ... L16: if (codexProxyBinPath()) { L17: process.stdout.write('claude-code-proxy 已安装。授权:sps codex-proxy auth\n'); L18: return;
Critical
Trigger Reachable Dangerous Capability

A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.

dist/commands/codexProxyCommand.jsView on unpkg · L8
project-template/batch_scheduler.shView file
path = project-template/batch_scheduler.sh kind = build_helper sizeBytes = 232 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

project-template/batch_scheduler.shView on unpkg
project-template/.claude/hooks/stop.shView file
path = project-template/.claude/hooks/stop.sh kind = payload_in_excluded_dir sizeBytes = 2524 magicHex = [redacted]
High
Payload In Excluded Dir

Package hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.

project-template/.claude/hooks/stop.shView on unpkg
dist/commands/consoleCommand.jsView file
matchType = previous_version_dangerous_delta matchedPackage = @coralai/sps-cli@0.57.15 matchedIdentity = npm:QGNvcmFsYWkvc3BzLWNsaQ:0.57.15 similarity = 0.425 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/commands/consoleCommand.jsView on unpkg
profiles/fullstack.mdView file
166patternName = generic_password severity = medium line = 166 matchedText = .send({ ... });
Medium
Secret Pattern

Hardcoded password in profiles/fullstack.md

profiles/fullstack.mdView on unpkg · L166
profiles/backend.mdView file
141patternName = generic_password severity = medium line = 141 matchedText = .send({ ... });
Medium
Secret Pattern

Hardcoded password in profiles/backend.md

profiles/backend.mdView on unpkg · L141
150patternName = generic_password severity = medium line = 150 matchedText = .send({ ... });
Medium
Secret Pattern

Hardcoded password in profiles/backend.md

profiles/backend.mdView on unpkg · L150

Findings

4 Critical3 High7 Medium6 Low
CriticalSame File Env Network Executiondist/core/agents/sidecar/CodexProxyManager.js
CriticalDownload Executedist/core/agents/sidecar/CodexProxyManager.js
CriticalTrigger Reachable Dangerous Capabilitydist/commands/codexProxyCommand.js
CriticalPrevious Version Dangerous Deltadist/commands/consoleCommand.js
HighChild Processdist/infra/spawn.js
HighShell
HighPayload In Excluded Dirproject-template/.claude/hooks/stop.sh
MediumNetwork
MediumEnvironment Vars
MediumShips Build Helperproject-template/batch_scheduler.sh
MediumStructural Risk Force Deep Review
MediumSecret Patternprofiles/fullstack.md
MediumSecret Patternprofiles/backend.md
MediumSecret Patternprofiles/backend.md
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings