registry  /  @dexterai/opendexter  /  1.17.0

@dexterai/opendexter@1.17.0

OpenDexter - x402 search and discovery layer for AI agents. Search the OpenDexter catalog, check pricing, and pay with automatic USDC settlement.

Static Scan Results

scanned 4h ago · by rust-scanner

Static analysis flagged 11 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
EnvironmentVarsNetwork
Supply chain
HighEntropyStringsMinifiedObfuscatedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 2 file(s), 75.6 KB of source, external domains: 127.0.0.1, agents.moonpay.com, api.dexter.cash, cdn.dexscreener.com, dexter.cash, metadata.jup.ag, raw.githubusercontent.com, skale-base.skalenodes.com, solscan.io, x402.dexter.cash

Source & flagged code

3 flagged · loading source
dist/index.jsView file
33params: { protocolVersion: '2025-03-26', capabilities: {} } }, '*'); L34: </script></body></html>`}function Lt(e){for(let t of vo){let n=xo(t.file)??bo(t.name);lo(e,t.name,t.uri,{description:t.description},async()=>({contents:[{uri:t.uri,mimeType:uo,text... L35: `)}function Vt(e,t){let n=Kt(e,t);if(n.manual)return{ok:!1,message:[`${R[e].name} uses a TOML config that the installer does not edit automatically.`,`Add this block to ${n.configP... ... L37: `),{ok:!0,message:`Installed into ${R[e].name} (${n.configPath})`}}function Wo(){let e=No(import.meta.url),t=Ye(e);for(let n=0;n<6;n++){if(X(D(t,"package.json"))&&X(D(t,"skills")))... L38: `),{ok:!0,message:`Full plugin installed into Cursor (${X(D(n,"skills"))?Do(D(n,"skills"),{withFileTypes:!0}).filter(i=>i.isDirectory()).length:0} skills, rules, agent, commands) a... L39: `)};let t=await jt("claude",["plugins","install",Je]);return t.ok?{ok:!0,message:`Plugin installed via Claude Code CLI (marketplace: ${Ge})`}:{ok:!1,message:[`Marketplace added, bu...
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

dist/index.jsView on unpkg · L33
33params: { protocolVersion: '2025-03-26', capabilities: {} } }, '*'); L34: </script></body></html>`}function Lt(e){for(let t of vo){let n=xo(t.file)??bo(t.name);lo(e,t.name,t.uri,{description:t.description},async()=>({contents:[{uri:t.uri,mimeType:uo,text... L35: `)}function Vt(e,t){let n=Kt(e,t);if(n.manual)return{ok:!1,message:[`${R[e].name} uses a TOML config that the installer does not edit automatically.`,`Add this block to ${n.configP... ... L37: `),{ok:!0,message:`Installed into ${R[e].name} (${n.configPath})`}}function Wo(){let e=No(import.meta.url),t=Ye(e);for(let n=0;n<6;n++){if(X(D(t,"package.json"))&&X(D(t,"skills")))... L38: `),{ok:!0,message:`Full plugin installed into Cursor (${X(D(n,"skills"))?Do(D(n,"skills"),{withFileTypes:!0}).filter(i=>i.isDirectory()).length:0} skills, rules, agent, commands) a... L39: `)};let t=await jt("claude",["plugins","install",Je]);return t.ok?{ok:!0,message:`Plugin installed via Claude Code CLI (marketplace: ${Ge})`}:{ok:!1,message:[`Marketplace added, bu... ... L41: `),"Funding"),Qe(["1. Run `opendexter wallet` to confirm your addresses and balances.","2. Run `opendexter search <what-you-need>` to browse the marketplace.","3. Run `
High
Command Output Exfiltration

Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.

dist/index.jsView on unpkg · L33
1#!/usr/bin/env node L2: var xn=Object.defineProperty;var f=(e,t)=>()=>(e&&(t=e(e=0)),t);var A=(e,t)=>{for(var n in t)xn(e,n,{get:t[n],enumerable:!0})};import{homedir as bn}from"os";import{join as Se}from"... L3: `,{mode:384}),n}var te,wr,ue=f(()=>{"use strict";P();te=br(k,"settings.json"),wr=5});import{existsSync as Sr,mkdirSync as Ar,readFileSync as Pr,appendFileSync as _r}from"fs";import... ... L6: `,{mode:384}),Rr(s,384),Or(s,o)}function Pt(e,t){let n=K(t).filter(r=>r.counterparty!==e.counterparty);n.push(e),Oe(n,t)}function me(e,t){return K(t).find(n=>n.counterparty===e)??n... L7: `)[0].slice(0,120):String(x);n(`(RPC hiccup while polling \u2014 still waiting: ${q})`)}await new Promise(q=>setTimeout(q,s));continue}if(v&&v.live){N(c,{status:"active",vaultPda:v... L8: </head>`),t}catch{return null}}function bo(e){return`<!DOCTYPE html> ... L33: params: { protocolVersion: '2025-03-26', capabilities: {} } }, '*'); L34: </script></body></html>`}function Lt(e){for(let t of vo){let n=xo(t.file)??bo(t.name);lo(e,t.name,t.uri,{description:t.description},async()=>({contents:[{uri:t.uri,mimeType:uo,text... L35: `)}function Vt(e,t){let n=Kt(e,t);if(n.manual)return{ok:!1,message:[`${R[e]
Low
Weak Crypto

Package source references weak cryptographic algorithms.

dist/index.jsView on unpkg · L1

Findings

2 High3 Medium6 Low
HighSame File Env Network Executiondist/index.js
HighCommand Output Exfiltrationdist/index.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowWeak Cryptodist/index.js
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings