registry  /  @dexterai/opendexter  /  1.18.0

@dexterai/opendexter@1.18.0

OpenDexter - x402 search and discovery layer for AI agents. Search the OpenDexter catalog, check pricing, and pay with automatic USDC settlement.

Static Scan Results

scanned 2h ago · by rust-scanner

Static analysis flagged 11 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
EnvironmentVarsNetwork
Supply chain
HighEntropyStringsMinifiedObfuscatedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 2 file(s), 76.6 KB of source, external domains: 127.0.0.1, agents.moonpay.com, api.dexter.cash, cdn.dexscreener.com, dexter.cash, metadata.jup.ag, raw.githubusercontent.com, skale-base.skalenodes.com, solscan.io, x402.dexter.cash

Source & flagged code

3 flagged · loading source
dist/index.jsView file
33params: { protocolVersion: '2025-03-26', capabilities: {} } }, '*'); L34: </script></body></html>`}function Ft(e){for(let t of Po){let n=To(t.file)??_o(t.name);ho(e,t.name,t.uri,{description:t.description},async()=>({contents:[{uri:t.uri,mimeType:yo,text... L35: `)}function qt(e,t){let n=Gt(e,t);if(n.manual)return{ok:!1,message:[`${C[e].name} uses a TOML config that the installer does not edit automatically.`,`Add this block to ${n.configP... ... L37: `),{ok:!0,message:`Installed into ${C[e].name} (${n.configPath})`}}function Jo(){let e=Ko(import.meta.url),t=Ze(e);for(let n=0;n<6;n++){if(X(I(t,"package.json"))&&X(I(t,"skills")))... L38: `),{ok:!0,message:`Full plugin installed into Cursor (${X(I(n,"skills"))?Bo(I(n,"skills"),{withFileTypes:!0}).filter(i=>i.isDirectory()).length:0} skills, rules, agent, commands) a... L39: `)};let t=await Jt("claude",["plugins","install",ze]);return t.ok?{ok:!0,message:`Plugin installed via Claude Code CLI (marketplace: ${He})`}:{ok:!1,message:[`Marketplace added, bu...
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

dist/index.jsView on unpkg · L33
33params: { protocolVersion: '2025-03-26', capabilities: {} } }, '*'); L34: </script></body></html>`}function Ft(e){for(let t of Po){let n=To(t.file)??_o(t.name);ho(e,t.name,t.uri,{description:t.description},async()=>({contents:[{uri:t.uri,mimeType:yo,text... L35: `)}function qt(e,t){let n=Gt(e,t);if(n.manual)return{ok:!1,message:[`${C[e].name} uses a TOML config that the installer does not edit automatically.`,`Add this block to ${n.configP... ... L37: `),{ok:!0,message:`Installed into ${C[e].name} (${n.configPath})`}}function Jo(){let e=Ko(import.meta.url),t=Ze(e);for(let n=0;n<6;n++){if(X(I(t,"package.json"))&&X(I(t,"skills")))... L38: `),{ok:!0,message:`Full plugin installed into Cursor (${X(I(n,"skills"))?Bo(I(n,"skills"),{withFileTypes:!0}).filter(i=>i.isDirectory()).length:0} skills, rules, agent, commands) a... L39: `)};let t=await Jt("claude",["plugins","install",ze]);return t.ok?{ok:!0,message:`Plugin installed via Claude Code CLI (marketplace: ${He})`}:{ok:!1,message:[`Marketplace added, bu... ... L41: `),"Funding"),tt(["1. Run `opendexter wallet` to confirm your addresses and balances.","2. Run `opendexter search <what-you-need>` to browse the marketplace.","3. Run `
High
Command Output Exfiltration

Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.

dist/index.jsView on unpkg · L33
1#!/usr/bin/env node L2: var Sn=Object.defineProperty;var f=(e,t)=>()=>(e&&(t=e(e=0)),t);var A=(e,t)=>{for(var n in t)Sn(e,n,{get:t[n],enumerable:!0})};import{homedir as An}from"os";import{join as Te}from"... L3: `,{mode:384}),n}var te,Pr,ue=f(()=>{"use strict";P();te=Ar(k,"settings.json"),Pr=5});import{existsSync as Tr,mkdirSync as _r,readFileSync as Rr,appendFileSync as Cr}from"fs";import... ... L6: `,{mode:384}),Or(s,384),Nr(s,o)}function _t(e,t){let n=W(t).filter(r=>r.counterparty!==e.counterparty);n.push(e),Ne(n,t)}function me(e,t){return W(t).find(n=>n.counterparty===e)??n... L7: `)[0].slice(0,120):String(v);n(`(RPC hiccup while polling \u2014 still waiting: ${G})`)}await new Promise(G=>setTimeout(G,s));continue}if(w&&w.live){U(c,{status:"active",vaultPda:w... L8: </head>`),t}catch{return null}}function _o(e){return`<!DOCTYPE html> ... L33: params: { protocolVersion: '2025-03-26', capabilities: {} } }, '*'); L34: </script></body></html>`}function Ft(e){for(let t of Po){let n=To(t.file)??_o(t.name);ho(e,t.name,t.uri,{description:t.description},async()=>({contents:[{uri:t.uri,mimeType:yo,text... L35: `)}function qt(e,t){let n=Gt(e,t);if(n.manual)return{ok:!1,message:[`${C[e]
Low
Weak Crypto

Package source references weak cryptographic algorithms.

dist/index.jsView on unpkg · L1

Findings

2 High3 Medium6 Low
HighSame File Env Network Executiondist/index.js
HighCommand Output Exfiltrationdist/index.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowWeak Cryptodist/index.js
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings