registry  /  @dexto/tui  /  1.9.1

@dexto/tui@1.9.1

Interactive terminal UI for Dexto CLI

Static Scan Results

scanned 8d ago · by rust-scanner

Static analysis flagged 9 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemShell
Supply chain
HighEntropyStringsObfuscatedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 398 file(s), 2.29 MB of source, external domains: docs.dexto.ai, example.com, github.com, openrouter.ai

Source & flagged code

2 flagged · loading source
dist/interactive-commands/documentation-commands.cjsView file
42handler: async (_args, _agent, _ctx) => { L43: const docsUrl = "https://docs.dexto.ai/docs/category/getting-started"; L44: try { L45: const { spawn } = await import("child_process"); L46: const command = process.platform === "darwin" ? "open" : process.platform === "win32" ? "start" : "xdg-open"; L47: spawn(command, [docsUrl], { detached: true, stdio: "ignore" });
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

dist/interactive-commands/documentation-commands.cjsView on unpkg · L42
dist/assets/sounds/powerup.wavView file
path = dist/assets/sounds/powerup.wav kind = high_entropy_blob sizeBytes = 24740 magicHex = [redacted]
High
Ships High Entropy Blob

Package ships high-entropy non-source blobs.

dist/assets/sounds/powerup.wavView on unpkg

Findings

2 High2 Medium5 Low
HighSandbox Evasion Gated Capabilitydist/interactive-commands/documentation-commands.cjs
HighShips High Entropy Blobdist/assets/sounds/powerup.wav
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings