registry  /  @diguike/claudedoctor  /  0.1.0

@diguike/claudedoctor@0.1.0

克劳德医生 · 给 Claude Code 做封禁风险体检的 CLI:检测 → 修复 → 复验。只算有因果的信号,每条带置信度与出处。

Static Scan Results

scanned 2h ago · by rust-scanner

Static analysis flagged 12 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessDynamicRequireEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 2 file(s), 50.9 KB of source, external domains: 127.0.0.1, api.ipapi.is, api.ipdata.co, code.claude.com, dev.to, github.com, ip-api.com, news.ycombinator.com, support.claude.com, venturebeat.com, www.anthropic.com

Source & flagged code

4 flagged · loading source
dist/cli.jsView file
577// src/collect.ts L578: import { execFileSync } from "node:child_process"; L579: import { existsSync, readFileSync } from "node:fs";
High
Child Process

Package source references child process execution.

dist/cli.jsView on unpkg · L577
963const port = server.address().port; L964: child = spawn("claude", ["-p", "ping"], { L965: env: { ...process.env, ANTHROPIC_BASE_URL: `http://127.0.0.1:${port}` }, L966: stdio: "ignore"
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

dist/cli.jsView on unpkg · L963
36var env = p.env || {}; L37: var isColorSupported = !(!!env.NO_COLOR || argv.includes("--no-color")) && (!!env.FORCE_COLOR || argv.includes("--color") || p.platform === "win32" || (p.stdout || {}).isTTY && env... L38: var formatter = (open, close, replace = open) => (input) => { ... L108: /** Official Claude Code legal doc — "Authentication and credential use". confirmed. */ L109: ccLegal: "https://code.claude.com/docs/en/legal-and-compliance", L110: /** Anthropic Usage Policy (AUP). confirmed. */ ... L480: scored: false, L481: // access issue, not a ban — don't inflate the risk summary L482: summary: `\u51FA\u53E3\u4E3A\u673A\u623F IP${n.asnOrg ? `\uFF08${n.asnOrg}\uFF09` : ""} \u2014 \u53EF\u80FD\u88AB Cloudflare \u62E6 claude.ai OAuth \u767B\u5F55`, ... L577: // src/collect.ts L578: import { execFileSync } from "node:child_process"; L579: import { existsSync, readFileSync } from "node:fs";
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

dist/cli.jsView on unpkg · L36
bin/claudedoctor.mjsView file
17L18: const { main } = await import(entry); L19: process.exit(await main(process.argv.slice(2)));
Medium
Dynamic Require

Package source references dynamic require/import behavior.

bin/claudedoctor.mjsView on unpkg · L17

Findings

4 High4 Medium4 Low
HighChild Processdist/cli.js
HighShell
HighSame File Env Network Executiondist/cli.js
HighSandbox Evasion Gated Capabilitydist/cli.js
MediumDynamic Requirebin/claudedoctor.mjs
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings