registry  /  @dmsdc-ai/aigentry-telepty  /  0.6.7

@dmsdc-ai/aigentry-telepty@0.6.7

Universal terminal session bridge — connect any terminal to any terminal, any machine

Static Scan Results

scanned 3h ago · by rust-scanner

Static analysis flagged 16 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShellWebSocket
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 48 file(s), 697 KB of source, external domains: 127.0.0.1, aigentry.dev, www.apple.com

Source & flagged code

8 flagged · loading source
package.jsonView file
scripts.postinstall = node scripts/postinstall.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node scripts/postinstall.js
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
cross-machine.jsView file
2L3: const { execSync, spawn, spawnSync } = require('child_process'); L4: const fs = require('fs');
High
Child Process

Package source references child process execution.

cross-machine.jsView on unpkg · L2
install.jsView file
76L77: function systemdExecArg(value) { L78: const text = String(value);
High
Shell

Package source references shell execution.

install.jsView on unpkg · L76
2L3: const { execSync, spawn } = require('child_process'); L4: const os = require('os'); ... L26: } catch (e) { L27: return __dirname; L28: } ... L95: const daemonPath = buildDaemonPath(nodeBin, ['/usr/local/bin', '/usr/bin', '/bin', '/usr/sbin', '/sbin']); L96: const stdoutPath = path.join(logDir, 'launchd.out.log'); L97: const stderrPath = path.join(logDir, 'launchd.err.log'); ... L169: L170: return `schtasks /create /tn ${quoteWindowsArg(taskName)} /sc onlogon /rl LIMITED /f /tr ${quoteWindowsArg(taskCommand)}`; L171: }
Medium
Install Persistence

Source writes installer persistence such as shell profile or service configuration.

install.jsView on unpkg · L2
daemon-control.jsView file
5const path = require('path'); L6: const http = require('http'); L7: const { execFileSync, execSync } = require('child_process'); L8: const { killWindowsProcess } = require('./src/win-kill-process'); ... L14: function killGraceMs() { L15: const raw = Number(process.env.TELEPTY_DAEMON_KILL_GRACE_MS); L16: if (Number.isFinite(raw) && raw >= 0) return raw;
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

daemon-control.jsView on unpkg · L5
cli.jsView file
6Detached bundled service listener: cli.js spawns daemon.js; helper exposes a broad-bound HTTP listener. L6: const { constants: osConstants } = require('os'); L7: const WebSocket = require('ws'); L8: const { execSync, execFileSync, spawn } = require('child_process'); L9: const readline = require('readline'); ... L11: const updateNotifier = require('update-notifier'); L12: const pkg = require('./package.json'); L13: const { getConfig } = require('./auth'); ... L70: if (stream.isTTY && (stream.isRaw || stream.__teleptyRawModeActive)) { L71: restoreTerminalModes(process.stdout); L72: } ... L100: if (!options.silent) { L101: process.stderr.write('\n\x1b[33m⚠️ Terminal input was interrupted. Returning to the telepty menu...\x1b[0m\n');
High
Spawned Bundled Service Listener

Source launches a detached bundled service that exposes a broad-bound HTTP listener.

cli.jsView on unpkg · L6
install.shView file
path = install.sh kind = build_helper sizeBytes = 4328 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

install.shView on unpkg

Findings

5 High6 Medium5 Low
HighInstall Time Lifecycle Scriptspackage.json
HighChild Processcross-machine.js
HighShellinstall.js
HighSame File Env Network Executiondaemon-control.js
HighSpawned Bundled Service Listenercli.js
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
MediumEnvironment Vars
MediumInstall Persistenceinstall.js
MediumShips Build Helperinstall.sh
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings