registry  /  @easbot/gateway  /  0.2.48

@easbot/gateway@0.2.48

EASBot Gateway - AI Agent Server and Multi-channel Integration Platform - 支持 WebSocket、HTTP、Discord、Telegram、Slack 等多渠道集成

Static Scan Results

scanned 4h ago · by rust-scanner

Static analysis flagged 10 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
CryptoEnvironmentVarsFilesystemNetworkWebSocket
Supply chain
HighEntropyStringsMinifiedObfuscatedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 16 file(s), 768 KB of source, external domains: api.telegram.org, chat.signal.org, discord.com, ilinkai.weixin.qq.com, novac2c.cdn.weixin.qq.com, open.feishu.cn, slack.com

Source & flagged code

2 flagged · loading source
dist/chunks/chunk-RZS4QZWL.cjsView file
1'use strict';var chunkAUPHFE34_cjs=require('./chunk-AUPHFE34.cjs'),chunkGY3SWWW3_cjs=require('./chunk-GY3SWWW3.cjs'),utils=require('@easbot/utils'),u=require('zod'),pe=require('pat... L2: ... L9: `);return e.join(` L10: `).trim()}getSessionId(){return this.sessionId}resetSession(){this.sessionId=void 0;}async stop(){this.bridgeStarted&&(await this.eventBridge.stop(),this.bridgeStarted=false,this.s... L11: `&&t[r]!=="\r";)r++;continue}if(!s&&a==="/"&&t[r+1]==="*"){for(r+=2;r<t.length-1;){if(t[r]==="*"&&t[r+1]==="/"){r+=2;break}r++;}continue}i.push(a);}return e=i.join("").trim(),e?JSO...
Low
Weak Crypto

Package source references weak cryptographic algorithms.

dist/chunks/chunk-RZS4QZWL.cjsView on unpkg · L1
dist/chunks/chunk-LBRRMDDL.mjsView file
10package = @easbot/gateway; repositoryIdentity = easbot; dependency = @easbot/utils L10: `).trim()}getSessionId(){return this.sessionId}resetSession(){this.sessionId=void 0;}async stop(){this.bridgeStarted&&(await this.eventBridge.stop(),this.bridgeStarted=false,this.s... L11: `&&t[r]!=="\r";)r++;continue}if(!s&&a==="/"&&t[r+1]==="*"){for(r+=2;r<t.length-1;){if(t[r]==="*"&&t[r+1]==="/"){r+=2;break}r++;}continue}i.push(a);}return e=i.join("").trim(),e?JSO... L12: `)}buildSessionId(t,e,s){let n=[this.platform,t,e];return s&&n.push(s),n.join("_")}async handleMessage(t){if(!this.messageHandler){this.log.warn("no message handler set, dropping m...
High
Copied Package Dependency Bridge

Package metadata claims a different repository identity while copied source loads a runtime dependency bridge.

dist/chunks/chunk-LBRRMDDL.mjsView on unpkg · L10

Findings

1 High3 Medium6 Low
HighCopied Package Dependency Bridgedist/chunks/chunk-LBRRMDDL.mjs
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowWeak Cryptodist/chunks/chunk-RZS4QZWL.cjs
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings