registry  /  @easbot/skills  /  0.2.48

@easbot/skills@0.2.48

Skills management system for EAS Agent ecosystem (add / remove / list / find / update / sync / use)

Static Scan Results

scanned 4h ago · by rust-scanner

Static analysis flagged 10 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsMinifiedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 6 file(s), 323 KB of source, external domains: add-skill.vercel.sh, api.github.com, connectors-skills.zapier.com, example.com, github.com, gitlab.com, raw.githubusercontent.com, schemas.agentskills.io, skills.sh

Source & flagged code

3 flagged · loading source
dist/index.cjsView file
1'use strict';var chunkEOOPF3RI_cjs=require('./chunks/chunk-EOOPF3RI.cjs'),fs$1=require('fs'),path=require('path'),xdgBasedir=require('xdg-basedir'),os$1=require('os'),promises=requ... L2: `;await promises.writeFile(s,o,"utf-8");}async function Fe(t){let e=[];await cl(t,t,e),e.sort((n,l)=>n.relativePath.localeCompare(l.relativePath));let s=crypto.createHash("sha256")...
High
Child Process

Package source references child process execution.

dist/index.cjsView on unpkg · L1
1'use strict';var chunkEOOPF3RI_cjs=require('./chunks/chunk-EOOPF3RI.cjs'),fs$1=require('fs'),path=require('path'),xdgBasedir=require('xdg-basedir'),os$1=require('os'),promises=requ... L2: `;await promises.writeFile(s,o,"utf-8");}async function Fe(t){let e=[];await cl(t,t,e),e.sort((n,l)=>n.relativePath.localeCompare(l.relativePath));let s=crypto.createHash("sha256")... ... L5: --- L6: ${s.replace(/^\r?\n/u,"")}`}async function ms(t,e,s){await promises.mkdir(e,{recursive:true});let n=await promises.readdir(t,{withFileTypes:true});await Promise.all(n.filter(l=>!To... L7: `)+`
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

dist/index.cjsView on unpkg · L1
1'use strict';var chunkEOOPF3RI_cjs=require('./chunks/chunk-EOOPF3RI.cjs'),fs$1=require('fs'),path=require('path'),xdgBasedir=require('xdg-basedir'),os$1=require('os'),promises=requ... L2: `;await promises.writeFile(s,o,"utf-8");}async function Fe(t){let e=[];await cl(t,t,e),e.sort((n,l)=>n.relativePath.localeCompare(l.relativePath));let s=crypto.createHash("sha256")... ... L5: --- L6: ${s.replace(/^\r?\n/u,"")}`}async function ms(t,e,s){await promises.mkdir(e,{recursive:true});let n=await promises.readdir(t,{withFileTypes:true});await Promise.all(n.filter(l=>!To... L7: `)+`
High
Command Output Exfiltration

Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.

dist/index.cjsView on unpkg · L1

Findings

4 High2 Medium4 Low
HighChild Processdist/index.cjs
HighShell
HighSame File Env Network Executiondist/index.cjs
HighCommand Output Exfiltrationdist/index.cjs
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings