registry  /  @foxden-app/foxclaw  /  0.5.70

@foxden-app/foxclaw@0.5.70

Foxden local execution claw for controlling Codex from trusted chat interfaces.

Static Scan Results

scanned 3h ago · by rust-scanner

Static analysis flagged 13 finding(s) at 93.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShellWebSocket
Supply chain
HighEntropyStringsUrlStrings
Manifest
NoLicense
scanned 68 file(s), 1.13 MB of source, external domains: 127.0.0.1, api.openai.com, api.telegram.org, github.com, ilink.weixin.qq.com, ilinkai.weixin.qq.com, novac2c.cdn.weixin.qq.com, www.apple.com

Source & flagged code

5 flagged · loading source
dist/channels/weixin/ilink/upload.jsView file
63log.debug(`downloadRemoteImageToTemp: fetching url=${url}`); L64: const res = await fetch(url); L65: if (!res.ok) { ... L67: } L68: const buf = Buffer.from(await res.arrayBuffer()); L69: await fs.mkdir(destDir, { recursive: true });
Low
Weak Crypto

Package source references weak cryptographic algorithms.

dist/channels/weixin/ilink/upload.jsView on unpkg · L63
dist/main.jsView file
7import { createInterface } from 'node:readline/promises'; L8: import { spawnSync } from 'node:child_process'; L9: import { fileURLToPath } from 'node:url'; ... L186: clusterBroadcastFile: CLUSTER_UPDATE_BROADCAST_PATH, L187: ...(process.env.CODEX_CLI_BIN || resolveCommand('codex') L188: ? { codexCliBin: process.env.CODEX_CLI_BIN || resolveCommand('codex') } ... L263: try { L264: const pkg = JSON.parse(fs.readFileSync(path.join(packageRoot, 'package.json'), 'utf8')); L265: return typeof pkg.version === 'string' && pkg.version.trim() ? pkg.version : '0.0.0'; ... L292: console.error('Usage: foxclaw send-voice <path> [caption] [--bot-id <bot-id>] [--chat-id <chat-id>]'); L293: process.exitCode = 1; L294: return;
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

dist/main.jsView on unpkg · L7
matchType = previous_version_dangerous_delta matchedPackage = @foxden-app/foxclaw@0.5.69 matchedIdentity = npm:QGZveGRlbi1hcHAvZm94Y2xhdw:0.5.69 similarity = 0.970 summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/main.jsView on unpkg
7import { createInterface } from 'node:readline/promises'; L8: import { spawnSync } from 'node:child_process'; L9: import { fileURLToPath } from 'node:url'; ... L186: clusterBroadcastFile: CLUSTER_UPDATE_BROADCAST_PATH, L187: ...(process.env.CODEX_CLI_BIN || resolveCommand('codex') L188: ? { codexCliBin: process.env.CODEX_CLI_BIN || resolveCommand('codex') } ... L263: try { L264: const pkg = JSON.parse(fs.readFileSync(path.join(packageRoot, 'package.json'), 'utf8')); L265: return typeof pkg.version === 'string' && pkg.version.trim() ? pkg.version : '0.0.0'; ... L292: console.error('Usage: foxclaw send-voice <path> [caption] [--bot-id <bot-id>] [--chat-id <chat-id>]'); L293: process.exitCode = 1; L294: return;
Medium
Install Persistence

Source writes installer persistence such as shell profile or service configuration.

dist/main.jsView on unpkg · L7
scripts/systemd/uninstall.shView file
path = scripts/systemd/uninstall.sh kind = build_helper sizeBytes = 134 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

scripts/systemd/uninstall.shView on unpkg

Findings

2 High5 Medium6 Low
HighSandbox Evasion Gated Capabilitydist/main.js
HighPrevious Version Dangerous Deltadist/main.js
MediumNetwork
MediumEnvironment Vars
MediumInstall Persistencedist/main.js
MediumShips Build Helperscripts/systemd/uninstall.sh
MediumStructural Risk Force Deep Review
LowScripts Present
LowWeak Cryptodist/channels/weixin/ilink/upload.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License