registry  /  @ganglia/cli  /  0.9.173

@ganglia/cli@0.9.173

Ganglia — MCP tools + Code Mode for every major AI coding assistant (Claude Code, Cursor, Windsurf, Cline, OpenCode, Continue, Zed, Codex CLI, Gemini CLI)

Static Scan Results

scanned 22h ago · by rust-scanner

Static analysis flagged 4 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessEnvironmentVars
Supply chain
UrlStrings
Manifest
NoLicense
scanned 1 file(s), 2.15 KB of source, external domains: ganglia.dev

Source & flagged code

1 flagged · loading source
bin/gng.jsView file
7L8: const { spawnSync } = require('child_process'); L9: const path = require('path'); L10: L11: const PLATFORM = `${process.platform}-${process.arch}`; L12: ... L24: `Supported: linux-x64, linux-arm64, darwin-x64, darwin-arm64, win32-x64\n` + L25: `Or install manually: curl -fsSL https://ganglia.dev/install.sh | bash`, L26: ); ... L53: stdio: 'inherit', L54: env: process.env, L55: windowsHide: false,
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

bin/gng.jsView on unpkg · L7

Findings

1 High1 Medium2 Low
HighSandbox Evasion Gated Capabilitybin/gng.js
MediumEnvironment Vars
LowUrl Strings
LowNo License