6const __filename = __ac2FileURLToPath(import.meta.url);
L7: const __dirname = __ac2Dirname(__filename);
L8: var $he=Object.create;var v3=Object.defineProperty;var Che=Object.getOwnPropertyDescriptor;var Dhe=Object.getOwnPropertyNames;var Phe=Object.getPrototypeOf,Mhe=Object.prototype.has...
L9: `:""},this._extScope=e,this._scope=new cc.Scope({parent:e}),this._nodes=[new dT]}toString(){return this._root.render(this.opts)}name(e){return this._scope.name(e)}scopeName(e){retu...
L10: || (${a} == "string" && ${i} && ${i} == +${i})`).assign(s,(0,Ir._)`+${i}`);return;case"integer":n.elseIf((0,Ir._)`${a} === "boolean" || ${i} === null
L11: || (${a} === "string" && ${i} && ${i} == +${i} && !(${i} % 1))`).assign(s,(0,Ir._)`+${i}`);return;case"boolean":n.elseIf((0,Ir._)`${i} === "false" || ${i} === 0 || ${i} === null`)....
L12: || ${a} === "boolean" || ${i} === null`).assign(s,(0,Ir._)`[${i}]`)}}}function _6e({gen:t,parentData:e,parentDataProperty:r},n){t.if((0,Ir._)`${e} !== undefined`,()=>t.assign((0,Ir...
L13: missingProperty: ${n},
...
L18: ${new this._window.XMLSerializer().serializeToString(h)}`;return typeof Blob>"u"||this._options.jsdom?Buffer.from(b):new Blob([b],{type:w})}return
CriticalWallet Drain
Source uses private key material to transfer cryptocurrency funds.
dist/server.jsView on unpkg · L6 106Trigger-reachable chain: manifest.bin -> dist/server.js
L106: `)}
L107: `}function eke(t,e){if(!t.appCallTrace||!t.disassembly)return"";let r=e;return e!==void 0?r=e:r={maxValueWidth:cC,topOfStackFirst:!1},bte(t.appCallTrace,t.disassembly,r)}function t...
L108: `);return{content:[yn(a)],details:o}}}}var $Me=Be.Object({refresh:Be.Optional(Be.Boolean({description:"DEPRECATED / no-op (plugin v0.0.84+): every `ac2_capabilities` call now hits ...
...
L112: `);return{content:[yn(d)],details:a}}}}var RL=Be.Object({message_base64:Be.String({minLength:1,description:"Base64 of the raw bytes that were signed (same bytes the signer received...
L113: ${t.length}`,r=new TextEncoder().encode(e),n=new Uint8Array(r.length+t.length);return n.set(r,0),n.set(t,r.length),Ks(n)}function NL(t,e){let r=e.slice(0,32),n=e.slice(32,64),i=e[6...
L114: `)}var g3={type:"object",properties:{},additionalProperties:!1};function Ch(t){return{content:[{type:"text",text:t}]}}async function hhe(t){if(!t)return Ch("No active pairing invit...
...
L116: `));if(e.active)return Ch(`Already connected (peer=${e.active.peerDid}). Run ac2_status for details.`);if(e.pendingInvitation&&!mhe(e.pendingInvitation))return hhe(e.pen…
CriticalTrigger Reachable Dangerous Capability
A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/server.jsView on unpkg · L106 120`)}catch(o){process.stderr.write(`[ac2] could not write tool-proxy endpoint: ${String(o)}
L121: `)}}),r}function _he(){let t=vhe();if(!(t&&t.pid!==process.pid))try{yLe(qL())}catch{}}function She(t,e){let r=vhe();if(!r)return Promise.resolve({content:[{type:"text",text:"The AC...
L122: `))i.trim()&&process.stderr.write(`[ac2] app-server: ${i}
112`);return{content:[yn(d)],details:a}}}}var RL=Be.Object({message_base64:Be.String({minLength:1,description:"Base64 of the raw bytes that were signed (same bytes the signer received...
L113: ${t.length}`,r=new TextEncoder().encode(e),n=new Uint8Array(r.length+t.length);return n.set(r,0),n.set(t,r.length),Ks(n)}function NL(t,e){let r=e.slice(0,32),n=e.slice(32,64),i=e[6...
L114: `)}var g3={type:"object",properties:{},additionalProperties:!1};function Ch(t){return{content:[{type:"text",text:t}]}}async function hhe(t){if(!t)return Ch("No active pairing invit...
...
L120: `)}catch(o){process.stderr.write(`[ac2] could not write tool-proxy endpoint: ${String(o)}
L121: `)}}),r}function _he(){let t=vhe();if(!(t&&t.pid!==process.pid))try{yLe(qL())}catch{}}function She(t,e){let r=vhe();if(!r)return Promise.resolve({content:[{type:"text",text:"The AC...
L122: `))i.trim()&&process.stderr.write(`[ac2] app-server: ${i}
HighSame File Env Network Execution
A single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/server.jsView on unpkg · L112 106`)}
L107: `}function eke(t,e){if(!t.appCallTrace||!t.disassembly)return"";let r=e;return e!==void 0?r=e:r={maxValueWidth:cC,topOfStackFirst:!1},bte(t.appCallTrace,t.disassembly,r)}function t...
L108: `);return{content:[yn(a)],details:o}}}}var $Me=Be.Object({refresh:Be.Optional(Be.Boolean({description:"DEPRECATED / no-op (plugin v0.0.84+): every `ac2_capabilities` call now hits ...
...
L112: `);return{content:[yn(d)],details:a}}}}var RL=Be.Object({message_base64:Be.String({minLength:1,description:"Base64 of the raw bytes that were signed (same bytes the signer received...
L113: ${t.length}`,r=new TextEncoder().encode(e),n=new Uint8Array(r.length+t.length);return n.set(r,0),n.set(t,r.length),Ks(n)}function NL(t,e){let r=e.slice(0,32),n=e.slice(32,64),i=e[6...
L114: `)}var g3={type:"object",properties:{},additionalProperties:!1};function Ch(t){return{content:[{type:"text",text:t}]}}async function hhe(t){if(!t)return Ch("No active pairing invit...
...
L116: `));if(e.active)return Ch(`Already connected (peer=${e.active.peerDid}). Run ac2_status for details.`);if(e.pendingInvitation&&!mhe(e.pendingInvitation))return hhe(e.pendingInvitat...
L117: `)}async function mLe(t,e){return e.
HighCommand Output Exfiltration
Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.
dist/server.jsView on unpkg · L106 11|| (${a} === "string" && ${i} && ${i} == +${i} && !(${i} % 1))`).assign(s,(0,Ir._)`+${i}`);return;case"boolean":n.elseIf((0,Ir._)`${i} === "false" || ${i} === 0 || ${i} === null`)....
L12: || ${a} === "boolean" || ${i} === null`).assign(s,(0,Ir._)`[${i}]`)}}}function _6e({gen:t,parentData:e,parentDataProperty:r},n){t.if((0,Ir._)`${e} !== undefined`,()=>t.assign((0,Ir...
L13: missingProperty: ${n},
LowEval
Package source references a known benign dynamic code generation pattern.
dist/server.jsView on unpkg · L11 6const __filename = __ac2FileURLToPath(import.meta.url);
L7: const __dirname = __ac2Dirname(__filename);
L8: var $he=Object.create;var v3=Object.defineProperty;var Che=Object.getOwnPropertyDescriptor;var Dhe=Object.getOwnPropertyNames;var Phe=Object.getPrototypeOf,Mhe=Object.prototype.has...
L9: `:""},this._extScope=e,this._scope=new cc.Scope({parent:e}),this._nodes=[new dT]}toString(){return this._root.render(this.opts)}name(e){return this._scope.name(e)}scopeName(e){retu...
L10: || (${a} == "string" && ${i} && ${i} == +${i})`).assign(s,(0,Ir._)`+${i}`);return;case"integer":n.elseIf((0,Ir._)`${a} === "boolean" || ${i} === null
L11: || (${a} === "string" && ${i} && ${i} == +${i} && !(${i} % 1))`).assign(s,(0,Ir._)`+${i}`);return;case"boolean":n.elseIf((0,Ir._)`${i} === "false" || ${i} === 0 || ${i} === null`)....
L12: || ${a} === "boolean" || ${i} === null`).assign(s,(0,Ir._)`[${i}]`)}}}function _6e({gen:t,parentData:e,parentDataProperty:r},n){t.if((0,Ir._)`${e} !== undefined`,()=>t.assign((0,Ir...
L13: missingProperty: ${n},
...
L18: ${new this._window.XMLSerializer().serializeToString(h)}`;return typeof Blob>"u"||this._options.jsdom?Buffer.from(b):new Blob([b],{type:w})}return
LowWeak Crypto
Package source references weak cryptographic algorithms.
dist/server.jsView on unpkg · L6