registry  /  @guangnao/agent-cli  /  1.2.5

@guangnao/agent-cli@1.2.5

AgentOS terminal CLI — drive a real LLM agent on the microkernel; strongest-UX shell, advanced agent core

Static Scan Results

scanned 4d ago · by rust-scanner

Static analysis flagged 15 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsObfuscatedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 1 file(s), 676 KB of source, external domains: 127.0.0.1, aistudio.google.com, api.anthropic.com, api.deepseek.com, api.guangnao.com, api.openai.com, auth.openai.com, chatgpt.com, console.anthropic.com, generativelanguage.googleapis.com, guangnao.com, platform.deepseek.com, platform.openai.com

Source & flagged code

6 flagged · loading source
dist/cli.jsView file
7062// src/tools/shell.ts L7063: import { exec } from "node:child_process"; L7064: var MAX_OUT = 4e3;
High
Child Process

Package source references child process execution.

dist/cli.jsView on unpkg · L7062
7074schema: { name: "shell", description: "run a shell command and return stdout/stderr + exit code", parameters: { type: "object", required: ["command"], properties: { L7075: command: { type: "string", description: "the command line to run (sh -c)" }, L7076: cwd: { type: "string", description: "working directory (optional; defaults to where agentos was launched)" }
High
Shell

Package source references shell execution.

dist/cli.jsView on unpkg · L7074
7074schema: { name: "shell", description: "run a shell command and return stdout/stderr + exit code", parameters: { type: "object", required: ["command"], properties: { L7075: command: { type: "string", description: "the command line to run (sh -c)" }, L7076: cwd: { type: "string", description: "working directory (optional; defaults to where agentos was launched)" } L7077: } } }, L7078: run: (i) => new Promise((resolve4) => { L7079: const { command, cwd } = i; L7080: if (!command || !command.trim()) return resolve4({ error: "empty command" }); L7081: exec(command, { cwd: cwd || process.env["AGENTOS_CWD"] || process.cwd(), timeout: 3e4, maxBuffer: 1 << 20 }, (err, stdout, stderr) => { L7082: const merged = (stdout + (stderr ? (stdout ? "\n" : "") + stderr : "")).trim();
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

dist/cli.jsView on unpkg · L7074
191function charWidth(ch) { L192: const cc = ch.length === 1 ? ch.charCodeAt(0) : -1; L193: if (cc >= 32 && cc <= 126) return 1; ... L326: function terminalWidth() { L327: return process.stdout.columns || 80; L328: } L329: function detectTheme() { L330: const explicit = (process.env["UXX_THEME"] || process.env["GCLI_THEME"] || "").toLowerCase(); L331: if (explicit === "light" || explicit === "dark") return explicit; ... L344: "use strict"; L345: _isMac = process.platform === "darwin"; L346: KEY_PASTE = _isMac ? "\u2318V" : "Ctrl+V";
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

dist/cli.jsView on unpkg · L191
6454var openaiResponses = (cfg2) => { L6455: const base4 = (cfg2.baseUrl ?? "https://api.openai.com/v1").replace(/\/$/, ""); L6456: const headers = { "Content-Type": "application/json", Authorization: `Bearer ${cfg2.apiKey}` }; ... L7062: // src/tools/shell.ts L7063: import { exec } from "node:child_process"; L7064: var MAX_OUT = 4e3; ... L7121: try { L7122: const content = readFileSync(abs, "utf8"); L7123: const total = content.length; ... L9488: if (b.goal) parts.push(`Goal: ${b.goal}`); L9489: if (b.tools?.length) parts.push(`Available tools: ${b.tools.join(", ")}`); L9490: if (b.lessons?.length) parts.push(`Lessons to bake in:
High
Remote Agent Bridge

Source exposes local file and command tools to a remote model endpoint.

dist/cli.jsView on unpkg · L6454
1471"use strict"; L1472: var os = __require("os"); L1473: var tty = __require("tty");
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/cli.jsView on unpkg · L1471

Findings

5 High4 Medium6 Low
HighChild Processdist/cli.js
HighShelldist/cli.js
HighSame File Env Network Executiondist/cli.js
HighSandbox Evasion Gated Capabilitydist/cli.js
HighRemote Agent Bridgedist/cli.js
MediumDynamic Requiredist/cli.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings