registry  /  @heretyc/subagent-mcp  /  2.12.2

@heretyc/subagent-mcp@2.12.2

MCP server that launches and manages always-interactive Claude Code and Codex sub-agent sessions (no direct Anthropic/OpenAI API).

Static Scan Results

scanned 7d ago · by rust-scanner

Static analysis flagged 13 finding(s) at 93.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsMinifiedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 30 file(s), 273 KB of source, external domains: github.com, registry.npmjs.org

Source & flagged code

5 flagged · loading source
package.jsonView file
scripts.postinstall = node scripts/postinstall.mjs
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node scripts/postinstall.mjs
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
dist/index.jsView file
4import { z } from "zod"; L5: import { spawn, spawnSync, execSync } from "child_process"; L6: import { unlinkSync, existsSync, realpathSync, readFileSync, writeFileSync } from "node:fs"; ... L28: const deadlockWindow = createDeadlockWindow(); L29: const STDOUT_RING_BYTES = 2 * 1024 * 1024; L30: // Advanced-ruleset gate: per-process latch with exactly the deadlock-window ... L41: const SPAWN_GRACE_MS = (() => { L42: const raw = process.env.SUBAGENT_SPAWN_GRACE_MS; L43: if (raw === undefined || raw === "") ... L82: try { L83: const parsed = JSON.parse(text); L84: if (parsed && typeof parsed === "object" && !Array.isArray(parsed)) {
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

dist/index.jsView on unpkg · L4
matchType = previous_version_dangerous_delta matchedPackage = @heretyc/subagent-mcp@2.12.1 matchedIdentity = npm:QGhlcmV0eWMvc3ViYWdlbnQtbWNw:2.12.1 similarity = 0.704 summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/index.jsView on unpkg
dist/advanced-ruleset.pyView file
path = dist/advanced-ruleset.py kind = build_helper sizeBytes = 2989 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

dist/advanced-ruleset.pyView on unpkg

Findings

3 High5 Medium5 Low
HighInstall Time Lifecycle Scriptspackage.json
HighSandbox Evasion Gated Capabilitydist/index.js
HighPrevious Version Dangerous Deltadist/index.js
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
MediumEnvironment Vars
MediumShips Build Helperdist/advanced-ruleset.py
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings