registry  /  @holt-os/holt  /  0.2.0

@holt-os/holt@0.2.0

An open-source personal agent OS: any LLM, private memory you can see and walk.

Static Scan Results

scanned 7d ago · by rust-scanner

Static analysis completed at 65.0% confidence. No malicious behavior was detected; 5 low-signal pattern(s) were surfaced and cleared.

Static reason
No blocking static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemShell
Supply chain
UrlStrings
ManifestNo manifest risk signals triggered.
scanned 1 file(s), 20.4 KB of source, external domains: github.com, productsdecoded.com

Source & flagged code

1 flagged · loading source
dist/cli.jsView file
12import readline from "readline"; L13: var on = process.stdout.isTTY && !process.env.NO_COLOR; L14: var wrap = (code) => (s) => on ? `\x1B[${code}m${s}\x1B[0m` : s; ... L38: const ask = (q) => new Promise((resolve) => { L39: if (q) process.stdout.write(q); L40: if (buffer.length) resolve(buffer.shift()); ... L47: // src/workspace.ts L48: var GLOBAL_DIR = join(homedir(), ".holt"); L49: var TRUST_PATH = join(GLOBAL_DIR, "trust.json"); ... L60: try { L61: return JSON.parse(readFileSync(TRUST_PATH, "utf8")); L62: } catch {
Medium
Install Persistence

Source writes installer persistence such as shell profile or service configuration.

dist/cli.jsView on unpkg · L12

Findings

2 Medium3 Low
MediumEnvironment Vars
MediumInstall Persistencedist/cli.js
LowScripts Present
LowFilesystem
LowUrl Strings