registry  /  @holt-os/holt  /  0.4.0

@holt-os/holt@0.4.0

An open-source personal agent OS: any LLM, private memory you can see and walk.

Static Scan Results

scanned 7d ago · by rust-scanner

Static analysis completed at 65.0% confidence. No malicious behavior was detected; 6 low-signal pattern(s) were surfaced and cleared.

Static reason
No blocking static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
UrlStrings
ManifestNo manifest risk signals triggered.
scanned 1 file(s), 32.3 KB of source, external domains: 127.0.0.1, github.com, ollama.com, productsdecoded.com

Source & flagged code

1 flagged · loading source
dist/cli.jsView file
12import readline from "readline"; L13: var on = process.stdout.isTTY && !process.env.NO_COLOR; L14: var wrap = (code) => (s) => on ? `\x1B[${code}m${s}\x1B[0m` : s; ... L38: const ask = (q) => new Promise((resolve) => { L39: if (q) process.stdout.write(q); L40: if (buffer.length) resolve(buffer.shift()); ... L47: // src/workspace.ts L48: var GLOBAL_DIR = join(homedir(), ".holt"); L49: var TRUST_PATH = join(GLOBAL_DIR, "trust.json"); ... L60: try { L61: return JSON.parse(readFileSync(TRUST_PATH, "utf8")); L62: } catch {
Medium
Install Persistence

Source writes installer persistence such as shell profile or service configuration.

dist/cli.jsView on unpkg · L12

Findings

3 Medium3 Low
MediumNetwork
MediumEnvironment Vars
MediumInstall Persistencedist/cli.js
LowScripts Present
LowFilesystem
LowUrl Strings