registry  /  @hybridaione/hybridclaw  /  0.27.0

@hybridaione/hybridclaw@0.27.0

⚠ Under review

Enterprise-ready self-hosted AI assistant runtime with sandboxed execution, secure credentials, approvals, and memory

Static Scan Results

scanned 5h ago · by rust-scanner

Static analysis flagged 24 finding(s) at 86.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
High-risk behavior combination matched malicious policy.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsEvalFilesystemNativeBindingsNetworkShellWebSocket
Supply chain
HighEntropyStringsMinifiedObfuscatedTelemetryUrlStrings
Manifest
NoLicense
scanned 898 file(s), 12.0 MB of source, external domains: 127.0.0.1, 192.0.2.10, 192.0.2.30, 192.168.178.40, accounts.google.com, alexa.amazon.com, alexa.amazon.com.au, analyticsdata.googleapis.com, api-enterprise-dashboard.otc-service.com, api.airtable.com, api.amazon.com, api.anthropic.com, api.assemblyai.com, api.bfl.ai, api.botframework.com, api.browser-use.com, api.deepgram.com, api.deepseek.com, api.firecrawl.dev, api.github.com, api.groq.com, api.hetzner.cloud, api.hetzner.com, api.heygen.com, api.hubapi.com, api.kilo.ai, api.kilocode.ai, api.kimi.com, api.lexware.io, api.meethue.com, api.minimax.io, api.miro.com, api.mistral.ai, api.mittwald.de, api.moonshot.ai, api.oauth.blink.com, api.openai.com, api.perplexity.ai, api.search.brave.com, api.solarweb.com, api.stripe.com, api.tavily.com, api.telegram.org, api.twilio.com, api.x.ai, api.xiaomimimo.com, api.z.ai, app.hubspot.com, apps.datev.de, auth.openai.com

Source & flagged code

13 flagged · loading source
package.jsonView file
scripts.postinstall = node ./scripts/postinstall-container.mjs
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
dist/cli/channels-command.jsView file
811patternName = generic_password severity = medium line = 811 matchedText = password...ull;
Medium
Secret Pattern

Package contains a possible secret pattern.

dist/cli/channels-command.jsView on unpkg · L811
1094patternName = generic_password severity = medium line = 1094 matchedText = password...ull;
Medium
Secret Pattern

Hardcoded password in dist/cli/channels-command.js

dist/cli/channels-command.jsView on unpkg · L1094
infra/managed-browser/server.jsView file
1import { spawn } from 'node:child_process'; L2: import { createHmac, randomUUID, timingSafeEqual } from 'node:crypto';
High
Child Process

Package source references child process execution.

infra/managed-browser/server.jsView on unpkg · L1
dist/evals/eval-command.jsView file
511return { L512: command: process.env.ComSpec || 'cmd.exe', L513: args: ['/d', '/s', '/c'],
High
Shell

Package source references shell execution.

dist/evals/eval-command.jsView on unpkg · L511
dist/skills/skills-guard.jsView file
772category: 'obfuscation', L773: description: 'eval() with string argument', L774: },
High
Eval

Package source references dynamic code evaluation.

dist/skills/skills-guard.jsView on unpkg · L772
dist/plugins/plugin-manager.jsView file
474async function stripPluginTypeScript(source) { L475: const { transformSync } = await import('amaro'); L476: return transformSync(source, { mode: 'strip-only' }).code;
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/plugins/plugin-manager.jsView on unpkg · L474
dist/evals/locomo-native.jsView file
14const LOCOMO_DATASET_COMMIT = '[redacted]'; L15: const LOCOMO_DATASET_URL = `https://raw.githubusercontent.com/snap-research/locomo/${LOCOMO_DATASET_COMMIT}/data/locomo10.json`; L16: const LOCOMO_DATASET_SHA256 = '[redacted]'; ... L297: } L298: const rawBuffer = Buffer.from(await response.arrayBuffer()); L299: verifyDownloadedDataset(rawBuffer); ... L1507: function readGatewayRuntime() { L1508: const baseUrl = String(process.env.OPENAI_BASE_URL || DEFAULT_OPENAI_BASE_URL) L1509: .trim() ... L1929: scope: 'episodic', L1930: metadata: { L1931: sampleId: params.sample.sample_id,
Low
Weak Crypto

Package source references weak cryptographic algorithms.

dist/evals/locomo-native.jsView on unpkg · L14
dist/tunnel/cloudflare-tunnel-provider.jsView file
18function defaultProcessRunner(command) { L19: return (args, options) => spawn(command, args, { L20: env: options?.env ? { ...process.env, ...options.env } : process.env, L21: stdio: ['ignore', 'pipe', 'pipe'], ... L28: return trimmed.replace(/\/$/, ''); L29: return `http://${trimmed.replace(/\/$/, '')}`; L30: }
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

dist/tunnel/cloudflare-tunnel-provider.jsView on unpkg · L18
dist/channels/discord-webhook/delivery.jsView file
76try { L77: const body = (await response.clone().json()); L78: const bodySeconds = Number(body.retry_after); ... L90: try { L91: response = await fetch(params.webhookUrl, { L92: method: 'POST', ... L95: }, L96: body: JSON.stringify(params.payload), L97: signal: params.signal,
Critical
Credential Exfiltration

Source appears to send environment or credential material to an external endpoint.

dist/channels/discord-webhook/delivery.jsView on unpkg · L76
skills/alexa/alexa-auth.cjsView file
3L4: const { spawn, spawnSync } = require('node:child_process'); L5: const fs = require('node:fs'); L6: const net = require('node:net'); L7: const os = require('node:os'); ... L18: function fail(message, code = 2) { L19: process.stderr.write(`${message}\n`); L20: process.exit(code);
High
Command Output Exfiltration

Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.

skills/alexa/alexa-auth.cjsView on unpkg · L3
community-skills/meme-generation/scripts/generate_meme.pyView file
path = community-skills/meme-generation/scripts/generate_meme.py kind = build_helper sizeBytes = 26992 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

community-skills/meme-generation/scripts/generate_meme.pyView on unpkg
skills/blink/blink.cjsView file
72patternName = generic_password severity = medium line = 72 matchedText = password...RD',
Medium
Secret Pattern

Hardcoded password in skills/blink/blink.cjs

skills/blink/blink.cjsView on unpkg · L72

Findings

1 Critical6 High8 Medium9 Low
CriticalCredential Exfiltrationdist/channels/discord-webhook/delivery.js
HighInstall Time Lifecycle Scriptspackage.json
HighChild Processinfra/managed-browser/server.js
HighShelldist/evals/eval-command.js
HighEvaldist/skills/skills-guard.js
HighSame File Env Network Executiondist/tunnel/cloudflare-tunnel-provider.js
HighCommand Output Exfiltrationskills/alexa/alexa-auth.cjs
MediumSecret Patterndist/cli/channels-command.js
MediumDynamic Requiredist/plugins/plugin-manager.js
MediumNetwork
MediumEnvironment Vars
MediumShips Build Helpercommunity-skills/meme-generation/scripts/generate_meme.py
MediumStructural Risk Force Deep Review
MediumSecret Patterndist/cli/channels-command.js
MediumSecret Patternskills/blink/blink.cjs
LowNon Install Lifecycle Scripts
LowScripts Present
LowWeak Cryptodist/evals/locomo-native.js
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowTelemetry
LowUrl Strings
LowNo License