registry  /  @hybridlabor-api/bdb-antigravity-skills  /  1.0.5

@hybridlabor-api/bdb-antigravity-skills@1.0.5

Optimized Antigravity skills and MCP pack for BDB DEV

Static Scan Results

scanned 2d ago · by rust-scanner

Static analysis flagged 13 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessDynamicRequireEnvironmentVarsEvalFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 14 file(s), 110 KB of source, external domains: api.apify.com, console.apify.com, prod.spline.design

Source & flagged code

6 flagged · loading source
skills/global_config/playwright-skill/lib/helpers.jsView file
208patternName = generic_password severity = medium line = 208 matchedText = password...rd',
Medium
Secret Pattern

Package contains a possible secret pattern.

skills/global_config/playwright-skill/lib/helpers.jsView on unpkg · L208
skills/global_config/playwright-skill/run.jsView file
12L13: const fs = require('fs'); L14: const path = require('path');
Medium
Dynamic Require

Package source references dynamic require/import behavior.

skills/global_config/playwright-skill/run.jsView on unpkg · L12
installer.shView file
path = installer.sh kind = build_helper sizeBytes = 3329 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

installer.shView on unpkg
skills/global_config/web-artifacts-builder/scripts/shadcn-components.tar.gzView file
path = skills/global_config/web-artifacts-builder/scripts/shadcn-components.tar.gz kind = high_entropy_blob sizeBytes = 19967 magicHex = [redacted]
High
Ships High Entropy Blob

Package ships high-entropy non-source blobs.

skills/global_config/web-artifacts-builder/scripts/shadcn-components.tar.gzView on unpkg
path = skills/global_config/web-artifacts-builder/scripts/shadcn-components.tar.gz kind = compressed_blob sizeBytes = 19967 magicHex = [redacted]
Medium
Ships Compressed Blob

Package ships compressed or archive-like blobs.

skills/global_config/web-artifacts-builder/scripts/shadcn-components.tar.gzView on unpkg
skills/global_legacy/playwright-skill/lib/helpers.jsView file
208patternName = generic_password severity = medium line = 208 matchedText = password...rd',
Medium
Secret Pattern

Hardcoded password in skills/global_legacy/playwright-skill/lib/helpers.js

skills/global_legacy/playwright-skill/lib/helpers.jsView on unpkg · L208

Findings

1 High8 Medium4 Low
HighShips High Entropy Blobskills/global_config/web-artifacts-builder/scripts/shadcn-components.tar.gz
MediumSecret Patternskills/global_config/playwright-skill/lib/helpers.js
MediumDynamic Requireskills/global_config/playwright-skill/run.js
MediumNetwork
MediumEnvironment Vars
MediumShips Build Helperinstaller.sh
MediumShips Compressed Blobskills/global_config/web-artifacts-builder/scripts/shadcn-components.tar.gz
MediumStructural Risk Force Deep Review
MediumSecret Patternskills/global_legacy/playwright-skill/lib/helpers.js
LowEval
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings