registry  /  @hybridlabor-api/bdb-antigravity-skills  /  1.1.5

@hybridlabor-api/bdb-antigravity-skills@1.1.5

Optimized Antigravity skills and MCP pack for BDB DEV

Static Scan Results

scanned 14h ago · by rust-scanner

Static analysis flagged 13 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsEvalFilesystemNetworkShellWebSocket
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 20 file(s), 127 KB of source, external domains: api.apify.com, console.apify.com, prod.spline.design

Source & flagged code

6 flagged · loading source
skills/global_config/playwright-skill/lib/helpers.jsView file
208patternName = generic_password severity = medium line = 208 matchedText = password...rd',
Medium
Secret Pattern

Package contains a possible secret pattern.

skills/global_config/playwright-skill/lib/helpers.jsView on unpkg · L208
mcps/adobe_uxp_mcp/plugins/photoshop/index.jsView file
1const { app, core } = require("photoshop"); L2:
Medium
Dynamic Require

Package source references dynamic require/import behavior.

mcps/adobe_uxp_mcp/plugins/photoshop/index.jsView on unpkg · L1
mcps/bdb_davinci_mcp/bdb_davinci_mcp/__init__.pyView file
path = mcps/bdb_davinci_mcp/bdb_davinci_mcp/__init__.py kind = build_helper sizeBytes = 0
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

mcps/bdb_davinci_mcp/bdb_davinci_mcp/__init__.pyView on unpkg
skills/global_config/web-artifacts-builder/scripts/shadcn-components.tar.gzView file
path = skills/global_config/web-artifacts-builder/scripts/shadcn-components.tar.gz kind = high_entropy_blob sizeBytes = 19967 magicHex = [redacted]
High
Ships High Entropy Blob

Package ships high-entropy non-source blobs.

skills/global_config/web-artifacts-builder/scripts/shadcn-components.tar.gzView on unpkg
path = skills/global_config/web-artifacts-builder/scripts/shadcn-components.tar.gz kind = compressed_blob sizeBytes = 19967 magicHex = [redacted]
Medium
Ships Compressed Blob

Package ships compressed or archive-like blobs.

skills/global_config/web-artifacts-builder/scripts/shadcn-components.tar.gzView on unpkg
skills/global_legacy/playwright-skill/lib/helpers.jsView file
208patternName = generic_password severity = medium line = 208 matchedText = password...rd',
Medium
Secret Pattern

Hardcoded password in skills/global_legacy/playwright-skill/lib/helpers.js

skills/global_legacy/playwright-skill/lib/helpers.jsView on unpkg · L208

Findings

1 High8 Medium4 Low
HighShips High Entropy Blobskills/global_config/web-artifacts-builder/scripts/shadcn-components.tar.gz
MediumSecret Patternskills/global_config/playwright-skill/lib/helpers.js
MediumDynamic Requiremcps/adobe_uxp_mcp/plugins/photoshop/index.js
MediumNetwork
MediumEnvironment Vars
MediumShips Build Helpermcps/bdb_davinci_mcp/bdb_davinci_mcp/__init__.py
MediumShips Compressed Blobskills/global_config/web-artifacts-builder/scripts/shadcn-components.tar.gz
MediumStructural Risk Force Deep Review
MediumSecret Patternskills/global_legacy/playwright-skill/lib/helpers.js
LowEval
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings