registry  /  @hydra-acp/cli  /  0.1.97

@hydra-acp/cli@0.1.97

Multi-client ACP session daemon: spawn agents, attach over WSS, multiplex sessions across editors.

Static Scan Results

scanned 6d ago · by rust-scanner

Static analysis flagged 18 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessDynamicRequireEnvironmentVarsFilesystemNetwork
Supply chain
HighEntropyStringsMinifiedObfuscatedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 2 file(s), 1022 KB of source, external domains: 127.0.0.1, cdn.agentclientprotocol.com

Source & flagged code

9 flagged · loading source
dist/cli.jsView file
188package = @hydra-acp/cli; repositoryIdentity = hydra-acp; dependency = update-notifier L188: `),i({exitCode:-1})}})}function $C(t){if(typeof t!="object"||t===null)return!1;let e=t;return e.kind==="terminal"&&typeof e.command=="string"&&Array.isArray(e.args)}async function ... L189: `)}}});function uw(t,e){let n=t&&typeof t=="object"?t.options:void 0;if(Array.isArray(n)){for(let i of e){let o=n.find(a=>typeof a=="object"&&a!==null&&a.kind===i&&typeof a.optionI... L190: `).length;if(this.collapsePastes&&n>10){let s=this.nextPasteId++;this.pastes.set(s,e.text),this.insertText(JR(s,n))}else this.insertText(e.text);return[]}return e.type==="attachmen...
High
Copied Package Dependency Bridge

Package metadata claims a different repository identity while copied source loads a runtime dependency bridge.

dist/cli.jsView on unpkg · L188
1Cross-file remote execution chain: dist/cli.js spawns dist/index.js; helper contains network access plus dynamic code execution. L1: #!/usr/bin/env node L2: var hv=Object.defineProperty;var J=(t,e)=>()=>(t&&(e=t(t=0)),e);var Zc=(t,e)=>{for(var n in e)hv(t,n,{get:e[n],enumerable:!0})};import*as we from"path";import*as tl from"os";functi... L3: `,{encoding:"utf8",mode:384})}async function Ro(){let t=await fi();if(t)return t;let e=ui();return await pi(e),process.stderr.write(`hydra-acp: initialized ${_.authToken()} with a ... L4: `),e}var ps=J(()=>{"use strict";he()});import*as Ct from"fs/promises";import*as pp from"fs";import*as En from"path";import{randomBytes as Sv}from"crypto";async function Xt(t,e,n={}... L5: `;await kv(t,r,n)}async function kv(t,e,n={}){let s=await Iv(t),r=xv(s);await Ct.mkdir(r,{recursive:!0});let i=`${s}.tmp-${process.pid}-${Av()}`;try{let o={encoding:"utf8"};n.mode!... L6: `)}async function be(){return await Ua(),sl.parse(await Ha())}async function hs(t){await Ua();let e=await Ha();t(e),sl.parse(e),await Xt(_.config(),e,{mode:384})}async function To(... L7: `),o(),e(i);return}if(l===3){o(),n(new Error("password entry cancelled"));return}if(l===127||l===8){i=…
High
Cross File Remote Execution Context

Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.

dist/cli.jsView on unpkg · L1
427patternName = generic_password severity = medium line = 427 matchedText = `),proce...ord.
Medium
Secret Pattern

Package contains a possible secret pattern.

dist/cli.jsView on unpkg · L427
428patternName = generic_password severity = medium line = 428 matchedText = `),proce...pty.
Medium
Secret Pattern

Hardcoded password in dist/cli.js

dist/cli.jsView on unpkg · L428
429patternName = generic_password severity = medium line = 429 matchedText = `),proce...tch.
Medium
Secret Pattern

Hardcoded password in dist/cli.js

dist/cli.jsView on unpkg · L429
dist/index.jsView file
4`;await _i(n,r,t)}async function _i(n,e,t={}){let s=await $i(n),r=Fi(s);await Q.mkdir(r,{recursive:!0});let o=`${s}.tmp-${process.pid}-${Oi()}`;try{let i={encoding:"utf8"};t.mode!=... L5: `)}async function Us(){return await Ji(),Os.parse(await js())}async function Wi(n){await ae(I.config(),n,{mode:384})}function Qi(){return Os.parse({})}function Y(n){return n==="~"|... L6: `)};function An(n){Fe=n??(e=>process.stderr.write(e+`
High
Child Process

Package source references child process execution.

dist/index.jsView on unpkg · L4
1import*as Si from"fs";import*as nt from"fs/promises";import*as ki from"net";import*as Ai from"tls";import Vu from"fastify";import Ku from"@fastify/websocket";var Rs="acp.v1";functi... L2: `,{encoding:"utf8",mode:384})}async function Pi(){let n=await Ps();if(n)return n;let e=Rt();return await yn(e),process.stderr.write(`hydra-acp: initialized ${I.authToken()} with a ... ... L4: `;await _i(n,r,t)}async function _i(n,e,t={}){let s=await $i(n),r=Fi(s);await Q.mkdir(r,{recursive:!0});let o=`${s}.tmp-${process.pid}-${Oi()}`;try{let i={encoding:"utf8"};t.mode!=... L5: `)}async function Us(){return await Ji(),Os.parse(await js())}async function Wi(n){await ae(I.config(),n,{mode:384})}function Qi(){return Os.parse({})}function Y(n){return n==="~"|... L6: `)};function An(n){Fe=n??(e=>process.stderr.write(e+`
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

dist/index.jsView on unpkg · L1
1import*as Si from"fs";import*as nt from"fs/promises";import*as ki from"net";import*as Ai from"tls";import Vu from"fastify";import Ku from"@fastify/websocket";var Rs="acp.v1";functi... L2: `,{encoding:"utf8",mode:384})}async function Pi(){let n=await Ps();if(n)return n;let e=Rt();return await yn(e),process.stderr.write(`hydra-acp: initialized ${I.authToken()} with a ... L3: `),e}import*as Q from"fs/promises";import*as Ts from"fs";import*as ie from"path";import{randomBytes as Ti}from"crypto";async function ae(n,e,t={}){let r=(t.pretty??!0?JSON.stringif... L4: `;await _i(n,r,t)}async function _i(n,e,t={}){let s=await $i(n),r=Fi(s);await Q.mkdir(r,{recursive:!0});let o=`${s}.tmp-${process.pid}-${Oi()}`;try{let i={encoding:"utf8"};t.mode!=... L5: `)}async function Us(){return await Ji(),Os.parse(await js())}async function Wi(n){await ae(I.config(),n,{mode:384})}function Qi(){return Os.parse({})}function Y(n){return n==="~"|... L6: `)};function An(n){Fe=n??(e=>process.stderr.write(e+`
High
Command Output Exfiltration

Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.

dist/index.jsView on unpkg · L1
73`)),{stopReason:"end_turn"}}runUncompactCommand(){return this.enqueuePrompt(()=>this.runUncompactCommandInline())}async runUncompactCommandInline(){if(!this.uncompactHook)return th... L74: `)}async seedFromImport(){await this.enqueuePrompt(async()=>{let e=await this.buildSwitchTranscript(this.agentId,{intro:"You are continuing a conversation that was imported from an... L75: `)&&t.startsWith("/")?t.split(/\s+/)[0]:"";if(s==="/model"||s==="/mode"||s==="/sessions"||s==="/help"||s==="/hydra"||s==="/compact"){let o;if(s==="/sessions")o=await this.handleSes...
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/index.jsView on unpkg · L73

Findings

5 High7 Medium6 Low
HighChild Processdist/index.js
HighSame File Env Network Executiondist/index.js
HighCommand Output Exfiltrationdist/index.js
HighCopied Package Dependency Bridgedist/cli.js
HighCross File Remote Execution Contextdist/cli.js
MediumSecret Patterndist/cli.js
MediumDynamic Requiredist/index.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
MediumSecret Patterndist/cli.js
MediumSecret Patterndist/cli.js
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings