registry  /  @inorainllc/wellyon  /  0.2.0

@inorainllc/wellyon@0.2.0

Wellyon server monitoring agent — streams host metrics and database statistics to your Wellyon server widget. DB credentials never leave your server.

Static Scan Results

scanned 2h ago · by rust-scanner

Static analysis flagged 7 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemNetwork
Supply chain
UrlStrings
ManifestNo manifest risk signals triggered.
scanned 13 file(s), 69.7 KB of source, external domains: api.wellyon.ai

Source & flagged code

1 flagged · loading source
dist/cli.jsView file
34async function init() { L35: const rl = readline_1.default.createInterface({ input: process.stdin, output: process.stdout }); L36: console.log(`\nWellyon server agent setup\n${'-'.repeat(30)}`); L37: const endpoint = await ask(rl, 'Wellyon API endpoint', process.env.WELLYON_ENDPOINT || 'https://api.wellyon.ai'); L38: const pairingToken = await ask(rl, 'Pairing token (from the dashboard, starts with wsa_)', process.env.WELLYON_PAIRING_TOKEN || ''); L39: const serverName = await ask(rl, 'Server name', os_1.default.hostname()); L40: const databases = [];
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

dist/cli.jsView on unpkg · L34

Findings

1 High2 Medium4 Low
HighSandbox Evasion Gated Capabilitydist/cli.js
MediumNetwork
MediumEnvironment Vars
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowUrl Strings