registry  /  @intrect/openswarm  /  0.17.2

@intrect/openswarm@0.17.2

⚠ Under review

Autonomous AI agent orchestrator — Claude, GPT, Codex, and local models (Ollama/LMStudio/llama.cpp)

Static Scan Results

scanned 3d ago · by rust-scanner

Static analysis flagged 9 finding(s) at 93.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
No blocking static signals were detected.; previous stored version diff introduced dangerous source

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsEvalFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 216 file(s), 2.01 MB of source, external domains: 127.0.0.1, api.cryptoquant.com, api.linear.app, api.openai.com, api.search.brave.com, api.tavily.com, api.telegram.org, auth.openai.com, chatgpt.com, github.com, html.duckduckgo.com, linear.app, mcp.linear.app, openrouter.ai, registry.npmjs.org, telemetry.intrect.io

Source & flagged code

3 flagged · loading source
dist/registry/bsDetector.jsView file
118category: 'security', L119: message: 'eval() 사용 — 코드 인젝션 위험', L120: pattern: /\beval\s*\(/,
Low
Eval

Package source references a known benign dynamic code generation pattern.

dist/registry/bsDetector.jsView on unpkg · L118
dist/cli/doctorHandler.jsView file
50try { L51: await import(mod); L52: line('ok', `native: ${mod}`, 'loads');
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/cli/doctorHandler.jsView on unpkg · L50
dist/adapters/tools.jsView file
matchType = previous_version_dangerous_delta matchedPackage = @intrect/openswarm@0.11.0 matchedIdentity = npm:QGludHJlY3Qvb3BlbnN3YXJt:0.11.0 similarity = 0.467 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version.

dist/adapters/tools.jsView on unpkg

Findings

1 Critical3 Medium5 Low
CriticalPrevious Version Dangerous Deltadist/adapters/tools.js
MediumDynamic Requiredist/cli/doctorHandler.js
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowEvaldist/registry/bsDetector.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings