registry  /  @itonskie/argus  /  0.1.2

@itonskie/argus@0.1.2

Keyboard-first TUI for inspecting and exercising MCP servers over stdio.

Static Scan Results

scanned 12h ago · by rust-scanner

Static analysis flagged 12 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessEnvironmentVarsEvalFilesystemNetwork
Supply chain
HighEntropyStringsMinifiedObfuscatedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 2 file(s), 962 KB of source, external domains: github.com, json-schema.org, raw.githubusercontent.com, react.dev

Source & flagged code

4 flagged · loading source
dist/argus.jsView file
11`)s&&(r+=zv("")),r+=gH(a);else if(E===` L12: `){let B=[...a];pH(d.slice(m+1),B),r+=mH(B),s&&(r+=zv(s))}m+=E.length}return r}});import Gs from"process";import{execFileSync as BH}from"child_process";import qc from"fs";import yH... L13: at`)?" (<anonymous>)":-1<A.stack.indexOf("@")?"@unknown:0:0":""}return`
High
Child Process

Package source references child process execution.

dist/argus.jsView on unpkg · L11
11`)s&&(r+=zv("")),r+=gH(a);else if(E===` L12: `){let B=[...a];pH(d.slice(m+1),B),r+=mH(B),s&&(r+=zv(s))}m+=E.length}return r}});import Gs from"process";import{execFileSync as BH}from"child_process";import qc from"fs";import yH... L13: at`)?" (<anonymous>)":-1<A.stack.indexOf("@")?"@unknown:0:0":""}return` ... L24: `))t=Math.max(t,Cn(n));return t}var Xh=b(()=>{"use strict";Zc()});var Cx,vH,eE,Bx=b(()=>{"use strict";Xh();Cx=new Map,vH=e=>{if(e.length===0)return{width:0,height:0};let t=Cx.get(e... L25: `).length,s={width:n,height:r};return Cx.set(e,s),s},eE=vH});function cA(e){return Number.isInteger(e)?Hc(e)||Pc(e):!1}var tE=b(()=>{"use strict";zh()});function eP(e){return e>=TH... L26: `).join(`\r
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

dist/argus.jsView on unpkg · L11
3const require = __createRequire(import.meta.url); L4: var DG=Object.create;var Ah=Object.defineProperty;var RG=Object.getOwnPropertyDescriptor;var NG=Object.getOwnPropertyNames;var kG=Object.getPrototypeOf,TG=Object.prototype.hasOwnPr... L5: `+w.replace(/^Error(:[^\n]*)?\n/,""))});return v.prototype=Object.create(y.prototype),v.prototype.constructor=v,v.prototype.toString=function(){return this.message===void 0?this.na... ... L11: `)s&&(r+=zv("")),r+=gH(a);else if(E===` L12: `){let B=[...a];pH(d.slice(m+1),B),r+=mH(B),s&&(r+=zv(s))}m+=E.length}return r}});import Gs from"process";import{execFileSync as BH}from"child_process";import qc from"fs";import yH... L13: at`)?" (<anonymous>)":-1<A.stack.indexOf("@")?"@unknown:0:0":""}return`
High
Command Output Exfiltration

Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.

dist/argus.jsView on unpkg · L3
dist/test-server-fixture.jsView file
7|| (${i} === "string" && ${n} && ${n} == +${n} && !(${n} % 1))`).assign(a,(0,I._)`+${n}`);return;case"boolean":o.elseIf((0,I._)`${n} === "false" || ${n} === 0 || ${n} === null`).as... L8: || ${i} === "boolean" || ${n} === null`).assign(a,(0,I._)`[${n}]`)}}}function Ev({gen:t,parentData:e,parentDataProperty:r},o){t.if((0,I._)`${e} !== undefined`,()=>t.assign((0,I._)`... L9: missingProperty: ${o},
Low
Eval

Package source references a known benign dynamic code generation pattern.

dist/test-server-fixture.jsView on unpkg · L7

Findings

3 High3 Medium6 Low
HighChild Processdist/argus.js
HighSame File Env Network Executiondist/argus.js
HighCommand Output Exfiltrationdist/argus.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowEvaldist/test-server-fixture.js
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings