registry  /  @kunworlds/novel-cli  /  0.1.0

@kunworlds/novel-cli@0.1.0

Agent-first diagnostics CLI for the Jujing Novel creation system

Static Scan Results

scanned 3h ago · by rust-scanner

Static analysis flagged 8 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemShell
Supply chain
HighEntropyStringsUrlStrings
Manifest
NoLicense
scanned 1 file(s), 40.4 KB of source, external domains: novel.kunworlds.com

Source & flagged code

1 flagged · loading source
dist/index.jsView file
11import { mkdir, readFile, rename, writeFile } from "fs/promises"; L12: import { execFile } from "child_process"; L13: import { homedir } from "os"; ... L17: var KEYCHAIN_SERVICE = "jujing-novel-cli"; L18: var DEFAULT_API_ORIGIN = "https://novel.kunworlds.com"; L19: function resolveApiOrigin(options) { ... L23: var defaultConfig = { schema_version: 1, profiles: {} }; L24: function profileConfigPath(environment = process.env) { L25: if (process.platform === "win32") return join(environment.APPDATA || join(homedir(), "AppData", "Roaming"), "jujing-novel", "config.json"); L26: if (process.platform === "darwin") return join(homedir(), "Library", "Application Support", "jujing-novel", "config.json"); ... L30: try { L31: const value = JSON.parse(await readFile(configPath, "utf8"));
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

dist/index.jsView on unpkg · L11

Findings

1 High2 Medium5 Low
HighSandbox Evasion Gated Capabilitydist/index.js
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License