registry  /  @lawrencehui/citio  /  0.3.0

@lawrencehui/citio@0.3.0

Self-hosted AI coding agents that live in Slack — run Claude Code or Codex in your own infra, ship PRs, and keep every credential behind a controlled MCP tool layer.

Static Scan Results

scanned 2h ago · by rust-scanner

Static analysis flagged 13 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 19 file(s), 200 KB of source, external domains: api.github.com, api.slack.com, auth.openai.com, awscli.amazonaws.com, example.com, get.docker.com, git-scm.com, github.com, slack.com, www.docker.com

Source & flagged code

4 flagged · loading source
dist/core/agent-runner.jsView file
1import { spawn } from "child_process"; L2: import { writeFileSync, mkdirSync, existsSync } from "fs";
High
Child Process

Package source references child process execution.

dist/core/agent-runner.jsView on unpkg · L1
dist/index.jsView file
51hasAuthFile: fs.existsSync(authPath), L52: hasApiKey: Boolean(process.env.OPENAI_API_KEY), L53: })); ... L64: console.log(JSON.stringify({ type: "token_refresh", status: "refreshing" })); L65: const { execSync: ex } = await import("child_process"); L66: const resp = ex(`curl -s -X POST "https://auth.openai.com/oauth/token" -H "Content-Type: application/json" -d '{"grant_type":"refresh_token","refresh_token":"${refreshToken}","clie... L67: const fresh = JSON.parse(resp);
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

dist/index.jsView on unpkg · L51
dist/cli/init.jsView file
3import pc from "picocolors"; L4: import { execSync, execFileSync } from "child_process"; L5: import { writeFileSync, readFileSync, existsSync, chmodSync, unlinkSync } from "fs"; ... L57: docker: "docker — runs the container build\n" + L58: " macOS/Windows: install Docker Desktop → https://www.docker.com/products/docker-desktop/\n" + L59: " Linux: curl -fsSL https://get.docker.com | sh\n" + ... L105: }); L106: const identity = JSON.parse(identityJson); L107: p.log.success(`AWS credentials verified — deploying to account ${identity.Account}` + ... L140: void homeDir; L141: if (process.env.CLAUDE_CODE_OAUTH_TOKEN) { L142: if (validateClaudeOauthToken(process.env.CLAUDE_CODE_OAUTH_TOKEN)) {
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

dist/cli/init.jsView on unpkg · L3
dist/core/skills.jsView file
1import { execSync } from "child_process"; L2: import { cpSync, existsSync, mkdirSync, mkdtempSync, rmSync } from "fs"; ... L5: // Curated for Citio's job (investigate bugs, read logs, fix code, open PRs). L6: // Every install command below is verified working with `npx skills add`. L7: export const SKILL_REGISTRY = {
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

dist/core/skills.jsView on unpkg · L1

Findings

5 High3 Medium5 Low
HighChild Processdist/core/agent-runner.js
HighShell
HighSame File Env Network Executiondist/index.js
HighSandbox Evasion Gated Capabilitydist/cli/init.js
HighRuntime Package Installdist/core/skills.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings