registry  /  @loredotlink/sdk  /  0.1.16

@loredotlink/sdk@0.1.16

Lore SDK — upload agent sessions to Lore from your own apps and plugins

Static Scan Results

scanned 2h ago · by rust-scanner

Static analysis flagged 13 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetwork
Supply chain
HighEntropyStringsMinifiedObfuscatedUrlStrings
Manifest
NoLicense
scanned 1 file(s), 647 KB of source, external domains: json-schema.org

Source & flagged code

4 flagged · loading source
dist/index.jsView file
65L66: Set the \`cycles\` parameter to \`"ref"\` to resolve cyclical schemas with defs.`)}for(let s of e.seen.entries()){let c=s[1];if(r===s[0]){o(s);continue}if(e.external){let d=e.exter... L67: `;let n=Object.entries(i).map(([o,s])=>`${o}=${IR(s)}`).join(" ");return n?`${a} ${n}
High
Child Process

Package source references child process execution.

dist/index.jsView on unpkg · L65
65L66: Set the \`cycles\` parameter to \`"ref"\` to resolve cyclical schemas with defs.`)}for(let s of e.seen.entries()){let c=s[1];if(r===s[0]){o(s);continue}if(e.external){let d=e.exter... L67: `;let n=Object.entries(i).map(([o,s])=>`${o}=${IR(s)}`).join(" ");return n?`${a} ${n}
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

dist/index.jsView on unpkg · L65
63L64: `)}g.write("payload.value = newResult;"),g.write("return payload;");let Yt=g.compile();return(Te,V)=>Yt(y,Te,V)},o,s=Ot,c=!At.jitless,d=c&&Na.value,p=r.catchall,f;e._zod.parse=(y,g... L65: L66: Set the \`cycles\` parameter to \`"ref"\` to resolve cyclical schemas with defs.`)}for(let s of e.seen.entries()){let c=s[1];if(r===s[0]){o(s);continue}if(e.external){let d=e.exter... L67: `;let n=Object.entries(i).map(([o,s])=>`${o}=${IR(s)}`).join(" ");return n?`${a} ${n} L68: `:`${a} L69: `}function vp(e,r,i){try{let a=zR(e,r,i);$R(),gy(v_(),a,TR),Be()==="dev"&&jR(a)}catch{}PR(e,r,i)}function jR(e){if(!k_)try{S_.writeSync(process.stderr.fd,e)}catch{k_=!0}}function P... L70: `);for(let n=0;n<a.length;n+=1){let o=a[n]?.trim();if(!o)continue;let s;try{s=JSON.parse(o)}catch(c){w_({historyPath:r,lineNumber:n+1,line:o,reason:"unparseable_json",error:c});con...
High
Command Output Exfiltration

Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.

dist/index.jsView on unpkg · L63
1import { createRequire } from 'node:module';const require = createRequire(import.meta.url); L2: var pb=Object.defineProperty;var Ce=(e,r)=>{for(var i in r)pb(e,i,{get:r[i],enumerable:!0})};var Qt="team_credit_2026_06";var _a=Object.freeze({[Qt]:{planVersion:Qt,grantPerSeatMil... L3: `)}var dr=e=>(r,i,a,n)=>{let o=a?{...a,async:!1}:{async:!1},s=r._zod.run({value:i,issues:[]},o);if(s instanceof Promise)throw new Ee;if(s.issues.length){let c=new(n?.Err??e)(s.issu... ... L65: L66: Set the \`cycles\` parameter to \`"ref"\` to resolve cyclical schemas with defs.`)}for(let s of e.seen.entries()){let c=s[1];if(r===s[0]){o(s);continue}if(e.external){let d=e.exter... L67: `;let n=Object.entries(i).map(([o,s])=>`${o}=${IR(s)}`).join(" ");return n?`${a} ${n} L68: `:`${a} L69: `}function vp(e,r,i){try{let a=zR(e,r,i);$R(),gy(v_(),a,TR),Be()==="dev"&&jR(a)}catch{}PR(e,r,i)}function jR(e){if(!k_)try{S_.writeSync(process.stderr.fd,e)}catch{k_=!0}}function P... L70: `);for(let n=0;n<a.length;n+=1){let o=a[n]?.trim();if(!o)continue;let s;try{s=JSON.parse(o)}catch(c){w_({historyPath:r,lineNumber:n+1,line:o,reason:"unparseable_json",error:c});con... L71: `)){let a=i.trim();if(!a||a.startsWith("
Low
Weak Crypto

Package source references weak cryptographic algorithms.

dist/index.jsView on unpkg · L1

Findings

3 High3 Medium7 Low
HighChild Processdist/index.js
HighSame File Env Network Executiondist/index.js
HighCommand Output Exfiltrationdist/index.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowWeak Cryptodist/index.js
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings
LowNo License