registry  /  @loredotlink/sdk  /  0.1.8

@loredotlink/sdk@0.1.8

Lore SDK — upload agent sessions to Lore from your own apps and plugins

Static Scan Results

scanned 6d ago · by rust-scanner

Static analysis flagged 13 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetwork
Supply chain
HighEntropyStringsMinifiedObfuscatedUrlStrings
Manifest
NoLicense
scanned 1 file(s), 609 KB of source, external domains: json-schema.org

Source & flagged code

4 flagged · loading source
dist/index.jsView file
65L66: Set the \`cycles\` parameter to \`"ref"\` to resolve cyclical schemas with defs.`)}for(let s of e.seen.entries()){let c=s[1];if(t===s[0]){o(s);continue}if(e.external){let d=e.exter... L67: `;let r=Object.entries(i).map(([o,s])=>`${o}=${Xz(s)}`).join(" ");return r?`${a} ${r}
High
Child Process

Package source references child process execution.

dist/index.jsView on unpkg · L65
65L66: Set the \`cycles\` parameter to \`"ref"\` to resolve cyclical schemas with defs.`)}for(let s of e.seen.entries()){let c=s[1];if(t===s[0]){o(s);continue}if(e.external){let d=e.exter... L67: `;let r=Object.entries(i).map(([o,s])=>`${o}=${Xz(s)}`).join(" ");return r?`${a} ${r}
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

dist/index.jsView on unpkg · L65
63L64: `)}h.write("payload.value = newResult;"),h.write("return payload;");let Kt=h.compile();return(ke,G)=>Kt(y,ke,G)},o,s=Et,c=!Pt.jitless,d=c&&ja.value,p=t.catchall,f;e._zod.parse=(y,h... L65: L66: Set the \`cycles\` parameter to \`"ref"\` to resolve cyclical schemas with defs.`)}for(let s of e.seen.entries()){let c=s[1];if(t===s[0]){o(s);continue}if(e.external){let d=e.exter... L67: `;let r=Object.entries(i).map(([o,s])=>`${o}=${Xz(s)}`).join(" ");return r?`${a} ${r} L68: `:`${a} L69: `}function ip(e,t,i){try{let a=ej(e,t,i);Qz(),Zh(qy(),a,Yz),Ze()==="dev"&&tj(a)}catch{}rj(e,t,i)}function tj(e){if(!Jy)try{Ky.writeSync(process.stderr.fd,e)}catch{Jy=!0}}function r... L70: `);for(let r=0;r<a.length;r+=1){let o=a[r]?.trim();if(!o)continue;let s;try{s=JSON.parse(o)}catch(c){Wy({historyPath:t,lineNumber:r+1,line:o,reason:"unparseable_json",error:c});con...
High
Command Output Exfiltration

Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.

dist/index.jsView on unpkg · L63
1import { createRequire } from 'node:module';const require = createRequire(import.meta.url); L2: var D_=Object.defineProperty;var Ae=(e,t)=>{for(var i in t)D_(e,i,{get:t[i],enumerable:!0})};var Wt="team_credit_2026_06";var la=Object.freeze({[Wt]:{planVersion:Wt,grantPerSeatMil... L3: `)}var sr=e=>(t,i,a,r)=>{let o=a?{...a,async:!1}:{async:!1},s=t._zod.run({value:i,issues:[]},o);if(s instanceof Promise)throw new ze;if(s.issues.length){let c=new(r?.Err??e)(s.issu... ... L65: L66: Set the \`cycles\` parameter to \`"ref"\` to resolve cyclical schemas with defs.`)}for(let s of e.seen.entries()){let c=s[1];if(t===s[0]){o(s);continue}if(e.external){let d=e.exter... L67: `;let r=Object.entries(i).map(([o,s])=>`${o}=${Xz(s)}`).join(" ");return r?`${a} ${r} L68: `:`${a} L69: `}function ip(e,t,i){try{let a=ej(e,t,i);Qz(),Zh(qy(),a,Yz),Ze()==="dev"&&tj(a)}catch{}rj(e,t,i)}function tj(e){if(!Jy)try{Ky.writeSync(process.stderr.fd,e)}catch{Jy=!0}}function r... L70: `);for(let r=0;r<a.length;r+=1){let o=a[r]?.trim();if(!o)continue;let s;try{s=JSON.parse(o)}catch(c){Wy({historyPath:t,lineNumber:r+1,line:o,reason:"unparseable_json",error:c});con... L71: `)){let a=i.trim();if(!a||a.startsWith("
Low
Weak Crypto

Package source references weak cryptographic algorithms.

dist/index.jsView on unpkg · L1

Findings

3 High3 Medium7 Low
HighChild Processdist/index.js
HighSame File Env Network Executiondist/index.js
HighCommand Output Exfiltrationdist/index.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowWeak Cryptodist/index.js
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings
LowNo License