registry  /  @madarco/agentbox  /  0.21.0

@madarco/agentbox@0.21.0

Launch Claude Code, Codex, and other coding agents in isolated sandboxes

Static Scan Results

scanned 11d ago · by rust-scanner

Static analysis flagged 16 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 27 file(s), 5.68 MB of source, external domains: 127.0.0.1, api.hetzner.cloud, api.ipify.org, api.vercel.com, app.daytona.io, cli.github.com, console.hetzner.cloud, developers.notion.com, docs.docker.com, e2b.dev, github.com, herdr.dev, host.docker.internal, icanhazip.com, ifconfig.io, vercel.com

Source & flagged code

9 flagged · loading source
dist/chunk-IXQTUXWV.jsView file
30} from "@daytonaio/sdk"; L31: import { spawnSync } from "child_process"; L32: import {
High
Child Process

Package source references child process execution.

dist/chunk-IXQTUXWV.jsView on unpkg · L30
dist/chunk-QKL7PCXQ.jsView file
68import { dirname as dirname2, join } from "path"; L69: import { execa } from "execa"; L70: import { mkdir as mkdir2, readFile, readdir, rm as rm2, writeFile as writeFile3 } from "fs/promises";
High
Shell

Package source references shell execution.

dist/chunk-QKL7PCXQ.jsView on unpkg · L68
runtime/docker/packages/ctl/dist/bin.cjsView file
11}; L12: var __commonJS = (cb, mod) => function __require() { L13: return mod || (0, cb[__getOwnPropNames(cb)[0]])((mod = { exports: {} }).exports, mod), mod.exports;
Medium
Dynamic Require

Package source references dynamic require/import behavior.

runtime/docker/packages/ctl/dist/bin.cjsView on unpkg · L11
dist/chunk-YZVFGFYQ.jsView file
33Cross-file remote execution chain: dist/chunk-YZVFGFYQ.js spawns dist/index.js; helper contains network access plus dynamic code execution. L33: import { homedir as homedir12 } from "os"; L34: import { basename as basename6, join as join13, resolve as resolve4 } from "path"; L35: import { execa as execa16 } from "execa"; L36: ... L51: String(r.restarts), L52: r.lastExitCode === null ? "-" : String(r.lastExitCode), L53: r.blockedOn.length === 0 ? "-" : r.blockedOn.join(","), ... L1646: } L1647: var STATE_DIR2 = join(homedir(), ".agentbox"); L1648: var GLOBAL_CONFIG_FILE = join(STATE_DIR2, "config.yaml"); ... L1771: function mergeLayers(input) { L1772: const effective = JSON.parse(JSON.stringify(BUILT_IN_DEFAULTS));
High
Cross File Remote Execution Context

Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.

dist/chunk-YZVFGFYQ.jsView on unpkg · L33
33import { homedir as homedir12 } from "os"; L34: import { basename as basename6, join as join13, resolve as resolve4 } from "path"; L35: import { execa as execa16 } from "execa"; L36: ... L51: String(r.restarts), L52: r.lastExitCode === null ? "-" : String(r.lastExitCode), L53: r.blockedOn.length === 0 ? "-" : r.blockedOn.join(","), ... L1646: } L1647: var STATE_DIR2 = join(homedir(), ".agentbox"); L1648: var GLOBAL_CONFIG_FILE = join(STATE_DIR2, "config.yaml"); ... L1771: function mergeLayers(input) { L1772: const effective = JSON.parse(JSON.stringify(BUILT_IN_DEFAULTS));
Medium
Install Persistence

Source writes installer persistence such as shell profile or service configuration.

dist/chunk-YZVFGFYQ.jsView on unpkg · L33
33import { homedir as homedir12 } from "os"; L34: import { basename as basename6, join as join13, resolve as resolve4 } from "path"; L35: import { execa as execa16 } from "execa"; L36: ... L51: String(r.restarts), L52: r.lastExitCode === null ? "-" : String(r.lastExitCode), L53: r.blockedOn.length === 0 ? "-" : r.blockedOn.join(","), ... L1646: } L1647: var STATE_DIR2 = join(homedir(), ".agentbox"); L1648: var GLOBAL_CONFIG_FILE = join(STATE_DIR2, "config.yaml"); ... L1771: function mergeLayers(input) { L1772: const effective = JSON.parse(JSON.stringify(BUILT_IN_DEFAULTS));
Low
Weak Crypto

Package source references weak cryptographic algorithms.

dist/chunk-YZVFGFYQ.jsView on unpkg · L33
dist/chunk-PX7G4PSI.jsView file
233// src/terminal/host.ts L234: import { spawn } from "child_process"; L235: L236: // src/terminal/herdr-socket.ts L237: import net from "net"; L238: function herdrSocketPath(env = process.env) { L239: const sock = env["HERDR_SOCKET_PATH"];
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

dist/chunk-PX7G4PSI.jsView on unpkg · L233
dist/chunk-KTEDFUKM.jsView file
106try { L107: const r = await execa(bin, ["--version"], { reject: false }); L108: if (r.exitCode === 0) { ... L121: function installSbxHint() { L122: return "npm install -g sandbox"; L123: }
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

dist/chunk-KTEDFUKM.jsView on unpkg · L106
runtime/vercel/scripts/provision.shView file
path = [redacted].sh kind = build_helper sizeBytes = 20752 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

runtime/vercel/scripts/provision.shView on unpkg

Findings

5 High6 Medium5 Low
HighChild Processdist/chunk-IXQTUXWV.js
HighShelldist/chunk-QKL7PCXQ.js
HighSame File Env Network Executiondist/chunk-PX7G4PSI.js
HighCross File Remote Execution Contextdist/chunk-YZVFGFYQ.js
HighRuntime Package Installdist/chunk-KTEDFUKM.js
MediumDynamic Requireruntime/docker/packages/ctl/dist/bin.cjs
MediumNetwork
MediumEnvironment Vars
MediumInstall Persistencedist/chunk-YZVFGFYQ.js
MediumShips Build Helperruntime/vercel/scripts/provision.sh
MediumStructural Risk Force Deep Review
LowScripts Present
LowWeak Cryptodist/chunk-YZVFGFYQ.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings