Matilda Code - AI-powered coding assistant
Static analysis flagged 28 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Package contains a critical-looking secret pattern.
chunks/tree-sitter-bash-5CI7UGKF.jsView on unpkg · L3AWS access key ID in chunks/tree-sitter-bash-5CI7UGKF.js
chunks/tree-sitter-bash-5CI7UGKF.jsView on unpkg · L3Package source references child process execution.
chunks/computer-use-TBIPMY4B.jsView on unpkg · L89Package source references a known benign dynamic code generation pattern.
chunks/serve-2QNRXUS5.jsView on unpkg · L6Package source references dynamic require/import behavior.
chunks/chunk-WBVIRD3S.jsView on unpkg · L6Package source executes code through a VM context API.
chunks/workflow-PQ4HORSJ.jsView on unpkg · L4Package source references weak cryptographic algorithms.
chunks/dist-N66KF4KX.jsView on unpkg · L2A single source file combines environment access, network access, and code or shell execution; review context before blocking.
chunks/chunk-DY6PIAAY.jsView on unpkg · L7Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.
chunks/chunk-DY6PIAAY.jsView on unpkg · L39Source reaches cloud instance metadata or link-local credential endpoints.
chunks/chunk-4J6DC24J.jsView on unpkg · L2Source exposes local file and command tools to a remote model endpoint.
chunks/chunk-HCPW2R5P.jsView on unpkg · L17Package contains source files above the static scanner size ceiling.
chunks/chunk-RZLFMGMX.jsView on unpkgPackage contains an oversized executable-looking CLI entrypoint.
cli.jsView on unpkgSource spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
chunks/chunk-DY6PIAAY.jsView on unpkg · L2Source writes installer persistence such as shell profile or service configuration.
chunks/chunk-DY6PIAAY.jsView on unpkg · L2Package contains a critical-looking secret pattern.
chunks/tree-sitter-bash-5CI7UGKF.jsView on unpkg · L3AWS access key ID in chunks/tree-sitter-bash-5CI7UGKF.js
chunks/tree-sitter-bash-5CI7UGKF.jsView on unpkg · L3Package source references child process execution.
chunks/computer-use-TBIPMY4B.jsView on unpkg · L89Package source references a known benign dynamic code generation pattern.
chunks/serve-2QNRXUS5.jsView on unpkg · L6A single source file combines environment access, network access, and code or shell execution; review context before blocking.
chunks/chunk-DY6PIAAY.jsView on unpkg · L7Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.
chunks/chunk-DY6PIAAY.jsView on unpkg · L39Source reaches cloud instance metadata or link-local credential endpoints.
chunks/chunk-4J6DC24J.jsView on unpkg · L2Source exposes local file and command tools to a remote model endpoint.
chunks/chunk-HCPW2R5P.jsView on unpkg · L17Package contains source files above the static scanner size ceiling.
chunks/chunk-RZLFMGMX.jsView on unpkgPackage contains an oversized executable-looking CLI entrypoint.
cli.jsView on unpkgPackage source references dynamic require/import behavior.
chunks/chunk-WBVIRD3S.jsView on unpkg · L6Package source executes code through a VM context API.
chunks/workflow-PQ4HORSJ.jsView on unpkg · L4Package source references weak cryptographic algorithms.
chunks/dist-N66KF4KX.jsView on unpkg · L2Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
chunks/chunk-DY6PIAAY.jsView on unpkg · L2Source writes installer persistence such as shell profile or service configuration.
chunks/chunk-DY6PIAAY.jsView on unpkg · L2