registry  /  @meffecta/quorum  /  0.3.0

@meffecta/quorum@0.3.0

An autonomous organization of AI agents — boot it in any directory and steer it from a live dashboard.

Static Scan Results

scanned 2h ago · by rust-scanner

Static analysis flagged 4 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessFilesystemShell
Supply chain
UrlStrings
Manifest
NoLicense
scanned 1 file(s), 2.03 KB of source, external domains: quorum.meffecta.com

Source & flagged code

1 flagged · loading source
bin/quorum.mjsView file
4// this must run on any user's Node without type stripping. L5: import { spawnSync } from 'node:child_process' L6: import { chmodSync, existsSync } from 'node:fs' ... L9: L10: const platformPkg = `@meffecta/quorum-${process.platform}-${process.arch}` L11: const exe = process.platform === 'win32' ? 'quorum.exe' : 'quorum' ... L45: ) L46: console.error('reinstall without --no-optional, or see https://quorum.meffecta.com') L47: process.exit(1)
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

bin/quorum.mjsView on unpkg · L4

Findings

1 High3 Low
HighSandbox Evasion Gated Capabilitybin/quorum.mjs
LowFilesystem
LowUrl Strings
LowNo License