CLI engine for Monomind — an open-source MCP server that extends Claude Code with a codebase knowledge graph (tree-sitter + SQLite), persistent memory, multi-agent task coordination, and session hooks. MIT licensed, fully local.
Static analysis flagged 23 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Package text addresses the security reviewer or scanner and tries to influence the review outcome.
README.mdView on unpkgPackage contains a possible secret pattern.
dist/src/mcp-tools/quality/security-compliance/detect-secrets.jsView on unpkg · L282Package source references child process execution.
dist/workflow/builtin-handlers.jsView on unpkg · L68Package source invokes a package manager install command at runtime.
dist/workflow/builtin-handlers.jsView on unpkg · L68Package source references shell execution.
dist/src/init/statusline-generator.jsView on unpkg · L186Source writes installer persistence such as shell profile or service configuration.
dist/src/init/statusline-generator.jsView on unpkg · L41Package source references a known benign dynamic code generation pattern.
dist/src/workflow/condition-evaluator.jsView on unpkg · L78Package source references dynamic require/import behavior.
dist/dashboard/server.jsView on unpkg · L5Package source references weak cryptographic algorithms.
dist/src/services/crash-reporter.jsView on unpkg · L15Source reaches cloud instance metadata or link-local credential endpoints.
dist/src/commands/providers.jsView on unpkg · L30Package ships non-JavaScript build or shell helper files.
scripts/sync-claude-assets.shView on unpkgHardcoded password in .claude/agents/core/reviewer.md
.claude/agents/core/reviewer.mdView on unpkg · L85Hardcoded password in .claude/agents/testing/testing-api-tester.md
.claude/agents/testing/testing-api-tester.mdView on unpkg · L78Hardcoded password in .claude/agents/testing/testing-performance-benchmarker.md
.claude/agents/testing/testing-performance-benchmarker.mdView on unpkg · L94Package text addresses the security reviewer or scanner and tries to influence the review outcome.
README.mdView on unpkgPackage contains a possible secret pattern.
dist/src/mcp-tools/quality/security-compliance/detect-secrets.jsView on unpkg · L282Package ships non-JavaScript build or shell helper files.
scripts/sync-claude-assets.shView on unpkgHardcoded password in .claude/agents/core/reviewer.md
.claude/agents/core/reviewer.mdView on unpkg · L85Hardcoded password in .claude/agents/testing/testing-api-tester.md
.claude/agents/testing/testing-api-tester.mdView on unpkg · L78Hardcoded password in .claude/agents/testing/testing-performance-benchmarker.md
.claude/agents/testing/testing-performance-benchmarker.mdView on unpkg · L94Package source references child process execution.
dist/workflow/builtin-handlers.jsView on unpkg · L68Package source invokes a package manager install command at runtime.
dist/workflow/builtin-handlers.jsView on unpkg · L68Source writes installer persistence such as shell profile or service configuration.
dist/src/init/statusline-generator.jsView on unpkg · L41Package source references shell execution.
dist/src/init/statusline-generator.jsView on unpkg · L186Package source references a known benign dynamic code generation pattern.
dist/src/workflow/condition-evaluator.jsView on unpkg · L78Package source references dynamic require/import behavior.
dist/dashboard/server.jsView on unpkg · L5Package source references weak cryptographic algorithms.
dist/src/services/crash-reporter.jsView on unpkg · L15Source reaches cloud instance metadata or link-local credential endpoints.
dist/src/commands/providers.jsView on unpkg · L30