registry  /  @oas-framework/oas  /  0.6.0

@oas-framework/oas@0.6.0

OAS (Open Agent Specialization) — durable souls, disposable instances, harvest-back: the oas CLI and kernel. Runtime adapters: @oas-framework/pi (pi), Claude plugin (planned)

Static Scan Results

scanned 5d ago · by rust-scanner

Static analysis completed at 93.0% confidence. No malicious behavior was detected; 5 low-signal pattern(s) were surfaced and cleared.

Static reason
No blocking static signals were detected.; previous stored version diff introduced dangerous source

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessDynamicRequireEnvironmentVarsFilesystemShell
Supply chain
HighEntropyStrings
ManifestNo manifest risk signals triggered.
scanned 6 file(s), 93.9 KB of source

Source & flagged code

2 flagged · loading source
integrations/oas-okf/bin/oas-okf.mjsView file
162if (!inst) skip("no instance identity (run from an instance home)"); L163: const core = await import(pathToFileURL(join(FRAMEWORK_ROOT, "lib", "core.mjs")).href); L164: const slug = String(inst).toLowerCase().replace(/[^a-z0-9]+/g, "-").replace(/^-+|-+$/g, "").slice(0, 30);
Medium
Dynamic Require

Package source references dynamic require/import behavior.

integrations/oas-okf/bin/oas-okf.mjsView on unpkg · L162
bin/oas.mjsView file
matchType = previous_version_dangerous_delta matchedPackage = @oas-framework/oas@0.5.0 matchedIdentity = npm:QG9hcy1mcmFtZXdvcmsvb2Fz:0.5.0 similarity = 0.667 summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

bin/oas.mjsView on unpkg

Findings

1 High2 Medium2 Low
HighPrevious Version Dangerous Deltabin/oas.mjs
MediumDynamic Requireintegrations/oas-okf/bin/oas-okf.mjs
MediumEnvironment Vars
LowFilesystem
LowHigh Entropy Strings