registry  /  @orchid-labs/pluxx  /  0.1.25

@orchid-labs/pluxx@0.1.25

⚠ Under review

Build AI agent plugins once. Prime-time on Claude Code, Cursor, Codex, and OpenCode, with beta generators for additional hosts.

Static Scan Results

scanned 11d ago · by rust-scanner

Static analysis flagged 16 finding(s) at 86.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
High-risk behavior combination matched malicious policy.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsObfuscatedTelemetryUrlStrings
ManifestNo manifest risk signals triggered.
scanned 3 file(s), 2.53 MB of source, external domains: ampcode.com, api.firecrawl.dev, code.claude.com, cursor.com, developers.openai.com, docs.cline.bot, docs.example.com, docs.openhands.dev, docs.roocode.com, docs.warp.dev, dom.spec.whatwg.org, example.com, geminicli.com, github.com, lists.w3.org, mathiasbynens.be, mcp.linear.app, opencode.ai, tools.ietf.org, trac.webkit.org, url.spec.whatwg.org, www.ibm.com, www.w3.org, www.whatwg.org

Source & flagged code

5 flagged · loading source
dist/cli/index.jsView file
115// BMP codepoint L116: String.fromCharCode(high + 65536) L117: ) : ( ... L340: name: getName2(2).toLowerCase(), L341: data: selector.charCodeAt(selectorIndex) === 40 ? readValueWithParenthesis() : null L342: }); ... L892: exports.NAMESPACE = { L893: HTML: "http://www.w3.org/1999/xhtml", L894: XML: "http://www.w3.org/XML/1998/namespace", ... L1301: // NOTE: The `serializeOne()` function used to live on the `Node.prototype` L1302: // as a private method `Node#_serializeOne(child)`, however that requires L1303: // a megamorphic property access `this._serializeOne` just to get to the
Critical
Credential Exfiltration

Source appears to send environment or credential material to an external endpoint.

dist/cli/index.jsView on unpkg · L115
32535patternName = generic_password severity = medium line = 32535 matchedText = password...d]",
Medium
Secret Pattern

Package contains a possible secret pattern.

dist/cli/index.jsView on unpkg · L32535
dist/index.jsView file
9075import { resolve as resolve2 } from "path"; L9076: import { spawnSync } from "child_process"; L9077: import { tmpdir } from "os";
High
Child Process

Package source references child process execution.

dist/index.jsView on unpkg · L9075
66Cross-file remote execution chain: dist/index.js spawns dist/cli/index.js; helper contains network access plus dynamic code execution. L66: const e2 = __require("node:os"); L67: var t2 = [509, 0, 227, 0, 150, 4, 294, 9, 1368, 2, 2, 1, 6, 3, 41, 2, 5, 0, 166, 1, 574, 3, 9, 9, 7, 9, 32, 4, 318, 1, 80, 3, 71, 10, 50, 3, 123, 2, 54, 14, 32, 10, 3, 1, 11, 3, 46... L68: function isInAstralSet(e3, t3) { ... L75: function isIdentifierStart(e3, t3) { L76: return e3 < 65 ? 36 === e3 : e3 < 91 || (e3 < 97 ? 95 === e3 : e3 < 123 || (e3 <= 65535 ? e3 >= 170 && c.test(String.fromCharCode(e3)) : false !== t3 && isInAstralSet(e3, s))); L77: } ... L2157: function pathe_M_eThtNZ_cwd() { L2158: return "undefined" != typeof process && "function" == typeof process.cwd ? process.cwd().replace(/\\/g, "/") : "/"; L2159: } ... L2333: const { ERR_UNKNOWN_FILE_EXTENSION: Ue } = Te, Me = {}.hasOwnProperty, je = { __proto__: null, ".cjs": "commonjs", ".js": "module", ".json": "json", ".mjs": "module" }; L2334: const Fe = { __proto__: null, "data:": function(e3) { L2335: const { 1: t3 } = /^([^/]+\/[^;,]+)[^,]*?(;base64)?,/.exec(e3.pathname) || [null, null, null];
High
Cross File Remote Execution Context

Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.

dist/index.jsView on unpkg · L66
bin/pluxx.jsView file
16L17: const cli = await import(pathToFileURL(cliPath).href) L18: if (typeof cli.main !== 'function') {
Medium
Dynamic Require

Package source references dynamic require/import behavior.

bin/pluxx.jsView on unpkg · L16

Findings

1 Critical3 High5 Medium7 Low
CriticalCredential Exfiltrationdist/cli/index.js
HighChild Processdist/index.js
HighShell
HighCross File Remote Execution Contextdist/index.js
MediumSecret Patterndist/cli/index.js
MediumDynamic Requirebin/pluxx.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowTelemetry
LowUrl Strings