registry  /  @parall/parall  /  1.42.1

@parall/parall@1.42.1

OpenClaw channel plugin for Parall IM

Static Scan Results

scanned 2d ago · by rust-scanner

Static analysis flagged 8 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsEvalFilesystemNetworkShellWebSocket
Supply chain
HighEntropyStrings
ManifestNo manifest risk signals triggered.
scanned 29 file(s), 1.65 MB of source

Source & flagged code

2 flagged · loading source
dist/index.bundle.mjsView file
122var _a; L123: const api = _global[GLOBAL_OPENTELEMETRY_API_KEY] = (_a = _global[GLOBAL_OPENTELEMETRY_API_KEY]) !== null && _a !== void 0 ? _a : { L124: version: VERSION
High
Obfuscated Payload Loader

Source contains an obfuscator-style string-array loader that reconstructs and executes hidden code.

dist/index.bundle.mjsView on unpkg · L122
6586try { L6587: var mod = eval("quire".replace(/^/, "re"))(moduleName); L6588: if (mod && (mod.length || Object.keys(mod).length))
Low
Eval

Package source references a known benign dynamic code generation pattern.

dist/index.bundle.mjsView on unpkg · L6586

Findings

1 High3 Medium4 Low
HighObfuscated Payload Loaderdist/index.bundle.mjs
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowEvaldist/index.bundle.mjs
LowFilesystem
LowHigh Entropy Strings