registry  /  @pat-lewczuk/cezar  /  0.1.2

@pat-lewczuk/cezar@0.1.2

Local cockpit for running and tracking AI agent tasks in your repo. Uses your logged-in `claude` CLI and `gh` — zero config, zero database.

Static Scan Results

scanned 4d ago · by rust-scanner

Static analysis flagged 11 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 24 file(s), 321 KB of source, external domains: claude.com, github.com

Source & flagged code

2 flagged · loading source
dist/core/claude-cli-runner.jsView file
1import { spawn as nodeSpawn } from 'node:child_process'; L2: import { fileURLToPath } from 'node:url';
High
Child Process

Package source references child process execution.

dist/core/claude-cli-runner.jsView on unpkg · L1
dist/core/backend-detect.jsView file
38available: false, L39: hint: 'install Claude Code (npm i -g @anthropic-ai/claude-code) and log in', L40: }; ... L44: try { L45: const { stdout } = await exec('gh', ['auth', 'token'], { timeout: 10_000 }); L46: return { name: 'gh', available: stdout.trim().length > 0, version: 'authenticated' };
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

dist/core/backend-detect.jsView on unpkg · L38

Findings

3 High3 Medium5 Low
HighChild Processdist/core/claude-cli-runner.js
HighShell
HighRuntime Package Installdist/core/backend-detect.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings