registry  /  @pentoshi/clai  /  3.5.1

@pentoshi/clai@3.5.1

A fast, cross-platform AI CLI assistant with ask and agent modes for shell tasks, file operations, and cybersecurity workflows.

Static Scan Results

scanned 1d ago · by rust-scanner

Static analysis flagged 12 finding(s) at 93.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNativeBindingsNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 234 file(s), 1.58 MB of source, external domains: agentrouter.org, api.anthropic.com, api.github.com, api.groq.com, api.openai.com, bedrock-mantle.ap-south-1.api.aws, bun.sh, dashscope-intl.aliyuncs.com, example.com, generativelanguage.googleapis.com, github.com, home.qwencloud.com, html.duckduckgo.com, integrate.api.nvidia.com, llm.kimchi.dev, openrouter.ai, router.bynara.id

Source & flagged code

4 flagged · loading source
dist/store/keys.jsView file
34try { L35: const imported = (await import(keychainModuleName)); L36: cachedKeytar = imported.default ?? imported;
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/store/keys.jsView on unpkg · L34
dist/tui/runtime.jsView file
4*/ L5: import { spawnSync } from "node:child_process"; L6: import { accessSync, constants } from "node:fs"; ... L12: export function findBunExecutable() { L13: const fromEnv = process.env.BUN_INSTALL L14: ? join(process.env.BUN_INSTALL, "bin", process.platform === "win32" ? "bun.exe" : "bun") L15: : undefined; ... L37: " • Dev: npm run dev:bun or bun run src/index.ts", L38: " • Install: https://bun.sh", L39: " • Or: clai --classic (line REPL without OpenTUI)",
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

dist/tui/runtime.jsView on unpkg · L4
matchType = previous_version_dangerous_delta matchedPackage = @pentoshi/clai@2.0.53 matchedIdentity = npm:QHBlbnRvc2hpL2NsYWk:2.0.53 similarity = 0.500 summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/tui/runtime.jsView on unpkg
dist/tools/web/ssrf-guard.jsView file
2* SSRF guard — classifies an address (or hostname literal) as L3: * private/loopback/link-local/cloud-metadata/CGNAT. Single source of truth L4: * for address classification: `web.fetch` (classifier branch + per-hop ... L7: */ L8: import net from "node:net"; L9: /**
High
Cloud Metadata Access

Source reaches cloud instance metadata or link-local credential endpoints.

dist/tools/web/ssrf-guard.jsView on unpkg · L2

Findings

3 High4 Medium5 Low
HighSandbox Evasion Gated Capabilitydist/tui/runtime.js
HighCloud Metadata Accessdist/tools/web/ssrf-guard.js
HighPrevious Version Dangerous Deltadist/tui/runtime.js
MediumDynamic Requiredist/store/keys.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings