registry  /  @permission-slip/cli  /  0.1.30

@permission-slip/cli@0.1.30

Agent-facing CLI for Permission Slip — register, verify, and interact with Permission Slip servers

Static Scan Results

scanned 3h ago · by rust-scanner

Static analysis flagged 8 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStrings
ManifestNo manifest risk signals triggered.
scanned 1 file(s), 70.1 KB of source

Source & flagged code

2 flagged · loading source
dist/index.jsView file
157patternName = private_key_openssh severity = critical line = 157 matchedText = const b6..."");
Critical
Critical Secret

Package contains a critical-looking secret pattern.

dist/index.jsView on unpkg · L157
157patternName = private_key_openssh severity = critical line = 157 matchedText = const b6..."");
Critical
Secret Pattern

OpenSSH private key in dist/index.js

dist/index.jsView on unpkg · L157

Findings

2 Critical2 Medium4 Low
CriticalCritical Secretdist/index.js
CriticalSecret Patterndist/index.js
MediumNetwork
MediumEnvironment Vars
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings