registry  /  @posthog/agent  /  2.3.1184

@posthog/agent@2.3.1184

TypeScript agent framework wrapping Claude Agent SDK with Git-based task execution for PostHog

Static Scan Results

scanned 7d ago · by rust-scanner

Static analysis flagged 15 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsEvalFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
Manifest
WildcardDependency
scanned 165 file(s), 4.42 MB of source, external domains: a.com, app.dev.posthog.dev, app.posthog.com, b.com, eu.posthog.com, example.com, gateway.dev.posthog.dev, gateway.eu.posthog.com, gateway.timeout-test, gateway.us.posthog.com, github.com, logs.example.com, mcp.example.com, ngrok.test, posthog.com, posthog.slack.com, sandbox.example.com, sse.example.com, test.posthog.com, us.i.posthog.com, us.posthog.com

Source & flagged code

7 flagged · loading source
dist/handoff-checkpoint.jsView file
904// ../git/dist/handoff.js L905: import { spawn as spawn3 } from "child_process"; L906: import { copyFile, mkdtemp, readFile as readFile2, rm as rm2, stat as stat2 } from "fs/promises";
High
Child Process

Package source references child process execution.

dist/handoff-checkpoint.jsView on unpkg · L904
dist/server/agent-server.jsView file
19716} L19717: async function handlePostHogExecApprovalFlow(context, subTool) { L19718: const { toolName, toolInput, toolUseID, client, sessionId, session } = context;
High
Shell

Package source references shell execution.

dist/server/agent-server.jsView on unpkg · L19716
171for (let i2 = 0; i2 < namespace.length; i2++) { L172: hash = (hash << 5) - hash + namespace.charCodeAt(i2); L173: hash |= 0; ... L431: let m; L432: return typeof document !== "undefined" && document.documentElement && document.documentElement.style && document.documentElement.style.WebkitAppearance || // Is firebug? http://sta... L433: typeof window !== "undefined" && window.console && (window.console.firebug || window.console.exception && window.console.table) || // Is firefox >= v31? ... L476: if (!r && typeof process !== "undefined" && "env" in process) { L477: r = process.env.DEBUG; L478: } ... L562: } L563: if (process.platform === "win32") { L564: const osRelease = os9.release().split(".");
High
Obfuscated Payload Loader

Source contains an obfuscator-style string-array loader that reconstructs and executes hidden code.

dist/server/agent-server.jsView on unpkg · L171
171Cross-file remote execution chain: dist/server/agent-server.js spawns dist/handoff-checkpoint.js; helper contains network access plus dynamic code execution. L171: for (let i2 = 0; i2 < namespace.length; i2++) { L172: hash = (hash << 5) - hash + namespace.charCodeAt(i2); L173: hash |= 0; ... L431: let m; L432: return typeof document !== "undefined" && document.documentElement && document.documentElement.style && document.documentElement.style.WebkitAppearance || // Is firebug? http://sta... L433: typeof window !== "undefined" && window.console && (window.console.firebug || window.console.exception && window.console.table) || // Is firefox >= v31? ... L476: if (!r && typeof process !== "undefined" && "env" in process) { L477: r = process.env.DEBUG; L478: } ... L562: } L563: if (process.platform === "win32") { L564: const osRelease = os9.release().split(".");
High
Cross File Remote Execution Context

Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.

dist/server/agent-server.jsView on unpkg · L171
1820var func = `(${args}) => { ${body} };`; L1821: ASM_CONSTS[start] = eval(func); L1822: }
Low
Eval

Package source references a known benign dynamic code generation pattern.

dist/server/agent-server.jsView on unpkg · L1820
dist/claude-cli/claudeView file
path = dist/claude-cli/claude kind = native_binary sizeBytes = 247469776 magicHex = [redacted]
Medium
Ships Native Binary

Package ships native binary artifacts.

dist/claude-cli/claudeView on unpkg
src/server/agent-server.test.tsView file
325patternName = private_key_rsa severity = critical line = 325 matchedText = const TE...----
Critical
Secret Pattern

RSA private key in src/server/agent-server.test.ts

src/server/agent-server.test.tsView on unpkg · L325

Findings

1 Critical4 High5 Medium5 Low
CriticalSecret Patternsrc/server/agent-server.test.ts
HighChild Processdist/handoff-checkpoint.js
HighShelldist/server/agent-server.js
HighObfuscated Payload Loaderdist/server/agent-server.js
HighCross File Remote Execution Contextdist/server/agent-server.js
MediumNetwork
MediumEnvironment Vars
MediumShips Native Binarydist/claude-cli/claude
MediumStructural Risk Force Deep Review
MediumWildcard Dependency
LowScripts Present
LowEvaldist/server/agent-server.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings