registry  /  @promptbook/wizard  /  0.113.0-1

@promptbook/wizard@0.113.0-1

⚠ Under review

Promptbook: Create persistent AI agents that turn your company's scattered knowledge into action

Static Scan Results

scanned 5d ago · by rust-scanner

Static analysis flagged 12 finding(s) at 86.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
High-risk behavior combination matched malicious policy.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsEvalFilesystemNetworkShellWebSocket
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 1 file(s), 2.23 MB of source, external domains: ai.google.dev, api.github.com, api.openai.com, calendar.google.com, collboard.fra1.cdn.digitaloceanspaces.com, example.com, generativelanguage.googleapis.com, github.com, legal-db.example.com, linkedin.com, platform.openai.com, promptbook.s5.ptbk.io, promptbook.studio, pseudo-agent.promptbook, ptbk.io, s6.ptbk.io, serpapi.com, stackoverflow.com, twitter.com, www.googleapis.com, www.pavolhejny.com
Oversized source lightweight scan
umd/index.umd.js2.17 MB file, sampled 256 KB
FilesystemNetworkChildProcessEnvironmentVarsCryptoHighEntropyStringsUrlStringsgithub.compromptbook.s5.ptbk.io

Source & flagged code

6 flagged · loading source
esm/index.es.jsView file
7import { mkdir, rm, readFile, readdir, rename, rmdir, stat, access, constants, writeFile, watch, unlink } from 'fs/promises'; L8: import { spawn } from 'child_process'; L9: import { forTime } from 'waitasecond'; ... L31: * @generated L32: * @see https://github.com/webgptorg/book L33: */ ... L67: * L68: * @private within the repository L69: */ ... L764: * L765: * @param image as a source for example `data:image/png;base64,[redacted]=` L766: * @returns Color object
Critical
Credential Exfiltration

Source appears to send environment or credential material to an external endpoint.

esm/index.es.jsView on unpkg · L7
7Trigger-reachable chain: manifest.module -> esm/index.es.js L7: import { mkdir, rm, readFile, readdir, rename, rmdir, stat, access, constants, writeFile, watch, unlink } from 'fs/promises'; L8: import { spawn } from 'child_process'; L9: import { forTime } from 'waitasecond'; ... L31: * @generated L32: * @see https://github.com/webgptorg/book L33: */ ... L67: * L68: * @private within the repository L69: */ ... L764: * L765: * @param image as a source for example `data:image/png;base64,[redacted]=` L766: * @returns Color object
Critical
Trigger Reachable Dangerous Capability

A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.

esm/index.es.jsView on unpkg · L7
14020try { L14021: eval(script); // <- TODO: Use `JavascriptExecutionTools.execute` here L14022: }
High
Eval

Package source references dynamic code evaluation.

esm/index.es.jsView on unpkg · L14020
5389// eslint-disable-next-line @typescript-eslint/no-var-requires L5390: const { createDeepSeek } = require('@ai-sdk/deepseek'); L5391: const deepseekVercelProvider = createDeepSeek({
Medium
Dynamic Require

Package source references dynamic require/import behavior.

esm/index.es.jsView on unpkg · L5389
umd/index.umd.jsView file
path = umd/index.umd.js kind = oversized_source_file sizeBytes = 2271799 magicHex = [redacted]
High
Oversized Source File

Package contains source files above the static scanner size ceiling.

umd/index.umd.jsView on unpkg
package.jsonView file
Runtime dependency names matching Node built-ins: crypto
High
Node Builtin Dependency Squat

Package declares a runtime dependency whose name matches a Node built-in module.

package.jsonView on unpkg

Findings

2 Critical3 High4 Medium3 Low
CriticalCredential Exfiltrationesm/index.es.js
CriticalTrigger Reachable Dangerous Capabilityesm/index.es.js
HighEvalesm/index.es.js
HighOversized Source Fileumd/index.umd.js
HighNode Builtin Dependency Squatpackage.json
MediumDynamic Requireesm/index.es.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings