registry  /  @saluzi/saluzi-edu  /  0.1.108

@saluzi/saluzi-edu@0.1.108

Saluzi CLI - interactive AI coding assistant in the terminal

Static Scan Results

scanned 2h ago · by rust-scanner

Static analysis flagged 21 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShellWebSocket
Supply chain
HighEntropyStringsMinifiedObfuscatedProtestwareTelemetryUrlStrings
ManifestNo manifest risk signals triggered.
scanned 168 file(s), 9.17 MB of source, external domains: 127.0.0.1, api.anthropic.com, cdn.jsdelivr.net, chevrotain.io, docs.anthropic.com, docs.expo.dev, en.wikipedia.org, example.com, ghproxy.net, github.com, jquery.org, langium.org, lodash.com, nodejs.org, openjsf.org, platform.claude.com, radix-ui.com, react.dev, registry.npmjs.org, tldrlegal.com, underscorejs.org, www.ibm.com, www.w3.org
Oversized source lightweight scan
dist/cli.js19.1 MB file, sampled 256 KB
FilesystemChildProcessEnvironmentVarsHighEntropyStringsMinifiedUrlStringsapi.anthropic.comdocs.anthropic.comdocs.expo.devgithub.comnodejs.orgplatform.claude.com
dist/rcs-web/assets/shiki-mEP5vQQu.js9.14 MB file, sampled 256 KB
ChildProcessObfuscatedHighEntropyStringsMinified
packages/remote-control-server/web/dist/assets/shiki-mEP5vQQu.js9.14 MB file, sampled 256 KB
ChildProcessObfuscatedHighEntropyStringsMinified

Source & flagged code

10 flagged · loading source
package.jsonView file
scripts.postinstall = node scripts/postinstall.cjs
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node scripts/postinstall.cjs
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
scripts/postinstall.cjsView file
23Manifest entrypoint (scripts.postinstall) carries capability families absent from dist/build output: environment+network, execution+network L23: } = require('fs') L24: const { spawnSync } = require('child_process') L25: const { setDefaultResultOrder } = require('node:dns') L26: const path = require('path') ... L41: const RELEASE_BASE = ( L42: process.env.RIPGREP_DOWNLOAD_BASE ?? DEFAULT_RELEASE_BASE L43: ).replace(/\/$/, '') ... L50: function getPlatformMapping() { L51: const arch = process.arch L52: const platform = process.platform ... L190: } L191: return Buffer.from(await response.arrayBuffer())
High
Entrypoint Build Divergence

Manifest entrypoint contains risky behavior absent from dist/build output.

scripts/postinstall.cjsView on unpkg · L23
23} = require('fs') L24: const { spawnSync } = require('child_process') L25: const { setDefaultResultOrder } = require('node:dns') L26: const path = require('path') ... L41: const RELEASE_BASE = ( L42: process.env.RIPGREP_DOWNLOAD_BASE ?? DEFAULT_RELEASE_BASE L43: ).replace(/\/$/, '') ... L50: function getPlatformMapping() { L51: const arch = process.arch L52: const platform = process.platform ... L190: } L191: return Buffer.from(await response.arrayBuffer())
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

scripts/postinstall.cjsView on unpkg · L23
23} = require('fs') L24: const { spawnSync } = require('child_process') L25: const { setDefaultResultOrder } = require('node:dns') L26: const path = require('path') ... L41: const RELEASE_BASE = ( L42: process.env.RIPGREP_DOWNLOAD_BASE ?? DEFAULT_RELEASE_BASE L43: ).replace(/\/$/, '') ... L50: function getPlatformMapping() { L51: const arch = process.arch L52: const platform = process.platform ... L190: } L191: return Buffer.from(await response.arrayBuffer())
High
Install Named Payload File

Install-named source file stages remote content through filesystem writes and execution.

scripts/postinstall.cjsView on unpkg · L23
dist/vendor/audio-capture/x64-darwin/audio-capture.nodeView file
path = dist/vendor/audio-capture/x64-darwin/audio-capture.node kind = native_binary sizeBytes = 439076 magicHex = [redacted]
Medium
Ships Native Binary

Package ships native binary artifacts.

dist/vendor/audio-capture/x64-darwin/audio-capture.nodeView on unpkg
dist/tree-sitter.wasmView file
path = dist/tree-sitter.wasm kind = wasm_module sizeBytes = 205488 magicHex = [redacted]
Medium
Ships Wasm Module

Package ships WebAssembly modules.

dist/tree-sitter.wasmView on unpkg
dist/rcs-web/assets/KaTeX_Script-Regular-D3wIWfF6.woff2View file
path = dist/rcs-web/assets/KaTeX_Script-Regular-D3wIWfF6.woff2 kind = high_entropy_blob sizeBytes = 9644 magicHex = [redacted]
High
Ships High Entropy Blob

Package ships high-entropy non-source blobs.

dist/rcs-web/assets/KaTeX_Script-Regular-D3wIWfF6.woff2View on unpkg
dist/rcs-web/assets/shiki-mEP5vQQu.jsView file
path = dist/rcs-web/assets/shiki-mEP5vQQu.js kind = oversized_source_file sizeBytes = 9583817 magicHex = [redacted]
High
Oversized Source File

Package contains source files above the static scanner size ceiling.

dist/rcs-web/assets/shiki-mEP5vQQu.jsView on unpkg
dist/cli.jsView file
path = dist/cli.js kind = oversized_cli_entrypoint sizeBytes = 20070118 magicHex = [redacted]
Medium
Oversized Cli Entrypoint

Package contains an oversized executable-looking CLI entrypoint.

dist/cli.jsView on unpkg

Findings

6 High8 Medium7 Low
HighInstall Time Lifecycle Scriptspackage.json
HighEntrypoint Build Divergencescripts/postinstall.cjs
HighSandbox Evasion Gated Capabilityscripts/postinstall.cjs
HighInstall Named Payload Filescripts/postinstall.cjs
HighShips High Entropy Blobdist/rcs-web/assets/KaTeX_Script-Regular-D3wIWfF6.woff2
HighOversized Source Filedist/rcs-web/assets/shiki-mEP5vQQu.js
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
MediumEnvironment Vars
MediumProtestware
MediumShips Native Binarydist/vendor/audio-capture/x64-darwin/audio-capture.node
MediumShips Wasm Moduledist/tree-sitter.wasm
MediumOversized Cli Entrypointdist/cli.js
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowTelemetry
LowUrl Strings