registry  /  @saulwade/swl-ses  /  2.3.0

@saulwade/swl-ses@2.3.0

Sistema de ingenieria de software auto-evolutivo multi-runtime polyglot con 60 agentes, 182 habilidades, 44 comandos, 77 reglas y 50 hooks. Soporta 11 lenguajes y 7 runtimes: Claude Code, OpenClaude, OpenCode, Gemini CLI, Cursor, Codex CLI (soporte comple

Static Scan Results

scanned 10d ago · by rust-scanner

Static analysis flagged 27 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 344 file(s), 2.83 MB of source, external domains: api.github.com, cli.github.com, docs.github.com, evil.example.com, github.com, npm.pkg.github.com, registry.npmjs.org, t.me

Source & flagged code

18 flagged · loading source
package.jsonView file
scripts.postinstall = echo ' swl-software-engineering-system instalado. Ejecuta: npx swl-ses init '
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
hooks/escaneo-secretos.jsView file
65patternName = aws_access_key severity = critical line = 65 matchedText = // AKIAI...X...
Critical
Critical Secret

Package contains a critical-looking secret pattern.

hooks/escaneo-secretos.jsView on unpkg · L65
65patternName = aws_access_key severity = critical line = 65 matchedText = // AKIAI...X...
Critical
Secret Pattern

AWS access key ID in hooks/escaneo-secretos.js

hooks/escaneo-secretos.jsView on unpkg · L65
78patternName = private_key_rsa severity = critical line = 78 matchedText = // -----...----
Critical
Secret Pattern

RSA private key in hooks/escaneo-secretos.js

hooks/escaneo-secretos.jsView on unpkg · L78
78patternName = private_key_openssh severity = critical line = 78 matchedText = // -----...----
Critical
Secret Pattern

OpenSSH private key in hooks/escaneo-secretos.js

hooks/escaneo-secretos.jsView on unpkg · L78
habilidades/changelog-generator/scripts/parse-commits.jsView file
36L37: const { execSync } = require('node:child_process'); L38:
High
Child Process

Package source references child process execution.

habilidades/changelog-generator/scripts/parse-commits.jsView on unpkg · L36
26* Uso programático: L27: * const { parsearCommits, generarChangelog } = require('./parse-commits'); L28: * const { categorias, conformidad } = parsearCommits(commits);
Medium
Dynamic Require

Package source references dynamic require/import behavior.

habilidades/changelog-generator/scripts/parse-commits.jsView on unpkg · L26
hooks/lib/sync-status.jsView file
1'use strict'; L2:
Low
Weak Crypto

Package source references weak cryptographic algorithms.

hooks/lib/sync-status.jsView on unpkg · L1
scripts/lib/autostart-macos.jsView file
8* Solo LaunchAgents (nivel usuario, sin privilegios de sistema). L9: * - NUNCA hardcodea rutas absolutas. Resuelve bin/ con __dirname en runtime. L10: * - NUNCA incluye credenciales en el plist — las credenciales viven en .env. L11: * - Solo opera en process.platform === 'darwin'. Otros OS reciben error explícito. L12: * L13: * Rollback manual (si algo sale mal): L14: * launchctl unload -w ~/Library/LaunchAgents/com.swl.telegram-bot.plist L15: * rm ~/Library/LaunchAgents/com.swl.telegram-bot.plist ... L19: L20: const { execFileSync } = require('node:child_process'); L21: const path = require('node:path'); ... L50: } catch (_) {}
Medium
Install Persistence

Source writes installer persistence such as shell profile or service configuration.

scripts/lib/autostart-macos.jsView on unpkg · L8
hooks/calidad-typescript.jsView file
305try { L306: execSync('npx tsc --noEmit 2>&1', { L307: cwd: CWD, encoding: 'utf8', stdio: ['pipe','pipe','pipe'], timeout: 60_000,
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

hooks/calidad-typescript.jsView on unpkg · L305
habilidades/validacion-ci-sistema/scripts/validar-sistema.shView file
path = habilidades/validacion-ci-sistema/scripts/validar-sistema.sh kind = build_helper sizeBytes = 13754 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

habilidades/validacion-ci-sistema/scripts/validar-sistema.shView on unpkg
habilidades/nestjs-experto/recursos/testing-nestjs.mdView file
52patternName = generic_password severity = medium line = 52 matchedText = password...34',
Medium
Secret Pattern

Hardcoded password in habilidades/nestjs-experto/recursos/testing-nestjs.md

habilidades/nestjs-experto/recursos/testing-nestjs.mdView on unpkg · L52
72patternName = generic_password severity = medium line = 72 matchedText = service.... }),
Medium
Secret Pattern

Hardcoded password in habilidades/nestjs-experto/recursos/testing-nestjs.md

habilidades/nestjs-experto/recursos/testing-nestjs.mdView on unpkg · L72
131patternName = generic_password severity = medium line = 131 matchedText = const dt...' };
Medium
Secret Pattern

Hardcoded password in habilidades/nestjs-experto/recursos/testing-nestjs.md

habilidades/nestjs-experto/recursos/testing-nestjs.mdView on unpkg · L131
240patternName = generic_password severity = medium line = 240 matchedText = .send({ ...' })
Medium
Secret Pattern

Hardcoded password in habilidades/nestjs-experto/recursos/testing-nestjs.md

habilidades/nestjs-experto/recursos/testing-nestjs.mdView on unpkg · L240
254patternName = generic_password severity = medium line = 254 matchedText = .send({ ...' })
Medium
Secret Pattern

Hardcoded password in habilidades/nestjs-experto/recursos/testing-nestjs.md

habilidades/nestjs-experto/recursos/testing-nestjs.mdView on unpkg · L254
261patternName = generic_password severity = medium line = 261 matchedText = const dt...' };
Medium
Secret Pattern

Hardcoded password in habilidades/nestjs-experto/recursos/testing-nestjs.md

habilidades/nestjs-experto/recursos/testing-nestjs.mdView on unpkg · L261
habilidades/gcp-cloud/SKILL.mdView file
100patternName = generic_password severity = medium line = 100 matchedText = password...ña",
Medium
Secret Pattern

Hardcoded password in habilidades/gcp-cloud/SKILL.md

habilidades/gcp-cloud/SKILL.mdView on unpkg · L100

Findings

4 Critical4 High13 Medium6 Low
CriticalCritical Secrethooks/escaneo-secretos.js
CriticalSecret Patternhooks/escaneo-secretos.js
CriticalSecret Patternhooks/escaneo-secretos.js
CriticalSecret Patternhooks/escaneo-secretos.js
HighInstall Time Lifecycle Scriptspackage.json
HighChild Processhabilidades/changelog-generator/scripts/parse-commits.js
HighShell
HighRuntime Package Installhooks/calidad-typescript.js
MediumDynamic Requirehabilidades/changelog-generator/scripts/parse-commits.js
MediumNetwork
MediumEnvironment Vars
MediumInstall Persistencescripts/lib/autostart-macos.js
MediumShips Build Helperhabilidades/validacion-ci-sistema/scripts/validar-sistema.sh
MediumStructural Risk Force Deep Review
MediumSecret Patternhabilidades/nestjs-experto/recursos/testing-nestjs.md
MediumSecret Patternhabilidades/nestjs-experto/recursos/testing-nestjs.md
MediumSecret Patternhabilidades/nestjs-experto/recursos/testing-nestjs.md
MediumSecret Patternhabilidades/nestjs-experto/recursos/testing-nestjs.md
MediumSecret Patternhabilidades/nestjs-experto/recursos/testing-nestjs.md
MediumSecret Patternhabilidades/nestjs-experto/recursos/testing-nestjs.md
MediumSecret Patternhabilidades/gcp-cloud/SKILL.md
LowNon Install Lifecycle Scripts
LowScripts Present
LowWeak Cryptohooks/lib/sync-status.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings