registry  /  @saulwade/swl-ses  /  2.6.0

@saulwade/swl-ses@2.6.0

⚠ Under review

Sistema de ingenieria de software auto-evolutivo multi-runtime polyglot con 61 agentes, 181 habilidades, 48 comandos, 77 reglas y 49 hooks. Soporta 11 lenguajes y 7 runtimes: Claude Code, OpenClaude, OpenCode, Gemini CLI, Cursor, Codex CLI (soporte comple

Static Scan Results

scanned 3h ago · by rust-scanner

Static analysis flagged 27 finding(s) at 93.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 374 file(s), 3.08 MB of source, external domains: api.github.com, cli.github.com, docs.github.com, evil.example.com, github.com, npm.pkg.github.com, registry.npmjs.org, t.me

Source & flagged code

18 flagged · loading source
hooks/escaneo-secretos.jsView file
65patternName = aws_access_key severity = critical line = 65 matchedText = // AKIAI...X...
Critical
Critical Secret

Package contains a critical-looking secret pattern.

hooks/escaneo-secretos.jsView on unpkg · L65
65patternName = aws_access_key severity = critical line = 65 matchedText = // AKIAI...X...
Critical
Secret Pattern

AWS access key ID in hooks/escaneo-secretos.js

hooks/escaneo-secretos.jsView on unpkg · L65
78patternName = private_key_rsa severity = critical line = 78 matchedText = // -----...----
Critical
Secret Pattern

RSA private key in hooks/escaneo-secretos.js

hooks/escaneo-secretos.jsView on unpkg · L78
78patternName = private_key_openssh severity = critical line = 78 matchedText = // -----...----
Critical
Secret Pattern

OpenSSH private key in hooks/escaneo-secretos.js

hooks/escaneo-secretos.jsView on unpkg · L78
habilidades/changelog-generator/scripts/parse-commits.jsView file
36L37: const { execSync } = require('node:child_process'); L38:
High
Child Process

Package source references child process execution.

habilidades/changelog-generator/scripts/parse-commits.jsView on unpkg · L36
26* Uso programático: L27: * const { parsearCommits, generarChangelog } = require('./parse-commits'); L28: * const { categorias, conformidad } = parsearCommits(commits);
Medium
Dynamic Require

Package source references dynamic require/import behavior.

habilidades/changelog-generator/scripts/parse-commits.jsView on unpkg · L26
hooks/lib/sync-status.jsView file
1'use strict'; L2:
Low
Weak Crypto

Package source references weak cryptographic algorithms.

hooks/lib/sync-status.jsView on unpkg · L1
scripts/lib/autostart-macos.jsView file
8* Solo LaunchAgents (nivel usuario, sin privilegios de sistema). L9: * - NUNCA hardcodea rutas absolutas. Resuelve bin/ con __dirname en runtime. L10: * - NUNCA incluye credenciales en el plist — las credenciales viven en .env. L11: * - Solo opera en process.platform === 'darwin'. Otros OS reciben error explícito. L12: * L13: * Rollback manual (si algo sale mal): L14: * launchctl unload -w ~/Library/LaunchAgents/com.swl.telegram-bot.plist L15: * rm ~/Library/LaunchAgents/com.swl.telegram-bot.plist ... L19: L20: const { execFileSync } = require('node:child_process'); L21: const path = require('node:path'); ... L50: } catch (_) {}
Medium
Install Persistence

Source writes installer persistence such as shell profile or service configuration.

scripts/lib/autostart-macos.jsView on unpkg · L8
hooks/calidad-typescript.jsView file
305try { L306: execSync('npx tsc --noEmit 2>&1', { L307: cwd: CWD, encoding: 'utf8', stdio: ['pipe','pipe','pipe'], timeout: 60_000,
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

hooks/calidad-typescript.jsView on unpkg · L305
habilidades/validacion-ci-sistema/scripts/validar-sistema.shView file
path = habilidades/validacion-ci-sistema/scripts/validar-sistema.sh kind = build_helper sizeBytes = 13731 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

habilidades/validacion-ci-sistema/scripts/validar-sistema.shView on unpkg
bin/swl-ses.jsView file
matchType = previous_version_dangerous_delta matchedPackage = @saulwade/swl-ses@2.4.3 matchedIdentity = npm:QHNhdWx3YWRlL3N3bC1zZXM:2.4.3 similarity = 0.442 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

bin/swl-ses.jsView on unpkg
habilidades/nestjs-experto/recursos/testing-nestjs.mdView file
52patternName = generic_password severity = medium line = 52 matchedText = password...34',
Medium
Secret Pattern

Hardcoded password in habilidades/nestjs-experto/recursos/testing-nestjs.md

habilidades/nestjs-experto/recursos/testing-nestjs.mdView on unpkg · L52
72patternName = generic_password severity = medium line = 72 matchedText = service.... }),
Medium
Secret Pattern

Hardcoded password in habilidades/nestjs-experto/recursos/testing-nestjs.md

habilidades/nestjs-experto/recursos/testing-nestjs.mdView on unpkg · L72
131patternName = generic_password severity = medium line = 131 matchedText = const dt...' };
Medium
Secret Pattern

Hardcoded password in habilidades/nestjs-experto/recursos/testing-nestjs.md

habilidades/nestjs-experto/recursos/testing-nestjs.mdView on unpkg · L131
240patternName = generic_password severity = medium line = 240 matchedText = .send({ ...' })
Medium
Secret Pattern

Hardcoded password in habilidades/nestjs-experto/recursos/testing-nestjs.md

habilidades/nestjs-experto/recursos/testing-nestjs.mdView on unpkg · L240
254patternName = generic_password severity = medium line = 254 matchedText = .send({ ...' })
Medium
Secret Pattern

Hardcoded password in habilidades/nestjs-experto/recursos/testing-nestjs.md

habilidades/nestjs-experto/recursos/testing-nestjs.mdView on unpkg · L254
261patternName = generic_password severity = medium line = 261 matchedText = const dt...' };
Medium
Secret Pattern

Hardcoded password in habilidades/nestjs-experto/recursos/testing-nestjs.md

habilidades/nestjs-experto/recursos/testing-nestjs.mdView on unpkg · L261
habilidades/gcp-cloud/SKILL.mdView file
100patternName = generic_password severity = medium line = 100 matchedText = password...ña",
Medium
Secret Pattern

Hardcoded password in habilidades/gcp-cloud/SKILL.md

habilidades/gcp-cloud/SKILL.mdView on unpkg · L100

Findings

5 Critical3 High13 Medium6 Low
CriticalCritical Secrethooks/escaneo-secretos.js
CriticalPrevious Version Dangerous Deltabin/swl-ses.js
CriticalSecret Patternhooks/escaneo-secretos.js
CriticalSecret Patternhooks/escaneo-secretos.js
CriticalSecret Patternhooks/escaneo-secretos.js
HighChild Processhabilidades/changelog-generator/scripts/parse-commits.js
HighShell
HighRuntime Package Installhooks/calidad-typescript.js
MediumDynamic Requirehabilidades/changelog-generator/scripts/parse-commits.js
MediumNetwork
MediumEnvironment Vars
MediumInstall Persistencescripts/lib/autostart-macos.js
MediumShips Build Helperhabilidades/validacion-ci-sistema/scripts/validar-sistema.sh
MediumStructural Risk Force Deep Review
MediumSecret Patternhabilidades/nestjs-experto/recursos/testing-nestjs.md
MediumSecret Patternhabilidades/nestjs-experto/recursos/testing-nestjs.md
MediumSecret Patternhabilidades/nestjs-experto/recursos/testing-nestjs.md
MediumSecret Patternhabilidades/nestjs-experto/recursos/testing-nestjs.md
MediumSecret Patternhabilidades/nestjs-experto/recursos/testing-nestjs.md
MediumSecret Patternhabilidades/nestjs-experto/recursos/testing-nestjs.md
MediumSecret Patternhabilidades/gcp-cloud/SKILL.md
LowNon Install Lifecycle Scripts
LowScripts Present
LowWeak Cryptohooks/lib/sync-status.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings