registry  /  @sdsrs/agentsmd  /  2.7.1

@sdsrs/agentsmd@2.7.1

A global coding-discipline spec for Codex, enforced by native Codex hooks + a rule-hit telemetry closed loop. Independent of oh-my-codex.

Static Scan Results

scanned 2d ago · by rust-scanner

Static analysis completed at 65.0% confidence. No malicious behavior was detected; 9 low-signal pattern(s) were surfaced and cleared.

Static reason
No blocking static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessDynamicRequireEnvironmentVarsFilesystem
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 22 file(s), 164 KB of source, external domains: github.com

Source & flagged code

3 flagged · loading source
bin/agentsmd.jsView file
9L10: const path = require('path'); L11: const cp = require('child_process');
Medium
Dynamic Require

Package source references dynamic require/import behavior.

bin/agentsmd.jsView on unpkg · L9
install.shView file
path = install.sh kind = build_helper sizeBytes = 6889 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

install.shView on unpkg
hooks/tests/smoke.shView file
path = hooks/tests/smoke.sh kind = payload_in_excluded_dir sizeBytes = 19059 magicHex = [redacted]
High
Payload In Excluded Dir

Package hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.

hooks/tests/smoke.shView on unpkg

Findings

1 High4 Medium4 Low
HighPayload In Excluded Dirhooks/tests/smoke.sh
MediumDynamic Requirebin/agentsmd.js
MediumEnvironment Vars
MediumShips Build Helperinstall.sh
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings