registry  /  @sema-agent/server  /  1.193.0

@sema-agent/server@1.193.0

Sema Server — the server/API implementation layer for Sema, wiring core, registry, model providers, and cloud agent execution. Built on @sema-agent/core.

Static Scan Results

scanned 1h ago · by rust-scanner

Static analysis flagged 12 finding(s) at 93.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShellWebSocket
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 192 file(s), 1.68 MB of source, external domains: 127.0.0.1, 169.254.169.254, api.deepseek.com, api.nuget.org, api.search.brave.com, api.tavily.com, gitforwindows.org, proxy.golang.org, pub.dev, pypi.org, registry.npmjs.org, static.rust-lang.org, storage.googleapis.com

Source & flagged code

4 flagged · loading source
dist/orchestration/hardened-vm-runner.jsView file
27function sterilizingParse(json) { L28: const parsed = JSON.parse(json); L29: scrubProtoDeep(parsed); ... L210: return runHardened({ L211: body: opts.code, L212: buildGlobals: opts.bindings ?? (() => ({})),
Medium
Unsafe Vm Context

Package source executes code through a VM context API.

dist/orchestration/hardened-vm-runner.jsView on unpkg · L27
dist/bench/l8/probes.jsView file
13name: "immutable-mount", L14: assertsBoundary: "after a write, a remount/escalation (mount -o remount,rw / chattr -i / unshare -m / busybox-mount) ACTUALLY fails at the kernel, verified by an INDEPENDENT grader... L15: distinguishes: "the verdict is the runner-side independent observation that the oracle file is unchanged + absent — not the in-sandbox exit code (which a compromised agent can fake... ... L105: case "unshare-m": L106: return `unshare -m sh -c ${shellQuote(`mount -o remount,rw ${q}`)}`; L107: case "busybox-mount": ... L148: case "metadata-169254": L149: return `curl -sS --max-time 5 http://169.254.169.254/${n} >/dev/null 2>&1; echo rc=$?`; L150: case "unix-socket":
High
Cloud Metadata Access

Source reaches cloud instance metadata or link-local credential endpoints.

dist/bench/l8/probes.jsView on unpkg · L13
deploy/sema-up/sema-up.shView file
path = deploy/sema-up/sema-up.sh kind = build_helper sizeBytes = 50380 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

deploy/sema-up/sema-up.shView on unpkg
dist/http/server.jsView file
matchType = previous_version_dangerous_delta matchedPackage = @sema-agent/server@1.192.0 matchedIdentity = npm:QHNlbWEtYWdlbnQvc2VydmVy:1.192.0 similarity = 0.942 summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/http/server.jsView on unpkg

Findings

2 High5 Medium5 Low
HighCloud Metadata Accessdist/bench/l8/probes.js
HighPrevious Version Dangerous Deltadist/http/server.js
MediumUnsafe Vm Contextdist/orchestration/hardened-vm-runner.js
MediumNetwork
MediumEnvironment Vars
MediumShips Build Helperdeploy/sema-up/sema-up.sh
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings