registry  /  @sofagent/audit  /  0.99.6

@sofagent/audit@0.99.6

sofagent 提交时审计——扫描 git diff,检查 Agent 是否遵守工作纪律

Static Scan Results

scanned 6d ago · by rust-scanner

Static analysis completed at 65.0% confidence. No malicious behavior was detected; 7 low-signal pattern(s) were surfaced and cleared.

Static reason
No blocking static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsEvalFilesystemNetwork
Supply chain
HighEntropyStrings
ManifestNo manifest risk signals triggered.
scanned 42 file(s), 238 KB of source

Source & flagged code

1 flagged · loading source
dist/rules/skill-safety-rules.jsView file
36// === 危险调用 (SUSPICIOUS) === L37: { pattern: /eval\(.*[^0-9"'].*\)/, category: '危险调用', severity: 'SUSPICIOUS', description: 'eval() 非常量参数' }, L38: { pattern: /os\.system\(/, category: '危险调用', severity: 'SUSPICIOUS', description: 'os.system() 系统调用' },
Low
Eval

Package source references a known benign dynamic code generation pattern.

dist/rules/skill-safety-rules.jsView on unpkg · L36

Findings

2 Medium5 Low
MediumNetwork
MediumEnvironment Vars
LowNon Install Lifecycle Scripts
LowScripts Present
LowEvaldist/rules/skill-safety-rules.js
LowFilesystem
LowHigh Entropy Strings