registry  /  @standardagents/code  /  0.8.0

@standardagents/code@0.8.0

Standard Code — a terminal coding agent whose LLM loop runs on a Standard Agents instance while its tools execute on your machine via this CLI.

Static Scan Results

scanned 2h ago · by rust-scanner

Static analysis flagged 9 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShellWebSocket
Supply chain
HighEntropyStringsUrlStrings
Manifest
NoLicense
scanned 1 file(s), 226 KB of source, external domains: api.standardcode.ai, registry.npmjs.org, standardcode.ai

Source & flagged code

1 flagged · loading source
dist/index.jsView file
5import readline2 from 'readline/promises'; L6: import { spawn, execFile } from 'child_process'; L7: import { stdout, stdin } from 'process'; L8: import fsp from 'fs/promises'; ... L67: reason: `TLS problem talking to ${host}: ${text.slice(0, 120)}`, L68: hint: "For local/self-signed endpoints, use the http:// URL or trust the local CA." L69: }; ... L102: }); L103: const text = await res.text(); L104: if (!res.ok) { ... L171: method: "POST", L172: body: JSON.stringify({ agent_id: agentId, tags })
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

dist/index.jsView on unpkg · L5

Findings

1 High3 Medium5 Low
HighSandbox Evasion Gated Capabilitydist/index.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License