registry  /  @stigmer/cli  /  3.1.12

@stigmer/cli@3.1.12

Stigmer command-line interface — manage agents, workflows, MCP servers, skills, and executions from the terminal

Static Scan Results

scanned 15m ago · by rust-scanner

Static analysis flagged 7 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 479 file(s), 1.74 MB of source, external domains: 127.0.0.1, a.b, api.stigmer.ai, api.stigmer.com, app.stigmer.ai, console.example, docs.example.com, example.com, github.com, stigmer-prod.us.auth0.com

Source & flagged code

1 flagged · loading source
commands/share.jsView file
65package = @stigmer/cli; repositoryIdentity = stigmer; dependency = open L65: try { L66: const { default: open } = await import("open"); L67: await open(url);
High
Copied Package Dependency Bridge

Package metadata claims a different repository identity while copied source loads a runtime dependency bridge.

commands/share.jsView on unpkg · L65

Findings

1 High3 Medium3 Low
HighCopied Package Dependency Bridgecommands/share.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings