registry  /  @synkro-sh/cli  /  1.7.38

@synkro-sh/cli@1.7.38

⚠ Under review

Catch risky code before your AI coding agent ships it. Reviews every edit and shell command with full context.

Static Scan Results

scanned 4h ago · by rust-scanner

Static analysis flagged 16 finding(s) at 86.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
High-risk behavior combination matched malicious policy.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 1 file(s), 358 KB of source, external domains: 127.0.0.1, api.cursor.com, api.github.com, api.synkro.sh, bun.sh, cli.github.com, developers.openai.com, docs.claude.com, github.com

Source & flagged code

7 flagged · loading source
dist/bootstrap.jsView file
21import { join } from "path"; L22: import { execFileSync, execSync } from "child_process"; L23: function which(cmd2) { ... L41: const agents = []; L42: const home = homedir(); L43: const claudeBinary = which("claude"); ... L56: const cursorConfigDir = join(home, ".cursor"); L57: const cursorApp = process.platform === "darwin" && existsSync("/Applications/Cursor.app"); L58: if (cursorBinary || cursorApp || existsSync(cursorConfigDir)) { ... L92: const raw = readFileSync(path, "utf-8"); L93: return JSON.parse(raw); L94: } catch (err) {
Critical
Credential Exfiltration

Source appears to send environment or credential material to an external endpoint.

dist/bootstrap.jsView on unpkg · L21
21Trigger-reachable chain: manifest.bin -> dist/bootstrap.js L21: import { join } from "path"; L22: import { execFileSync, execSync } from "child_process"; L23: function which(cmd2) { ... L41: const agents = []; L42: const home = homedir(); L43: const claudeBinary = which("claude"); ... L56: const cursorConfigDir = join(home, ".cursor"); L57: const cursorApp = process.platform === "darwin" && existsSync("/Applications/Cursor.app"); L58: if (cursorBinary || cursorApp || existsSync(cursorConfigDir)) { ... L92: const raw = readFileSync(path, "utf-8"); L93: return JSON.parse(raw); L94: } catch (err) {
Critical
Trigger Reachable Dangerous Capability

A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.

dist/bootstrap.jsView on unpkg · L21
21import { join } from "path"; L22: import { execFileSync, execSync } from "child_process"; L23: function which(cmd2) {
High
Child Process

Package source references child process execution.

dist/bootstrap.jsView on unpkg · L21
1486SYNKRO_SHA: \${{ inputs.sha || github.event.pull_request.head.sha }} L1487: SYNKRO_GATEWAY_URL: \${{ vars.SYNKRO_GATEWAY_URL || 'https://api.synkro.sh' }} L1488: `; ... L1494: import { existsSync as existsSync6, mkdirSync as mkdirSync5, writeFileSync as writeFileSync5 } from "fs"; L1495: import { execSync as execSync2 } from "child_process"; L1496: import { join as join4 } from "path"; ... L1499: input: value, L1500: env: { ...process.env, GH_TOKEN: token }, L1501: stdio: ["pipe", "ignore", "pipe"],
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

dist/bootstrap.jsView on unpkg · L1486
21import { join } from "path"; L22: import { execFileSync, execSync } from "child_process"; L23: function which(cmd2) { ... L41: const agents = []; L42: const home = homedir(); L43: const claudeBinary = which("claude"); ... L56: const cursorConfigDir = join(home, ".cursor"); L57: const cursorApp = process.platform === "darwin" && existsSync("/Applications/Cursor.app"); L58: if (cursorBinary || cursorApp || existsSync(cursorConfigDir)) { ... L92: const raw = readFileSync(path, "utf-8"); L93: return JSON.parse(raw); L94: } catch (err) {
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

dist/bootstrap.jsView on unpkg · L21
21import { join } from "path"; L22: import { execFileSync, execSync } from "child_process"; L23: function which(cmd2) { ... L91: try { L92: const raw = readFileSync(path, "utf-8"); L93: return JSON.parse(raw); ... L1389: // cli/api/projects.ts L1390: function setApiBaseUrl(url) { L1391: API_URL = url;
High
Remote Agent Bridge

Source exposes local file and command tools to a remote model endpoint.

dist/bootstrap.jsView on unpkg · L21
21import { join } from "path"; L22: import { execFileSync, execSync } from "child_process"; L23: function which(cmd2) { ... L41: const agents = []; L42: const home = homedir(); L43: const claudeBinary = which("claude"); ... L56: const cursorConfigDir = join(home, ".cursor"); L57: const cursorApp = process.platform === "darwin" && existsSync("/Applications/Cursor.app"); L58: if (cursorBinary || cursorApp || existsSync(cursorConfigDir)) { ... L92: const raw = readFileSync(path, "utf-8"); L93: return JSON.parse(raw); L94: } catch (err) {
Medium
Install Persistence

Source writes installer persistence such as shell profile or service configuration.

dist/bootstrap.jsView on unpkg · L21

Findings

2 Critical5 High4 Medium5 Low
CriticalCredential Exfiltrationdist/bootstrap.js
CriticalTrigger Reachable Dangerous Capabilitydist/bootstrap.js
HighChild Processdist/bootstrap.js
HighShell
HighSame File Env Network Executiondist/bootstrap.js
HighSandbox Evasion Gated Capabilitydist/bootstrap.js
HighRemote Agent Bridgedist/bootstrap.js
MediumNetwork
MediumEnvironment Vars
MediumInstall Persistencedist/bootstrap.js
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings