registry  /  @tangle-network/sandbox  /  0.10.1

@tangle-network/sandbox@0.10.1

⚠ Under review

Client SDK for the Tangle Sandbox platform - build AI agent applications with dev containers

Static Scan Results

scanned 3h ago · by rust-scanner

Static analysis flagged 9 finding(s) at 86.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
High-risk behavior combination matched malicious policy.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoDynamicRequireFilesystemNetworkWebSocket
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 14 file(s), 487 KB of source, external domains: bootstrap.pypa.io, intelligence.tangle.tools, micro.mamba.pm, router.tangle.tools, rpc.tangle.tools

Source & flagged code

3 flagged · loading source
dist/client-DeHvk634.jsView file
128const reserved = Object.keys(metadata).find((key) => key.startsWith(RESERVED_METADATA_PREFIX)); L129: if (reserved) throw new ValidationError(`${label} metadata key '${reserved}' is reserved by Tangle`, { metadata: "reserved" }); L130: } ... L339: } L340: async exec(machineId, command, options) { L341: const [result] = await this.dispatchExec(command, { ... L352: async dispatchExecDetailed(command, options) { L353: const response = await this.client.fetch(`/v1/fleets/${this.fleetId}/dispatch`, { L354: method: "POST", ... L357: if (!response.ok) { L358: const body = await response.text(); L359: throw parseErrorResponse(response.status, body, void 0, response.headers);
Critical
Credential Exfiltration

Source appears to send environment or credential material to an external endpoint.

dist/client-DeHvk634.jsView on unpkg · L128
128Trigger-reachable chain: manifest.main -> dist/index.js -> dist/client-DeHvk634.js L128: const reserved = Object.keys(metadata).find((key) => key.startsWith(RESERVED_METADATA_PREFIX)); L129: if (reserved) throw new ValidationError(`${label} metadata key '${reserved}' is reserved by Tangle`, { metadata: "reserved" }); L130: } ... L339: } L340: async exec(machineId, command, options) { L341: const [result] = await this.dispatchExec(command, { ... L352: async dispatchExecDetailed(command, options) { L353: const response = await this.client.fetch(`/v1/fleets/${this.fleetId}/dispatch`, { L354: method: "POST", ... L357: if (!response.ok) { L358: const body = await response.text(); L359: throw parseErrorResponse(response.status, body, void 0, response.headers);
Critical
Trigger Reachable Dangerous Capability

A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.

dist/client-DeHvk634.jsView on unpkg · L128
1041const [{ existsSync, readFileSync }, { homedir }, { join }] = await Promise.all([ L1042: import("node:fs"), L1043: import("node:os"),
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/client-DeHvk634.jsView on unpkg · L1041

Findings

2 Critical3 Medium4 Low
CriticalCredential Exfiltrationdist/client-DeHvk634.js
CriticalTrigger Reachable Dangerous Capabilitydist/client-DeHvk634.js
MediumDynamic Requiredist/client-DeHvk634.js
MediumNetwork
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings