registry  /  @tiens.nguyen/gonext-local-worker  /  1.0.114

@tiens.nguyen/gonext-local-worker@1.0.114

Polls GoNext cloud API for async local LLM jobs and runs them against Ollama/OpenAI-compatible servers on this Mac

Static Scan Results

scanned 6h ago · by rust-scanner

Static analysis flagged 9 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 1 file(s), 72.0 KB of source, external domains: hwohu56e8d.execute-api.ap-southeast-1.amazonaws.com, ollama1.gomarsic.cc

Source & flagged code

2 flagged · loading source
gonext_agent_chat.pyView file
805patternName = generic_password severity = medium line = 805 matchedText = " ...)\n"
Medium
Secret Pattern

Package contains a possible secret pattern.

gonext_agent_chat.pyView on unpkg · L805
gonext_transcribe.pyView file
path = gonext_transcribe.py kind = build_helper sizeBytes = 4252 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

gonext_transcribe.pyView on unpkg

Findings

5 Medium4 Low
MediumSecret Patterngonext_agent_chat.py
MediumNetwork
MediumEnvironment Vars
MediumShips Build Helpergonext_transcribe.py
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings