registry  /  @tuned-tensor/local  /  0.1.2

@tuned-tensor/local@0.1.2

Local, cloud-independent fine-tuning runner for Tuned Tensor behavior specs.

Static Scan Results

scanned 4d ago · by rust-scanner

Static analysis completed at 65.0% confidence. No malicious behavior was detected; 7 low-signal pattern(s) were surfaced and cleared.

Static reason
No blocking static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
UrlStrings
ManifestNo manifest risk signals triggered.
scanned 14 file(s), 95.3 KB of source, external domains: openrouter.ai

Source & flagged code

2 flagged · loading source
dist/openrouter.jsView file
1export async function openRouterChat(messages, options) { L2: const apiKey = process.env[options.apiKeyEnv]; L3: if (!apiKey) { ... L8: try { L9: const response = await fetch("https://openrouter.ai/api/v1/chat/completions", { L10: method: "POST", ... L17: }, L18: body: JSON.stringify({ L19: model: options.model, ... L25: if (!response.ok) { L26: const text = await response.text().catch(() => ""); L27: throw new Error(`OpenRouter request failed (${response.status}): ${text.slice(0, 500)}`);
High
Credential Exfiltration

Source combines credential-like environment material and outbound requests; review data flow before blocking.

dist/openrouter.jsView on unpkg · L1
training/sft-local/src/train.pyView file
path = training/sft-local/src/train.py kind = build_helper sizeBytes = 7761 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

training/sft-local/src/train.pyView on unpkg

Findings

1 High3 Medium3 Low
HighCredential Exfiltrationdist/openrouter.js
MediumNetwork
MediumEnvironment Vars
MediumShips Build Helpertraining/sft-local/src/train.py
LowScripts Present
LowFilesystem
LowUrl Strings