registry  /  @vercel/agent-eval  /  1.3.1

@vercel/agent-eval@1.3.1

⚠ Under review

Framework for testing AI coding agents in isolated sandboxes

Static Scan Results

scanned 4h ago · by rust-scanner

Static analysis flagged 13 finding(s) at 93.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsEvalFilesystemShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 40 file(s), 324 KB of source, external domains: ai-gateway.vercel.sh, api.openai.com, cursor.com, github.com, opencode.ai, vercel.com

Source & flagged code

6 flagged · loading source
dist/lib/agents/claude-code/run.mjsView file
21L22: import { spawnSync } from 'node:child_process'; L23: import { mkdirSync, readdirSync, readFileSync, statSync, writeFileSync } from 'node:fs';
High
Child Process

Package source references child process execution.

dist/lib/agents/claude-code/run.mjsView on unpkg · L21
dist/lib/agents/codex/run.mjsView file
196*/ L197: export function buildCodexExecArgs(input) { L198: const extra = input.extra ?? {};
High
Shell

Package source references shell execution.

dist/lib/agents/codex/run.mjsView on unpkg · L196
dist/cli.jsView file
matchType = previous_version_dangerous_delta matchedPackage = @vercel/agent-eval@1.2.0 matchedIdentity = npm:QHZlcmNlbC9hZ2VudC1ldmFs:1.2.0 similarity = 0.622 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/cli.jsView on unpkg
235// Try to run the playground package directly, fall back to npx L236: const result = spawnSync('npx', ['@vercel/agent-eval-playground', ...playgroundArgs], { stdio: 'inherit', cwd: process.cwd() }); L237: process.exit(result.status ?? 1);
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

dist/cli.jsView on unpkg · L235
111if (models.length > 1) { L112: console.log(chalk.blue(`\nRunning ${smokeEvalNames.length} eval(s) x ${smokeRuns} run(s) x ${models.length} model(s) = ${totalRuns} total runs`)); L113: console.log(chalk.blue(`Agent: ${config.agent}, Models: ${models.join(', ')}, Timeout: ${config.timeout}s, Early Exit: ${config.earlyExit}`));
Low
Eval

Package source references a known benign dynamic code generation pattern.

dist/cli.jsView on unpkg · L111
dist/lib/config.jsView file
130if (configPath.endsWith('.ts')) { L131: const { createJiti } = await import('jiti'); L132: const jiti = createJiti(import.meta.url, {
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/lib/config.jsView on unpkg · L130

Findings

1 Critical3 High3 Medium6 Low
CriticalPrevious Version Dangerous Deltadist/cli.js
HighChild Processdist/lib/agents/claude-code/run.mjs
HighShelldist/lib/agents/codex/run.mjs
HighRuntime Package Installdist/cli.js
MediumDynamic Requiredist/lib/config.js
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowEvaldist/cli.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings