registry  /  @webpresso/agent-kit  /  3.1.15

@webpresso/agent-kit@3.1.15

⚠ Under review

TypeScript-first agent harness for guarded develop/deploy workflows: wp CLI gates, MCP tools, hooks, memory, worktrees, secrets, audits, and evidence checks.

Static Scan Results

scanned 3h ago · by rust-scanner

Static analysis flagged 15 finding(s) at 93.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
High-risk behavior combination matched malicious policy.; previous stored version diff introduced dangerous source

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNativeBindingsNetworkShell
Supply chain
HighEntropyStringsProtestwareUrlStrings
ManifestNo manifest risk signals triggered.
scanned 758 file(s), 4.05 MB of source, external domains: api.webpresso.io, bun.sh, developers.openai.com, docs.npmjs.com, github.com, json.schemastore.org, opencode.ai, raw.githubusercontent.com, registry.npmjs.org, telemetry.webpresso.dev

Source & flagged code

6 flagged · loading source
bin/_run.jsView file
2L3: import { spawn, spawnSync } from "node:child_process"; L4: import { existsSync, readFileSync, readdirSync, realpathSync, statSync } from "node:fs";
High
Child Process

Package source references child process execution.

bin/_run.jsView on unpkg · L2
dist/esm/cli/commands/dash/tmux.jsView file
139* would resolve if typed at a prompt. tmux receives multiple command arguments, L140: * which it executes directly without `sh -c`; the fixed script only promotes L141: * those positional arguments into the login shell's environment.
High
Shell

Package source references shell execution.

dist/esm/cli/commands/dash/tmux.jsView on unpkg · L139
dist/esm/tool-runtime/resolve-runner.jsView file
matchType = previous_version_dangerous_delta matchedPackage = @webpresso/agent-kit@3.1.13 matchedIdentity = npm:QHdlYnByZXNzby9hZ2VudC1raXQ:3.1.13 similarity = 0.725 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/esm/tool-runtime/resolve-runner.jsView on unpkg
9import { readTrustedJsonFile } from "#shared-utils/read-json-file.js"; L10: const require = createRequire(import.meta.url); L11: const MANAGED_TOOL_PREFIX = {
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/esm/tool-runtime/resolve-runner.jsView on unpkg · L9
dist/esm/audit/weakness-mining/index.jsView file
6import { readPretoolEvidence, } from "./read-pretool-log.js"; L7: export async function auditWeaknessMining(rootDirectory = process.cwd(), options = {}) { L8: const report = mineWeaknesses(rootDirectory, options);
Low
Weak Crypto

Package source references weak cryptographic algorithms.

dist/esm/audit/weakness-mining/index.jsView on unpkg · L6
dist/esm/hooks/pretool-guard/validators/dangerous-commands.jsView file
23{ L24: pattern: /\bbase64\b[^|]*\|\s*(?:sh|bash|zsh)\b/, L25: description: "base64 decoded into a shell executes hidden payloads", ... L28: pattern: /\bnc\b[^\n]*\s-e\s+\S+/, L29: description: "netcat -e spawns a remote shell", L30: }, ... L62: export function validateDangerousCommands(input) { L63: if (process.env.DANGEROUS_COMMANDS_SKIP === "1") L64: return createSkipResult(VALIDATOR_NAME);
Critical
Reverse Shell

Source matches reverse-shell style process and socket wiring.

dist/esm/hooks/pretool-guard/validators/dangerous-commands.jsView on unpkg · L23

Findings

2 Critical2 High5 Medium6 Low
CriticalReverse Shelldist/esm/hooks/pretool-guard/validators/dangerous-commands.js
CriticalPrevious Version Dangerous Deltadist/esm/tool-runtime/resolve-runner.js
HighChild Processbin/_run.js
HighShelldist/esm/cli/commands/dash/tmux.js
MediumDynamic Requiredist/esm/tool-runtime/resolve-runner.js
MediumNetwork
MediumEnvironment Vars
MediumProtestware
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowWeak Cryptodist/esm/audit/weakness-mining/index.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings