registry  /  @whalent/agent  /  0.3.213

@whalent/agent@0.3.213

⚠ Under review

Stable wrapper for Whalent Agent core runtime

Static Scan Results

scanned 3d ago · by rust-scanner

Static analysis flagged 15 finding(s) at 93.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
High-risk behavior combination matched malicious policy.; previous stored version diff introduced dangerous source

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessDynamicRequireEnvironmentVarsFilesystem
Supply chain
HighEntropyStringsMinifiedObfuscatedUrlStrings
Manifest
NoLicense
scanned 2 file(s), 303 KB of source, external domains: memory.whale, registry.npm, registry.npmjs.org
Oversized source lightweight scan
dist/core.cjs4.51 MB file, sampled 256 KB
EnvironmentVarsDynamicRequireObfuscatedHighEntropyStringsMinifiedUrlStringsmemory.whale

Source & flagged code

6 flagged · loading source
package.jsonView file
scripts.preinstall = node scripts/preinstall-check.cjs
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
dist/index.cjsView file
matchType = previous_version_dangerous_delta matchedPackage = @whalent/agent@0.3.201 matchedIdentity = npm:QHdoYWxlbnQvYWdlbnQ:0.3.201 similarity = 0.500 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/index.cjsView on unpkg
1#!/usr/bin/env node L2: 'use strict';const a0_0xcc1ef9=a0_0x2789;(function(_0x3f6435,_0x3e7f63){const _0x98461e=a0_0x2789,_0x199c8a=_0x3f6435();while(!![]){try{const _0x52f2c2=parseInt(_0x98461e(0x23c))/0...
High
Obfuscated Payload Loader

Source contains an obfuscator-style string-array loader that reconstructs and executes hidden code.

dist/index.cjsView on unpkg · L1
1#!/usr/bin/env node L2: 'use strict';const a0_0xcc1ef9=a0_0x2789;(function(_0x3f6435,_0x3e7f63){const _0x98461e=a0_0x2789,_0x199c8a=_0x3f6435();while(!![]){try{const _0x52f2c2=parseInt(_0x98461e(0x23c))/0...
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/index.cjsView on unpkg · L1
dist/core.cjsView file
path = dist/core.cjs kind = oversized_source_file sizeBytes = 4731538 magicHex = [redacted]
High
Oversized Source File

Package contains source files above the static scanner size ceiling.

dist/core.cjsView on unpkg
path = dist/core.cjs kind = oversized_cli_entrypoint sizeBytes = 4731538 magicHex = [redacted]
Medium
Oversized Cli Entrypoint

Package contains an oversized executable-looking CLI entrypoint.

dist/core.cjsView on unpkg

Findings

1 Critical4 High4 Medium6 Low
CriticalPrevious Version Dangerous Deltadist/index.cjs
HighInstall Time Lifecycle Scriptspackage.json
HighObfuscated Payload Loaderdist/index.cjs
HighObfuscated
HighOversized Source Filedist/core.cjs
MediumDynamic Requiredist/index.cjs
MediumEnvironment Vars
MediumOversized Cli Entrypointdist/core.cjs
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License