registry  /  @wrongstack/cli  /  0.282.2

@wrongstack/cli@0.282.2

⚠ Under review

WrongStack CLI — terminal AI coding agent with provider catalog from models.dev. Provides `wrongstack` and `wstack` binaries.

Static Scan Results

scanned 3h ago · by rust-scanner

Static analysis flagged 16 finding(s) at 86.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
High-risk behavior combination matched malicious policy.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShellWebSocket
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 1 file(s), 1.67 MB of source, external domains: 127.0.0.1, 192.168.1.20, api.anthropic.com, api.example.com, api.openai.com, api.telegram.org, auth.openai.com, chatgpt.com, claude.ai, docs.vllm.ai, esm.sh, github.com, lmstudio.ai, ollama.com, platform.claude.com, raw.githubusercontent.com, registry.npmjs.org

Source & flagged code

9 flagged · loading source
dist/index.jsView file
26913patternName = github_pat severity = critical line = 26913 matchedText = githubTo...89",
Critical
Critical Secret

Package contains a critical-looking secret pattern.

dist/index.jsView on unpkg · L26913
33844label: "Vulnerability Detection", L33845: prompt: 'Review this code for security issues:\n```ts\napp.get("/api/user", (req, res) => {\n const id = req.query.id;\n const user = db.query("SELECT * FROM users WHERE id = " +... L33846: }, ... L33848: label: "Bug Diagnosis", L33849: prompt: 'This async function has 2 bugs. Find and fix both:\n```ts\nasync function processBatch(items: string[]) {\n const results = [];\n for (const item of items) {\n const ... L33850: },
Critical
Command Output Exfiltration

Source executes local commands and sends command output to an external endpoint.

dist/index.jsView on unpkg · L33844
33844Trigger-reachable chain: manifest.main -> dist/index.js L33844: label: "Vulnerability Detection", L33845: prompt: 'Review this code for security issues:\n```ts\napp.get("/api/user", (req, res) => {\n const id = req.query.id;\n const user = db.query("SELECT * FROM users WHERE id = " +... L33846: }, ... L33848: label: "Bug Diagnosis", L33849: prompt: 'This async function has 2 bugs. Find and fix both:\n```ts\nasync function processBatch(items: string[]) {\n const results = [];\n for (const item of items) {\n const ... L33850: },
Critical
Trigger Reachable Dangerous Capability

A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.

dist/index.jsView on unpkg · L33844
26913patternName = github_pat severity = critical line = 26913 matchedText = githubTo...89",
Critical
Secret Pattern

GitHub personal access token in dist/index.js

dist/index.jsView on unpkg · L26913
26import { toErrorMessage } from '@wrongstack/core/utils/error'; L27: import { spawn, execFile, execFileSync } from 'child_process'; L28: import { MCPRegistry, MCPServer, serveHttp, serveStdio } from '@wrongstack/mcp';
High
Child Process

Package source references child process execution.

dist/index.jsView on unpkg · L26
606".bash": "Shell", L607: ".ps1": "PowerShell", L608: ".pl": "Perl",
High
Shell

Package source references shell execution.

dist/index.jsView on unpkg · L606
12Detached bundled service listener: dist/index.js launches a Node helper and exposes a broad-bound HTTP listener. L12: import { watch, writeFileSync, existsSync, realpathSync } from 'fs'; L13: import * as http from 'http'; L14: import { createServer } from 'http'; ... L26: import { toErrorMessage } from '@wrongstack/core/utils/error'; L27: import { spawn, execFile, execFileSync } from 'child_process'; L28: import { MCPRegistry, MCPServer, serveHttp, serveStdio } from '@wrongstack/mcp'; ... L118: try { L119: parsed = JSON.parse(raw); L120: } catch (err) { ... L297: try { L298: const pkg = JSON.parse(await fs2.readFile(path5.join(root, "package.json"), "utf8")); L299: const scripts = pkg.scripts ?? {};
High
Spawned Bundled Service Listener

Source launches a detached bundled service that exposes a broad-bound HTTP listener.

dist/index.jsView on unpkg · L12
36872"Install the desktop package:", L36873: " npm install -g @wrongstack/desktop", L36874: "", ... L36882: return await new Promise((resolve13) => { L36883: const child = spawn(process.execPath, [launcherPath, ...args], { L36884: stdio: "inherit",
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

dist/index.jsView on unpkg · L36872
1755try { L1756: const mod = await import(spec); L1757: if (mod.default) userPlugins.push(mod.default);
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/index.jsView on unpkg · L1755

Findings

4 Critical4 High4 Medium4 Low
CriticalCritical Secretdist/index.js
CriticalCommand Output Exfiltrationdist/index.js
CriticalTrigger Reachable Dangerous Capabilitydist/index.js
CriticalSecret Patterndist/index.js
HighChild Processdist/index.js
HighShelldist/index.js
HighSpawned Bundled Service Listenerdist/index.js
HighRuntime Package Installdist/index.js
MediumDynamic Requiredist/index.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings