registry  /  @wujie-shell/core  /  1.0.5

@wujie-shell/core@1.0.5

`@wujie-shell/core` is the runtime and desktop infrastructure layer for `wujie-shell`. It prepares the OpenClaw runtime, generates/syncs OpenClaw configuration, starts the gateway, bridges gateway events, and provides the Electron main/preload implementat

Static Scan Results

scanned 4d ago · by rust-scanner

Static analysis flagged 15 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetwork
Supply chain
HighEntropyStringsMinifiedObfuscatedProtestware
Manifest
NoLicense
scanned 62 file(s), 1.15 MB of source

Source & flagged code

6 flagged · loading source
dist/src/connectors/controller.mjsView file
1const _0x1c5a52=_0x6860;(function(_0x1de180,_0x5b2eba){const _0x2a538a=_0x6860,_0x2570f2=_0x1de180();while(!![]){try{const _0x1c6995=-parseInt(_0x2a538a(0x1ba))/0x1+-parseInt(_0x2a...
High
Child Process

Package source references child process execution.

dist/src/connectors/controller.mjsView on unpkg · L1
1const _0x1c5a52=_0x6860;(function(_0x1de180,_0x5b2eba){const _0x2a538a=_0x6860,_0x2570f2=_0x1de180();while(!![]){try{const _0x1c6995=-parseInt(_0x2a538a(0x1ba))/0x1+-parseInt(_0x2a...
High
Command Output Exfiltration

Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.

dist/src/connectors/controller.mjsView on unpkg · L1
bin/wujie-shell.mjsView file
29: '../src/runtime/index.mjs' L30: const { prepareRuntime } = await import(runtimeEntry) L31:
Medium
Dynamic Require

Package source references dynamic require/import behavior.

bin/wujie-shell.mjsView on unpkg · L29
dist/src/runtime/index.mjsView file
1const _0x4cb8b3=_0x5af4;(function(_0x2bfd7c,_0x12c27b){const _0x488749=_0x5af4,_0x3ee2e7=_0x2bfd7c();while(!![]){try{const _0x4fb003=-parseInt(_0x488749(0x17d))/0x1*(parseInt(_0x48...
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

dist/src/runtime/index.mjsView on unpkg · L1
1Cross-file remote execution chain: dist/src/runtime/index.mjs spawns dist/src/connectors/kdocs-cli.mjs; helper contains network access plus dynamic code execution. L1: const _0x4cb8b3=_0x5af4;(function(_0x2bfd7c,_0x12c27b){const _0x488749=_0x5af4,_0x3ee2e7=_0x2bfd7c();while(!![]){try{const _0x4fb003=-parseInt(_0x488749(0x17d))/0x1*(parseInt(_0x48...
High
Cross File Remote Execution Context

Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.

dist/src/runtime/index.mjsView on unpkg · L1
dist/bin/wujie-shell.mjsView file
1#!/usr/bin/env node L2: function _0x6938(){const _0x5a2cd2=['wujie-so','12gLZYZI','trim','9104KNdTfm','200WvXSom','unknown\x20','command:','ntime','10921559ojMkrQ','cwd','some','project>','src/runt','leng...
High
Obfuscated Payload Loader

Source contains an obfuscator-style string-array loader that reconstructs and executes hidden code.

dist/bin/wujie-shell.mjsView on unpkg · L1

Findings

6 High5 Medium4 Low
HighChild Processdist/src/connectors/controller.mjs
HighSame File Env Network Executiondist/src/runtime/index.mjs
HighCommand Output Exfiltrationdist/src/connectors/controller.mjs
HighObfuscated Payload Loaderdist/bin/wujie-shell.mjs
HighCross File Remote Execution Contextdist/src/runtime/index.mjs
HighObfuscated
MediumDynamic Requirebin/wujie-shell.mjs
MediumNetwork
MediumEnvironment Vars
MediumProtestware
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowNo License