registry  /  @wujie-shell/core  /  1.0.6

@wujie-shell/core@1.0.6

`@wujie-shell/core` is the runtime and desktop infrastructure layer for `wujie-shell`. It prepares the OpenClaw runtime, generates/syncs OpenClaw configuration, starts the gateway, bridges gateway events, and provides the Electron main/preload implementat

Static Scan Results

scanned 18h ago · by rust-scanner

Static analysis flagged 14 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetwork
Supply chain
HighEntropyStringsMinifiedObfuscated
Manifest
NoLicense
scanned 66 file(s), 1.22 MB of source

Source & flagged code

6 flagged · loading source
dist/src/connectors/controller.mjsView file
1const _0x340df0=_0x5475;(function(_0x303889,_0x9ebd9c){const _0x336af0=_0x5475,_0x3241b8=_0x303889();while(!![]){try{const _0x27f6e4=-parseInt(_0x336af0(0x186))/0x1+parseInt(_0x336...
High
Child Process

Package source references child process execution.

dist/src/connectors/controller.mjsView on unpkg · L1
1const _0x340df0=_0x5475;(function(_0x303889,_0x9ebd9c){const _0x336af0=_0x5475,_0x3241b8=_0x303889();while(!![]){try{const _0x27f6e4=-parseInt(_0x336af0(0x186))/0x1+parseInt(_0x336...
High
Command Output Exfiltration

Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.

dist/src/connectors/controller.mjsView on unpkg · L1
dist/src/connectors/kdocs-cli.mjsView file
1const _0x2cb460=_0x16a2;(function(_0x327bc5,_0x2691d4){const _0x307a8=_0x16a2,_0x2bd337=_0x327bc5();while(!![]){try{const _0x37ef0e=-parseInt(_0x307a8(0xb5))/0x1*(parseInt(_0x307a8...
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/src/connectors/kdocs-cli.mjsView on unpkg · L1
dist/src/runtime/index.mjsView file
1const _0x31e6db=_0x3914;(function(_0x4ab917,_0x386a73){const _0x4c64e1=_0x3914,_0x3f2df2=_0x4ab917();while(!![]){try{const _0x15d87f=parseInt(_0x4c64e1(0x1ba))/0x1*(-parseInt(_0x4c...
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

dist/src/runtime/index.mjsView on unpkg · L1
1Cross-file remote execution chain: dist/src/runtime/index.mjs spawns dist/src/connectors/kdocs-cli.mjs; helper contains network access plus dynamic code execution. L1: const _0x31e6db=_0x3914;(function(_0x4ab917,_0x386a73){const _0x4c64e1=_0x3914,_0x3f2df2=_0x4ab917();while(!![]){try{const _0x15d87f=parseInt(_0x4c64e1(0x1ba))/0x1*(-parseInt(_0x4c...
High
Cross File Remote Execution Context

Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.

dist/src/runtime/index.mjsView on unpkg · L1
dist/bin/wujie-shell.mjsView file
1#!/usr/bin/env node L2: const _0x4f287c=_0x2210;(function(_0x44ce10,_0x1b7fd5){const _0xe768b9=_0x2210,_0x46cafd=_0x44ce10();while(!![]){try{const _0x13f5dc=-parseInt(_0xe768b9(0x8d))/0x1*(-parseInt(_0xe7...
High
Obfuscated Payload Loader

Source contains an obfuscator-style string-array loader that reconstructs and executes hidden code.

dist/bin/wujie-shell.mjsView on unpkg · L1

Findings

6 High4 Medium4 Low
HighChild Processdist/src/connectors/controller.mjs
HighSame File Env Network Executiondist/src/runtime/index.mjs
HighCommand Output Exfiltrationdist/src/connectors/controller.mjs
HighObfuscated Payload Loaderdist/bin/wujie-shell.mjs
HighCross File Remote Execution Contextdist/src/runtime/index.mjs
HighObfuscated
MediumDynamic Requiredist/src/connectors/kdocs-cli.mjs
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowNo License