registry  /  @wujie-shell/core  /  1.0.7

@wujie-shell/core@1.0.7

`@wujie-shell/core` is the runtime and desktop infrastructure layer for `wujie-shell`. It prepares the OpenClaw runtime, generates/syncs OpenClaw configuration, starts the gateway, bridges gateway events, and provides the Electron main/preload implementat

Static Scan Results

scanned 3h ago · by rust-scanner

Static analysis flagged 15 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetwork
Supply chain
HighEntropyStringsMinifiedObfuscatedProtestware
Manifest
NoLicense
scanned 66 file(s), 1.22 MB of source

Source & flagged code

6 flagged · loading source
dist/src/connectors/controller.mjsView file
1const _0x218c50=_0x365d;(function(_0x1a6c09,_0x309a85){const _0x4a0994=_0x365d,_0x5a2568=_0x1a6c09();while(!![]){try{const _0x5adc61=-parseInt(_0x4a0994(0x292))/0x1*(parseInt(_0x4a...
High
Child Process

Package source references child process execution.

dist/src/connectors/controller.mjsView on unpkg · L1
1const _0x218c50=_0x365d;(function(_0x1a6c09,_0x309a85){const _0x4a0994=_0x365d,_0x5a2568=_0x1a6c09();while(!![]){try{const _0x5adc61=-parseInt(_0x4a0994(0x292))/0x1*(parseInt(_0x4a...
High
Command Output Exfiltration

Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.

dist/src/connectors/controller.mjsView on unpkg · L1
dist/src/connectors/kdocs-cli.mjsView file
1(function(_0x18cf3c,_0x423002){const _0x5418a5=_0x3cbb,_0x16b45b=_0x18cf3c();while(!![]){try{const _0x2772c5=parseInt(_0x5418a5(0x11a))/0x1*(-parseInt(_0x5418a5(0xf2))/0x2)+parseIn...
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/src/connectors/kdocs-cli.mjsView on unpkg · L1
dist/src/runtime/index.mjsView file
1const _0x39af49=_0x3b5b;(function(_0x5d284e,_0x2000d1){const _0x1a3f52=_0x3b5b,_0x2aff41=_0x5d284e();while(!![]){try{const _0x40cf60=parseInt(_0x1a3f52(0x24e))/0x1*(parseInt(_0x1a3...
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

dist/src/runtime/index.mjsView on unpkg · L1
1Cross-file remote execution chain: dist/src/runtime/index.mjs spawns dist/src/connectors/kdocs-cli.mjs; helper contains network access plus dynamic code execution. L1: const _0x39af49=_0x3b5b;(function(_0x5d284e,_0x2000d1){const _0x1a3f52=_0x3b5b,_0x2aff41=_0x5d284e();while(!![]){try{const _0x40cf60=parseInt(_0x1a3f52(0x24e))/0x1*(parseInt(_0x1a3...
High
Cross File Remote Execution Context

Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.

dist/src/runtime/index.mjsView on unpkg · L1
dist/bin/wujie-shell.mjsView file
1#!/usr/bin/env node L2: const _0x70ef39=_0x30b3;(function(_0x506a7e,_0x161302){const _0x33f272=_0x30b3,_0x5c8bda=_0x506a7e();while(!![]){try{const _0x537281=parseInt(_0x33f272(0xbb))/0x1+parseInt(_0x33f27...
High
Obfuscated Payload Loader

Source contains an obfuscator-style string-array loader that reconstructs and executes hidden code.

dist/bin/wujie-shell.mjsView on unpkg · L1

Findings

6 High5 Medium4 Low
HighChild Processdist/src/connectors/controller.mjs
HighSame File Env Network Executiondist/src/runtime/index.mjs
HighCommand Output Exfiltrationdist/src/connectors/controller.mjs
HighObfuscated Payload Loaderdist/bin/wujie-shell.mjs
HighCross File Remote Execution Contextdist/src/runtime/index.mjs
HighObfuscated
MediumDynamic Requiredist/src/connectors/kdocs-cli.mjs
MediumNetwork
MediumEnvironment Vars
MediumProtestware
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowNo License