registry  /  @xopcai/xopc  /  0.0.117

@xopcai/xopc@0.0.117

⚠ Under review

Local-first AI system that remembers context, coordinates AI, and sustains long-term progress.

Static Scan Results

scanned 4d ago · by rust-scanner

Static analysis flagged 24 finding(s) at 86.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
High-risk behavior combination matched malicious policy.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNativeBindingsNetworkShellWebSocket
Supply chain
HighEntropyStringsMinifiedObfuscatedProtestwareUrlStrings
ManifestNo manifest risk signals triggered.
scanned 1,547 file(s), 15.2 MB of source, external domains: 127.0.0.1, 192.168.x.x, accounts.feishu.cn, accounts.google.com, accounts.larksuite.com, api.bing.microsoft.com, api.browser-use.com, api.browserbase.com, api.example.com, api.minimax.io, api.minimaxi.com, api.openai.com, api.search.brave.com, api.skillhub.cn, api.tavily.com, api.telegram.org, api.z.ai, auth.kimi.com, auth.openai.com, backend.composio.dev, bottts.com, brew.sh, chatgpt.com, claude.ai, clawhub.ai, cloakbrowser.dev, cloudcode-pa.googleapis.com, cn.bing.com, console.anthropic.com, console.xopc.ai, creativecommons.org, daily-cloudcode-pa.sandbox.googleapis.com, dashscope-intl.aliyuncs.com, dashscope-us.aliyuncs.com, dashscope.aliyuncs.com, docs.astral.sh, docs.oasis-open.org, example.com, fal.run, fonts.googleapis.com, foo.bar, frp.xopc.ai, gateway.example.com, generativelanguage.googleapis.com, ghfast.top, github.com, go.dev, goo.gle, html.duckduckgo.com, http-intake.logs

Source & flagged code

15 flagged · loading source
dist/gateway/static/root/assets/vendor-codemirror-CNP1wPe7.jsView file
1import{n as e}from"./rolldown-runtime-aKtaBQYM.js";var t=1024,n=0,r=class{constructor(e,t){this.from=e,this.to=t}},i=class{constructor(e={}){this.id=n++,this.perNode=!!e.perNode,th... L2: `){[e,t]=Pn(this,e,t);let r=``;for(let i=0,a=0;i<=t&&a<this.text.length;a++){let o=this.text[a],s=i+o.length;i>e&&a&&(r+=n),e<s&&t>i&&(r+=o.slice(Math.max(0,e-i),t-i)),i=s+1}return...
High
Child Process

Package source references child process execution.

dist/gateway/static/root/assets/vendor-codemirror-CNP1wPe7.jsView on unpkg · L1
dist/src/infra/run-command.jsView file
27], L28: ...process.platform === "win32" ? { shell: process.env.ComSpec && process.env.ComSpec.trim() || "cmd.exe" } : {} L29: });
High
Shell

Package source references shell execution.

dist/src/infra/run-command.jsView on unpkg · L27
dist/gateway/static/root/assets/pdf.worker.min-iDqQPrd3.mjsView file
24* pdfjsBuild = 7e5b36c2d L25: */const e=!("object"!=typeof process||process+""!="[object process]"||process.versions.nw||process.versions.electron&&process.type&&"browser"!==process.type),t=[1/0,1/0,-1/0,-1/0],... L26: /*webpackIgnore: true*/
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/gateway/static/root/assets/pdf.worker.min-iDqQPrd3.mjsView on unpkg · L24
dist/extensions/weixin/src/cdn/upload.jsView file
18logger.debug(`downloadRemoteImageToTemp: fetching url=${url}`); L19: const res = await fetch(url); L20: if (!res.ok) { ... L24: } L25: const buf = Buffer.from(await res.arrayBuffer()); L26: logger.debug(`downloadRemoteImageToTemp: downloaded ${buf.length} bytes`);
Low
Weak Crypto

Package source references weak cryptographic algorithms.

dist/extensions/weixin/src/cdn/upload.jsView on unpkg · L18
dist/src/daemon/schtasks.jsView file
6import { mkdirSync, readFileSync, rmSync, writeFileSync } from "node:fs"; L7: import { spawn, spawnSync } from "node:child_process"; L8: //#region src/daemon/schtasks.ts L9: /** ... L31: ] }); L32: let stdout = ""; L33: let stderr = ""; ... L60: function resolveTaskDaemonDir() { L61: return path.join(os.homedir(), ".xopc", "daemon"); L62: } ... L95: return `<?xml version="1.0" encoding="UTF-16"?> L96: <Task version="1.4" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
Medium
Install Persistence

Source writes installer persistence such as shell profile or service configuration.

dist/src/daemon/schtasks.jsView on unpkg · L6
dist/src/browser/providers/browser-use.jsView file
9* L10: * Connects to a Browser Use-managed session via CDP WebSocket. L11: * Requires `BROWSER_USE_API_KEY` or config-level `apiKey`. ... L24: async connect() { L25: const apiKey = this.config.apiKey || process.env.BROWSER_USE_API_KEY; L26: if (!apiKey) throw new Error("Browser Use API key not configured (set BROWSER_USE_API_KEY or browser.cloudProvider config)"); ... L32: }, L33: body: JSON.stringify({}) L34: }); L35: if (!response.ok) { L36: const errorText = await response.text().catch(() => "unknown"); L37: throw new Error(`Browser Use session creation failed (${response.status}): ${errorText}`);
High
Credential Exfiltration

Source combines credential-like environment material and outbound requests; review data flow before blocking.

dist/src/browser/providers/browser-use.jsView on unpkg · L9
dist/src/agent/memory/builtin-memory-store.jsView file
286{ L287: regex: /authorized_keys/i, L288: id: "ssh_backdoor" ... L305: "‮" L306: ]) if (content.includes(char)) return `Blocked: content contains invisible unicode character U+${char.charCodeAt(0).toString(16).toUpperCase().padStart(4, "0")} (possible injection... L307: return null;
Critical
Persistence Backdoor

Source writes persistence or remote-access backdoor material.

dist/src/agent/memory/builtin-memory-store.jsView on unpkg · L286
dist/gateway/static/root/assets/messages-Cf1O9JB0.jsView file
1var e={agentSettings:JSON.parse(`{"subtitle":"Defaults for models, workspace, sampling, and how responses are shown.","sectionDesc":"Changes are written to your gateway config file... L2: ads.example.net`,regionLabel:`Fallback region`,regionDesc:`Auto uses your system timezone. Override if you are on a VPN or need a specific fallback.`,regionAuto:`Auto (timezone)`,r... L3: ads.example.net`,regionLabel:`兜底地区`,regionDesc:`自动根据系统时区判断。若使用代理或需固定策略,可手动覆盖。`,regionAuto:`自动(时区)`,regionCn:`中国(必应 HTML 兜底)`,regionGlobal:`全球(DuckDuckGo HTML 兜底)`,maxResultsLabel:`...
High
Cloud Metadata Access

Source reaches cloud instance metadata or link-local credential endpoints.

dist/gateway/static/root/assets/messages-Cf1O9JB0.jsView on unpkg · L1
dist/gateway/static/root/assets/xlsx-CKkngM-o.jsView file
141contains invisible/control Unicode U+FEFF (zero width no-break space) `:r.RS,c=s.charCodeAt(0),l=``,u=[],d=r.skipHidden&&e[`!cols`]||[],f=r.skipHidden&&e[`!rows`]||[],p=i.s.c;p<=i.e.c;++p)(d[p]||{}).hidden||(u[p]=J(p));var m=i.s.r,h=!1,g=0;return n._read=function(){if(!h)return h=!0,n.push(`<U+FEFF>`);for(;m<
Critical
Trojan Source Unicode

Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.

dist/gateway/static/root/assets/xlsx-CKkngM-o.jsView on unpkg · L141
dist/src/extensions/health.jsView file
138for (const issue of health.issues) if (issue.includes("node_modules not found")) try { L139: const { spawn } = await import("child_process"); L140: const npm = process.platform === "win32" ? "npm.cmd" : "npm"; ... L147: if (code === 0) resolve(); L148: else reject(/* @__PURE__ */ new Error(`npm install exited with code ${code}`)); L149: });
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

dist/src/extensions/health.jsView on unpkg · L138
skills/tools/webapp-testing/examples/console_logging.pyView file
path = skills/tools/webapp-testing/examples/console_logging.py kind = build_helper sizeBytes = 1027 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

skills/tools/webapp-testing/examples/console_logging.pyView on unpkg
skills/creative/theme-factory/theme-showcase.pdfView file
path = skills/creative/theme-factory/theme-showcase.pdf kind = high_entropy_blob sizeBytes = 124310 magicHex = [redacted]
High
Ships High Entropy Blob

Package ships high-entropy non-source blobs.

skills/creative/theme-factory/theme-showcase.pdfView on unpkg
dist/src/config/schema.d.tsView file
853patternName = generic_password severity = medium line = 853 matchedText = password...rd";
Medium
Secret Pattern

Hardcoded password in dist/src/config/schema.d.ts

dist/src/config/schema.d.tsView on unpkg · L853
1023patternName = generic_password severity = medium line = 1023 matchedText = password...rd";
Medium
Secret Pattern

Hardcoded password in dist/src/config/schema.d.ts

dist/src/config/schema.d.tsView on unpkg · L1023
2219patternName = generic_password severity = medium line = 2219 matchedText = password...rd";
Medium
Secret Pattern

Hardcoded password in dist/src/config/schema.d.ts

dist/src/config/schema.d.tsView on unpkg · L2219

Findings

2 Critical6 High10 Medium6 Low
CriticalPersistence Backdoordist/src/agent/memory/builtin-memory-store.js
CriticalTrojan Source Unicodedist/gateway/static/root/assets/xlsx-CKkngM-o.js
HighChild Processdist/gateway/static/root/assets/vendor-codemirror-CNP1wPe7.js
HighShelldist/src/infra/run-command.js
HighCredential Exfiltrationdist/src/browser/providers/browser-use.js
HighCloud Metadata Accessdist/gateway/static/root/assets/messages-Cf1O9JB0.js
HighRuntime Package Installdist/src/extensions/health.js
HighShips High Entropy Blobskills/creative/theme-factory/theme-showcase.pdf
MediumDynamic Requiredist/gateway/static/root/assets/pdf.worker.min-iDqQPrd3.mjs
MediumNetwork
MediumEnvironment Vars
MediumInstall Persistencedist/src/daemon/schtasks.js
MediumProtestware
MediumShips Build Helperskills/tools/webapp-testing/examples/console_logging.py
MediumStructural Risk Force Deep Review
MediumSecret Patterndist/src/config/schema.d.ts
MediumSecret Patterndist/src/config/schema.d.ts
MediumSecret Patterndist/src/config/schema.d.ts
LowScripts Present
LowWeak Cryptodist/extensions/weixin/src/cdn/upload.js
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings